Overview
This guide contains the maximum verified scalability limits for ACI parameters for the Cisco APIC Release 1.1(1j) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 11.1(1j). These values are based on a profile where each feature was scaled to the numbers specified in the tables. These numbers do not represent the theoretically possible ACI fabric scale.
General Scalability Limits
- L2 Fabric: There is no routing, L3 context, nor contract enabled in the L2 fabric profile. A tenant in this profile does not need to be mapped to one dedicated ACI tenant. A tenant can be represented by a set of EPGs instead. To improve the load sharing among APIC controller nodes, you must distribute EPGs and BDs across an ACI tenant.
- L3 Fabric: The ACI L3 fabric solution provides a feature-rich highly scalable solution for public cloud and large enterprise. With this design, almost all supported features are deployed at the same time and are tested as a solution. The scalability numbers listed in this section are multi-dimensional scalability numbers. The fabric scalability numbers represent the overall number of objects created on the fabric. The per-leaf scale numbers are the objects created and presented on an individual leaf switch. The fabric level scalability numbers represent APIC cluster scalability and the tested upper limits. Some of the per-leaf scalability numbers are subject to hardware restrictions. The per-leaf scalability numbers are the maximum limits tested and supported by leaf switch hardware. This does not necessarily mean that every leaf switch in the fabric was tested with maximum scale numbers.
Feature |
L2 Fabric |
L3 Fabric |
Large L3 Fabric |
|||
---|---|---|---|---|---|---|
Number of APIC controllers |
3 |
3 |
5 |
|||
Number of leafs |
80 |
80 |
200 |
|||
Number of spines |
6 |
6 |
6 |
|||
Number of FEXs |
N/A |
8 per leaf, 120 per fabric |
N/A |
|||
Number of tenants |
N/A |
1K |
3K |
|||
Number of Layer 3 (L3) contexts |
N/A |
1K |
3K |
|||
Number of contracts/filters |
N/A |
|
|
|||
Number of endpoint groups (EPGs) |
21K (500 maximum per tenant) |
15K (500 maximum per tenant) |
15K (500 maximum per tenant) |
|||
Number of endpoints (EPs) |
180K |
180K |
180K |
|||
Number of bridge domains (BDs) |
21K |
15K |
15K |
|||
Number of ports, VLANs |
per leaf 48 X 3,500 = 168K |
64K |
64K |
|||
Number of IP longest prefix matches (IP LPMs) (for external connection)
|
N/A |
|
|
|||
Number of BGP + number of OSPF sessions + EIGRP (for external connection) |
N/A |
1,200 |
1,200 |
|||
Number of Multicast groups |
N/A |
8K |
8K |
|||
Number of vCenters |
N/A |
5 |
5 |
|||
Number of Service Chains |
N/A |
600 |
1K |
|||
Number of L4 - L7 devices |
N/A |
30 physical, 1,200 virtual (1,200 maximum per fabric) |
30 physical, 1,200 virtual (1,200 maximum per fabric) |
|||
Number of ESX hosts - VDS |
N/A |
3,200 |
3,200 |
|||
Number of ESX hosts - AVS |
N/A |
3,200 (Only 1 AVS instance per host) |
3,200 (Only 1 AVS instance per host) |
|||
Number of VMs |
N/A |
Depends upon server scale |
Depends upon server scale |
Fabric Topology, SPAN, Tenants, Contexts, External EPGs, Bridge Domains, Endpoints, and Contracts Scalability Limits
Configurable Options |
Per Leaf Scale |
Per Fabric Scale |
|||
---|---|---|---|---|---|
Fabric Topology |
|||||
Maximum number of vPCs |
320 (hif vPC with FEX) |
(Number of leafs /2) X 48 |
|||
Maximum number of encaps per vPC |
1,750 (ports X encap < 64K) If the BD is in classic mode, 48 X 3,500 = 168k port-VLAN combination is supported in the L2 Fabric mode.
