Introduction

This document describes the Cisco NX-OS configuration limits for Cisco Nexus 9000 Series switches.

The values provided in this guide should not be interpreted as theoretical system limits for Cisco Nexus 9000 Series hardware or Cisco NX-OS software. These limits refer to values that have been validated by Cisco. They can increase over time as more testing and validation is done.

Verified Scalability Limits - Unidimensional

The following tables in this section list the verified scalability limits of the Cisco Nexus 9000 Series switches for Cisco NX-OS Release 10.5(1)F.

These limits are validated with a unidimensional configuration. The values provided in these tables focus on the scalability of one particular feature at a time.

Each number is the absolute maximum that is currently supported by this Cisco NX-OS release for the corresponding feature. If the hardware is capable of a higher scale, future software releases could increase this verified maximum limit. Results might differ from the values that are listed in this guide when you try to achieve maximum scalability with multiple features enabled.


Note


  1. If only one number is provided, the verified limit applies to all supported platforms and line cards.

  2. Verified limits are provided only for supported platforms.

  3. If a feature is not supported for a particular platform, the verified limit is not provided.



Note


You can deploy up to 500 commands under config-profile.


Cisco Nexus 2000 Series Fabric Extenders (FEX) Straight Through Mode Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Fabric Extenders1 and Fabric Extender server interfaces

Nexus 9300-FX/FX2/FX32 switches

16 and 768

VLANs across all Fabric Extenders

Nexus 9300-FX/FX2/FX32 switches

562

VLANs per Fabric Extender server interface3

Nexus 9300-FX/FX2/FX32 switches

75

Port channels

Nexus 9300-FX/FX2/FX32 switches + FEX

511

1 When FEX configured using "AA" mode, then the maximum number of 6 FEX on the NFE base ToR and 16 FEX for the LSE base ToR are supported.
2 FEX is not supported on Nexus 9348GC-FX3, and 9348GC-FX3PH, 93108TC-FX3, 9332D-H2R, 93400LD-H1, and 9364C-H1 switches.
3 For FEX HIF port channels, Cisco recommends that you enable STP port type edge using the spanning tree port type edge [trunk] command.

ePBR Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Maximum services per switch

Nexus 9300 and 9500 switches

1504

Endpoints per service

Nexus 9300 and 9500 switches

64

ePBR policies per switch

Nexus 9300 and 9500 switches

150

Policies per VRF

Nexus 9300 and 9500 switches

16

Services per chain

Nexus 9300 and 9500 switches

6

Match per policy

Nexus 9300 and 9500 switches

16

Aces per match

Nexus 9300 and 9500 switches

256

4 Only 62 unique ACLs can be configured per slice of ASIC. Each ACL takes one label. If the same ACL is configured on multiple interfaces, the same label is shared. If each ACL has unique entries, the ACL labels are not shared, and the label limit is 62. In order to achieve 150 services per switch with the limitation of 62 ACLs per slice, the ingress interfaces should be spread across multiple slices of ASIC.

Note


  1. For a list of platforms on which ePBR is supported, see the Nexus Switch Platform Support Matrix.

  2. For the ACL limitations, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.


FC and FCoE Switch Level Configuration Limits

Feature

Supported Platforms

Verified Limits

FLOGI per port

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

256

FLOGI per switch

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

1000

Port channels

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

85

Maximum number of member ports in a port channel

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

16

NPV switches per NPIV core switch

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

86

Maximum number of FC ports supported

Nexus 93180YC-FX switches

48

Nexus 93360YC-FX2 switches

96

Nexus 9336C-FX2-E switches

112

VFCs

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

5127

VSANs

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

32

5 The number of SAN port channels and virtual FC port channels, together, can be only 8 on the Cisco Nexus 9000 Series switch.
6 Tested with FC NPV.
7 This is applicable only for the NPV mode.