|
N/A |
|||
Maximum number of Member Links per vPC |
8 |
N/A |
|||
Maximum number of PCs |
48 |
(Number of leafs) X 48 |
|||
Maximum number of encaps per PC |
1,750 (ports X encap < 64K) |
N/A |
|||
Maximum number of Member Links per PC |
8 |
N/A |
|||
Maximum number of PCs, access ports |
48 |
(Number of leafs) X 48 |
|||
Maximum number of encaps per access port |
1,750 (ports X encap < 64K) |
N/A |
|||
STP |
All VLANs |
N/A |
|||
Maximum number of endpoints (EPs) |
|
180K |
|||
Number of Multicast Groups |
8K |
8K |
|||
Number of IPs per MAC |
256 |
256 |
|||
SPAN |
|
8 fabric sessions per fabric |
|||
Number of ports per SPAN session |
|
N/A |
|||
Number of source EPG/BDs per SPAN session |
280 |
N/A |
|||
Syslog server as Monitoring Station per fabric |
8 supported |
N/A |
|||
SNMP managers as Monitoring Stations per fabric |
10 supported |
N/A |
|||
Tenants |
|||||
Number of Contexts per tenant |
8 |
8 |
|||
Number of application profiles per tenant (or per Context) |
N/A |
N/A |
|||
Contexts (All numbers applicable to dual stack unless explicitly called out) |
|||||
Maximum number of Context |
100 |
N/A |
|||
Maximum number of BDs per Context |
100 |
N/A |
|||
Border Leafs per Context |
N/A |
4 |
|||
Maximum number of LPM Prefixes for External EPG Classification |
1K IPv4 |
N/A |
|||
Maximum number of vzAny Provided Contracts |
16 per Ctx |
N/A |
|||
Maximum number of vzAny Consumed Contracts |
16 per Ctx |
N/A |
|||
Maximum number of L3Outs per Context |
3 |
3 |
|||
Maximum number of Routed, Routed Sub-interface, or SVIs per L3Out |
|
|
|||
Maximum number of Dynamic Routing protocol peers (OSPF, NSSA, or iBGP) |
100 |
N/A |
|||
Maximum number of Static Routes |
|
|
|||
Maximum number of External Routes |
|
|
|||
Maximum number of Secondary (VIP) addresses per L3out |
1 |
1 |
|||
Maximum number of L3 interfaces per Context (SVIs and sub-interfaces) |
32 |
N/A |
|||
External EPGs |
|||||
Number of External EPGs per L3 out |
16 |
N/A |
|||
Bridge Domain |
|||||
Maximum amount of BDs |
1,750 ; if legacy mode, 3,500 ; if Multicast optimized mode then 50 |
15K |
|||
Maximum number of subnets per BD |
16 (cannot be for all BDs) |
16 per BD |
|||
Maximum number of EPGs per BD |
3,499 (cannot exceed 3,500 total) 3499 is supported in hardware but please refer to the per fabric scale for the effective software support for this release. |
N/A |
|||
Number of L2 Outs per BD |
1 |
1 |
|||
Number of BDs with Custom MAC Address |
1,750 If Multicast optimized mode is used, then 50 |
1,750 If Multicast optimized mode is used, then 50 |
|||
Number of Multicast groups |
8K |
8K |
|||
Maximum number of L3Outs per BD |
4 |
N/A |
|||
Number of DHCP relay labels per BD |
2 |
2 |
|||
DHCP relay for secondary subnets in a BD |
No |
No |
|||
Number of external EPGs per L2 out |
1 |
1 |
|||
Endpoint Groups (Under App Profiles) |
|||||
Maximum amount of EPGs |
Normally 1,750 ; if legacy mode 3,500 |
15K |
|||
Maximum amount of encaps per EPG |
1 Static leaf binding, plus 1 Dynamic VMM |
N/A |
|||
Maximum Path encap binding per EPG |
Equals to number of ports on the leaf |
N/A |
|||
Maximum amount of encaps per EPG per port |
One (path or leaf binding) |
N/A |
|||
Maximum number of domains (physical, L2, L3 or VMM) |
2 (1 static (L2, L3, physical), 1 dynamic) |
N/A |
|||
Maximum amount of native encaps |
|
Applicable to each leaf independently |
|||
Maximum amount of 802.1p encaps |
|
Applicable to each leaf independently |
|||
Can encap be tagged and untagged? |
No |
N/A |
|||
Maximum number of Static endpoints per EPG |
Maximum endpoints |
N/A |
|||
Maximum number of Subnets for Inter-context access per tenant |
8 |
N/A |
|||
Maximum number of Taboo Contracts per EPG |
2 |
N/A |
|||
Contracts |
|||||
Security TCAM size |
|
N/A |
|||
Approximate TCAM calculator given contracts and their use by EPGs |