FC and FCoE Fabric Level Configuration Limits

Feature

Supported Platforms

Verified Limits

Zones

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

8000

Zone members

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

16,000

Zone sets

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

32

Zone database size

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

2 MB

FCNS entries in the fabric

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

10,000

Device Alias

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

8000

Switch hops from server to storage

Nexus 93180YC-FX, 93360YC-FX2, and 9336C-FX2-E switches

7

Intelligent Traffic Director Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Nodes per device group

Nexus 9300-FX switches

64

Nexus X96136YC-R, X9636Q-R, X9636C-R, and X9636C-RX line cards

16

ITD services per switch

Nexus 9300-FX switches

150 8

Buckets per ITD service

Nexus X96136YC-R, X9636Q-R, X9636C-R, and X9636C-RX line cards

64

Nexus 9300-FX switches

256

8 Only 62 unique ACLs can be configured per slice of ASIC. Each ACL takes one label. If the same ACL is configured on multiple interfaces, the same label is shared. If each ACL has unique entries, the ACL labels are not shared, and the label limit is 62. In order to achieve 150 ITD services per switch with the limitation of 62 ACLs per slice, the ingress interfaces should be spread across multiple slices of ASIC.

Note


  • For a list of platforms on which ITD is supported, see the Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide.

  • For the ACL limitations, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.


Interfaces Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

DHCP clients per switch

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

10 (IPv4) + 10 (IPv6)

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

Flex link

Nexus 9300-FX/FX2, and 9364C switches

12 pairs

One pair consists of one each of active and backup interface. The active and backup interface can be either a physical port or port channel.

IP DHCP relay addresses (helper addresses) per interface

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 and Nexus 9808 switches

32 (IPv4) + 32 (IPv6)

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

Generic routing encapsulation (GRE) tunnels

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and 9804 switches

16

Nexus X9716D-GX, Nexus 9700-EX/FX, Nexus X9836DM-A and X98900CD-A line cards

LACP rate fast support during system switchover

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

606 ports in total on Nexus 9516 with 16 line cards

Port channel links

Nexus 9300-FX/FX2/FX39/H2R/H1 and 9804 switches and Nexus 9600-R, 9600-RX, 9700-EX, Nexus X9836DM-A and X98900CD-A line cards

32

SVIs

Nexus 9300-FX/FX2/GX/GX2/H2R/H1 switches and Nexus 9408 switches

1000 (with HSRP)

1000 HSRP groups

Nexus 9300-FX3 switches

510

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

1000 (with HSRP), 1500 (without HSRP)

Nexus 9600-R and 9600-RX line cards

3967

Nexus X9636C-R, X9636Q-R, X9636C-RX and X96136YC-R line cards

350 (with HSRP), 3967 (without HSRP)

Selective Q-in-Q with Multiprovider tag

Nexus 9300-FX/FX2/FX3/H2R/H1 switches and Nexus 9600-R/RX line cards

Per port: 4000 mappings, 10 provider VLANs;

System wide: 48,000 mappings, 512 Provider VLANs

SVI Unnumbered

Nexus 9300-FX/FX2/FX3/GX/GX2 switches

Primary (50); Secondary (450), 1 primary SVI can have a maximum of 50 secondary SVIs

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

vPCs

Nexus 9300-FX/FX39/GX2 switches

80

Nexus 9300-FX2 switches

98

Nexus 9300-GX2 switches

128

Nexus 9300-GX switches

60 (for flat Layer 2 Network)

56 (for L2/L3 Network)

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

300

Nexus 9600-R/RX line cards

255

Nexus X9636C-R, X9636Q-R, X9636C-RX and X96136YC-R line cards

110

Static Network Address Translation (NAT)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

Non-Atomic mode: 1023

Atomic mode: 60% of Non-Atomic scale number is supported.

Dynamic Network Address Translation (NAT)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

Non-Atomic mode: 1023

Atomic mode: 60% of Non-Atomic scale number is supported.

Static twice Network Address Translation (NAT)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

Non-Atomic mode: 580

Atomic mode: 60% of Non-Atomic scale number is supported.

Dynamic twice Network Address Translation (NAT)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

Non-Atomic mode: 875

Atomic mode: 60% of Non-Atomic scale number is supported.

Sub-interfaces

Nexus 9808/9804 switches and Nexus X9836DM-A and X98900CD-A line cards

2000

Nexus 9300-FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

3900

Note

 

It is recommended to configure 60% of the mentioned limits with higher route scale deployments.

Nexus 9300-FX and 9300C switches

1900

Note

 

It is recommended to configure 60% of the mentioned limits with higher route scale deployments.

Port VLAN translations under an interface

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

100

Nexus 9300-FX/FX2/FX39/GX/GX2/H2R/H1 and Nexus 9408 switches

3967

Port VLAN translations in a switch

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

2000

Nexus 9300-FX/FX2/FX39/GX/GX2/H2R/H1 and Nexus 9408 switches

24,000

9 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 10.4(x).

Note


  • The scale for vPC convergence is tested with an LACP supported device connected to the vPC pair link.

  • For interface port-channel configuration, LACP vPC convergence must be enabled. For more details, see the Configuring vPCs section of the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.

  • For vPC domain configuration, the tested time for the delay restore is 150 seconds, the delay restore for interface VLAN is 150 seconds, and the delay restore for orphan ports is 140 seconds. For more details, see the Configuring vPCs section of the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.

  • Above NAT scale numbers are supported provided that enough TCAM resources configured and allocated.


Label Switching Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Forwarding Equivalence Classes (FECs) (Node/Prefix/Adj/Binding SID)

Nexus 9300-FX/FX2/FX310/GX/GX2 switches and Nexus 9700-EX/FX/GX line cards

MPLS Heavy Template: 4096

Default Template: 1024

Nexus 9332D-H2R switches

Default Template: 1024

Nexus 9600-R and 9600-RX line cards

1000

Equal-cost multipaths (ECMPs)

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R switches, and Nexus 9700-EX/FX/GX line cards

32

Nexus 9600-R and 9600-RX line cards

8 - way

Equal-cost multipaths Groups (ECMPs)

Nexus 9300-FX2/FX310, and 9364C switches

MPLS Heavy Template: 12,288 (with 4-way ECMP) and 4096 (with 8-way ECMP)

Default: 1024

Note

 
After the ECMP objects are exhausted, there is a fallback to the adjacency for all further routes.

Nexus 9300-FX/GX/GX2 switches

MPLS Heavy Template and Default Routing Mode: 12,288 (with a 4-way ECMP) and 4096 (with 8-way ECMP)

Note

 
After the ECMP objects are exhausted, there is a fallback to the adjacency for all further routes.

Nexus 9332D-H2R switches

MPLS Heavy Template: 12,288 (with 4-way ECMP)

Nexus 9600-RX line cards

24,000 ECMP Groups 2 paths per ECMP

Note

 
Supported only on Cisco NX-OS Release 9.2(4).

FECs * ECMPs

Nexus 9600-R and 9600-RX line cards

8000

Flex counters for segment-routing in ingress direction

Nexus 9300-FX/FX2/FX310/GX/GX2 and 9300C switches and Nexus 9700-EX/FX/GX line cards

Total ingress label stats: 4000; VRF ingress label stats: 1000; (MPLS Heavy Template)

Flex counters for segment-routing in Egress direction

Nexus 9300-FX/FX2/FX310/GX/GX2 and 9300C switches and Nexus 9700-EX/FX/GX line cards

Total ingress label stats: 48,000 (MPLS Heavy Template)

Egress Peer Engineering

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R and 9300C switches and Nexus 9700-EX/FX/GX line cards

64

IAS option B labels

Nexus 9600-R and 9600-RX line cards

450,000

Label-switched paths (LSPs) for label stack imposition11

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R switches and Nexus 9700-EX/FX/GX line cards

256 (with 32 - way ECMP and 5 label stack push)

Layer 3 VPN routes

Nexus 9600-R and 9600-RX line cards

450,000

Nexus 9332D-H2R switches

400,000 (IPv4 routes)

90,000 (IPv6 routes)

Layer 3 EVPN Labels

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R switches and Nexus 9700-EX/FX/GX line cards

1000 (With MPLS Heavy Template)

LDP session

Nexus 9600-R and 9600-RX line cards12

200

Node Sid/Prefix SID

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R switches and Nexus 9700-EX/FX/GX line cards

4000

Adjacency SID

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R switches and Nexus 9700-EX/FX/GX line cards

112

Binding SID

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R switches and Nexus 9700-EX/FX/GX line cards