Number of entries in a contract X Number of Consumer EPGs X Number of Provider EPGs X 2 |
N/A |
|||
Maximum number of EPGs providing the same contract |
10 |
10 |
|||
Maximum number of EPGs consuming the same contract |
10 |
10 |
|||
FEX VPC |
|||||
Maximum EPGs behind FEX VPC port |
20 |
N/A |
ALE Type |
ACI-Supported TORs |
---|---|
ALE v1 |
|
ALE v2 |
|
VMM Scalability Limits
Configurable Options |
Per Leaf Scale |
Per Fabric Scale |
|
---|---|---|---|
VMware |
|||
Number of vCenters |
N/A |
5 |
|
Datacenters in a vCenter |
N/A |
2 |
|
Combination of (VMM domain, VMM controller (vCenter/vShield)) |
N/A |
5 |
|
Number of ESX hosts per AVS |
240 |
N/A |
|
Number of EPGs per vCenter/vDS |
N/A |
5K |
|
Number of EPGs to VMware domans/vDS |
N/A |
5K |
|
Number of EPGs per vCenter/AVS |
N/A |
3,500 |
|
Number of EPGs to VMware domains/AVS |
N/A |
3,500 |
|
Number of endpoints (EPs) per AVS |
10K |
10K |
|
Number of endpoints per vDS |
10K |
10K |
|
Number of endpoints per vCenter |
10K |
10K |
|
Support RBAC for AVS |
N/A |
Yes |
|
Support RBAC for vDS |
N/A |
Yes |
|
Microsegmentation/DFW with AVS |
|||
Number of ESX hosts per AVS |
100 |
N/A |
|
Number of Microsegment EPGs |
1K |
N/A |
|
Number of DFW flows per vEth |
10K |
N/A |
|
Number of DFW flows per ESX host |
200K |
N/A |
|
Number of VMM domains per Microsegment EPG |
N/A |
1 |
|
Microsoft |
|||
Number of controllers per SCVMM domain |
N/A |
5 |
|
Number of SCVMM domains |
N/A |
4 |
|
VMM domains for Microsoft (in addition to that of VMware) |
N/A |
5 |
|
EPGs per Microsoft VMM domain |
N/A |
3K |
|
EPGs per all Microsoft VMM domains |
N/A |
9K |
|
EP/VNICs per HyperV host |
N/A |
100 |
|
EP/VNICs per SCVMM |
N/A |
3K |
|
Number of logical switch per host |
N/A |
1 |
|
Number of uplinks per logical switch |
N/A |
4 |
|
Number of Azurepack instances |
N/A |
2 |
|
Number of Azurepack subscriptions |
N/A |
1K |
|
Number of Azurepack users |
N/A |
1K |
|
Number of plans per Azurepack instance |
N/A |
6 |
|
Number of users per plan |
N/A |
200 |
|
Number of subscriptions per user |
N/A |
3 |
|
VM networks per Azurepack user |
N/A |
100 |
|
VM networks per Azurepack instance |
N/A |
3K |
|
Security rules per Azurepack user |
N/A |
6 |
|
Security rules per Azurepack instance |
N/A |
6 |
|
Number of tenant shared services/providers |
N/A |
40 |
|
Number of consumers of shared services |
N/A |
40 |
|
Number of VIPs (Citrix) |
N/A |
50 |
|
Number of VIPs (F5) |
N/A |
50 |
Layer 4 - Layer 7 Scalability Limits
Configurable Options (L4-L7 Configurations) |
Per Leaf Scale |
Per Fabric Scale |
|
---|---|---|---|
Maximum number of L4-L7 logical device clusters |
N/A |
1,200 |
|
Maximum number of graph instances |
N/A |
600 |
|
Maximum number of VIPs per graph instance |
N/A |
1 |
|
Number of device clusters per tenant |
N/A |
30 |
|
Number of interfaces per device cluster |
N/A |
Any |
|
Number of graph instances per device cluster |
N/A |
100 |
|
Deployment scenario for ASA (transparent or routed) |
N/A |
Yes |
|
Deployment scenario for Citrix - One arm with SNAT/etc. |
N/A |
Yes |
|
Deployment scenario for F5 - One arm with SNAT/etc. |
N/A |
Yes |
AD, TACACS, RBAC Scalability Limits
Configurable Options |
Per Leaf Scale |
Per Fabric Scale |
|
---|---|---|---|
Number of ACS/AD/LDAP authorization domains |
N/A |
4 tested (16 maximum /server type) |
|
Number of login domains |
N/A |
15 (can go beyond) |
|
Number of security domains/APIC |
N/A |
15 (can go beyond) |
|
Number of security domains in which the tenant resides |
N/A |
4 (can go beyond) |
|
Number of priority |
N/A |
4 tested (16 per domain) |
|
Number of shell profiles that can be returned |
N/A |
4 tested (32 domains total) |
|
Number of users |
N/A |
8K local / 8K remote |
|
Number of simultaneous logins |
N/A |
500 connections / NGNIX simultaneous REST logins |