1000

SRTE Policy

SRTE policy with PBR

Nexus 9300-FX/FX2/FX310/GX/GX2 and 9364C switches

512 per slice with 4 way ECMP/1024 per slice with 2 way ECMP

Nexus 9332D-H2R switches

512

Number of route-maps with SRTE policy (IPv4/IPv6)

Nexus 9300-FX/FX2/FX310/GX/GX2/H2R and 9364C switches

256 (IPv4) + 256 (IPv6) per slice with 4 way ECMP

10 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS Label Switching Configuration Guide Release 10.4(x).
11 For Cisco Nexus 9300 and 9500 Series switches, LSPs *ECMP* label stack push cannot exceed 1500.
12 Nexus X9636C-RX, X9636C-R, X9636Q-R, and 96136YC-R

Note


For network scalability, Cisco recommends using a hierarchical routing design with multi-hop BGP for advertising the attached prefixes from a top-of-rack (ToR) or border leaf switch.

ECMP group creation will be limited if the next-hop adjacency space is exhausted.


Private VLANs (PVLANs) Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Primary VLANs

Note

 

The 400 PVLAN-mapping scale per PVLAN port is only applicable when port is configured as promiscuous trunk port.

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

16

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches

400

Secondary VLANs

Note

 

The 400 PVLAN-mapping scale per PVLAN port is only applicable when port is configured as promiscuous trunk port.

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

20

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches

400

Ports in Community host mode

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches

40

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

Ports in isolated host mode

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches

40

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

Ports in isolated trunk host mode

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches

40

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

Ports in promiscuous mode

Nexus 9300-FX switches

10

Nexus 9300-FX2/FX3/GX/H2R/H1 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

5

Ports in promiscuous trunk mode

Nexus 9300-FX switches

10

Nexus 9300-FX2/FX3/GX/H2R/H1 switches, Nexus -X9716D-GX, and Nexus 9700-EX/FX line cards

5

PVLANs allowed on a PVLAN port

Note

 

The 400 PVLAN-mapping scale per PVLAN port is only applicable when port is configured as promiscuous trunk port.

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

16

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches

400

Layer 2 Switching Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

MAC addresses

Nexus 9300-FX/FX2/FX313/GX/GX2/H2R/H1 and Nexus 9408 switches

92,000 (default system routing mode)

Nexus 9300-FX/FX2/FX313/GX/GX2/H2R/H1 and Nexus 9408 switches

200,000 (system routing mode L2-heavy) 14

Nexus 9364C switches

90,000 (default system routing mode without system routing Layer 3 scale)

32,000 (default system routing mode with system routing Layer 3 scale)

Nexus X9716D-GX and Nexus 9700-EX/FX line cards

92,000

Nexus 9600-R and 9600-RX line cards

192,000

MST instances

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches and Nexus 9600-R, 9600-RX, Nexus X9716D-GX, and 9700-EX/FX line cards

64

MST PV count with single instances 0

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

190,000

MST virtual ports with more than 1 MST instance

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

48,000

Nexus X9716D-GX and 9700-EX/FX line cards

85,000

Nexus 9600-R and 9600-RX line cards

236,000

RPVST virtual ports (physical ports * VLANs)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

48,000

Nexus X9716D-GX and 9700-EX/FX line cards

65,000

Nexus 9600-R and 9600-RX line cards

13,750

RPVST logical ports (logical ports * VLANs)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

22,000

Nexus X9716D-GX and 9700-EX/FX line cards

45,000

Nexus 9600-R and 9600-RX line cards

13,750

VLANs in MST mode

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches and Nexus X9716D-GX, 9600-R/RX, and 9700-EX/FX line cards

3967 (the remaining 127 VLANs are reserved)

Nexus 92348GC-X switches

3967

VLANs in RPVST mode

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

3967

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

396715

Nexus 9600-R and 9600-RX line cards

250

Total number of VLANs × ports with switch port isolated (3967 VLANs x 48 ports)

Nexus 9300-FX/FX2/FX313/GX/GX2/H2R/H1 switches, and Nexus 9700-EX/FX, and Nexus X9716D-GX line cards

190,000

Total number of VLANs × ports with switch port isolated (3967 VLANs x 144 ports)

Nexus X9636C-R, X9636Q-R, X9636C-RX, and X96136YC-R line cards

571,248

13 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 10.4(x).
14 Layer 2 unidimensional scale only. SVI, Layer 3 interface, and VXLAN VLANs are not supported. 200K MAC is enabled only when " system routing template-l2-heavy" is configured and the system is reloaded.
15 On EOR, support is for 12,000 PV count with 3967 vlans and RPVST with default timers. If 22,000 PV count is needed with 3968 vlans and RPVST, recommended hello timer value is 4 or higher. It is also recommended to tune forward delay and max age accordingly.
16 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 10.4(x).

Note


  • The number of supported VLANs per vPC should be within the MST or RPVST virtual port count that is specified in this table, depending on the topology.

  • The number of supported STP VLAN port instances, for Fabric Extender host interface ports, should be less than 13000.

  • The ports with switch port isolated are only supported on Layer 2 ports. However, on Layer 2 the following port types are not supported:

    • FEX host interfaces

    • FEX host interface port channels

    • PVLAN ports


Multicast Routing Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Egress NAT

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

2000

Ingress NAT

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

2000

Egress and Ingress NAT

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

2000

Unicast to Multicast NAT (UM NAT)

Nexus 9300-FX/FX2 switches

1760

Nexus 9300-FX3/GX/GX2/H2R/H1 switches

2000

IPv4 multicast routes

Note

 
The limits are for a combination of IPv4 and IPv6 multicast routes. Layer 2 multicast entries are a part of the total 120K limits. For example, 110K IPv4 + 2K IPv6 multicast routes + 8K Layer 2 multicast entries.

Nexus 9348GC-FXP switches

8192 (Layer 2 + Layer 3)

Nexus 9700-EX line cards

8192 (Layer 2 + Layer 3); 32,768 (Layer 2 + Layer 3 with system routing template - multicast -heavy mode); 8192 (with system routing template - lpm - heavy mode)

Nexus 9332C and 9364C switches

16,384 (Layer 2 + Layer 3) with the default template and the system routing Layer 3 scale configuration.

Nexus 9300-FX2 switches

8192 (Layer 2 + Layer 3); 32,768 (Layer 2 + Layer 3 with system routing template -multicast -heavy mode); 131,072 (with system routing template -multicast - ext - heavy mode)

Nexus 9700-FX line cards

8192 (Layer 2 + Layer 3); 32,768 (Layer 2 + Layer 3 with system routing template - multicast -heavy mode); 131,072 (with system routing template - multicast - ext - heavy mode) 17

Nexus 9408 switches

8192 (Layer 2 + Layer 3); 32,768 (Layer 2 + Layer 3 with system routing template - multicast -heavy mode); 131,072 (with system routing template - multicast - ext - heavy mode) 18

Nexus 9300-FX/FX3/GX/GX2/H2R/H1

32,768 (Layer 2 + Layer 3 with system routing template - default, multicast -heavy mode); 131,072 (with system routing template - multicast - ext - heavy mode)

Nexus 9600-R and 9600-line cards

32,768 (Layer 3)

Nexus X9716D-GX line card

131,072 (65,536 *,G + 65,536 S,G)

IPv6 multicast routes

Nexus 9300-FX, and 9500 switches

8192 (Layer 3 with system routing template - default, multicast - heavy, multicast - ext - heavy and multicast - heavy, multicast - ext - heavy, dual - stack - multicast)

Nexus 9300-FX2 and 9364C switches

8192 (Layer 3 with system routing template - multicast - heavy mode)

Nexus 9300-FX3 switches and Nexus X9716D-GX line card

8192 (4096 - *, G + 4096 - S,G)

Nexus 9332C and 9364C switches

8192 (Layer 2 + Layer 3 with system routing template - multicast -heavy mode)

Nexus 9348GC-FXP switches

8192 (Layer 2 + Layer 3 with system routing template - multicast - heavy - multicast - ext - heavy mode)

Nexus 9300-GX/GX2/H2R/H1, Nexus 9408 switches

8192

MLD snooping groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches,and Nexus X9716D-GX and Nexus 9700-EX/FX line cards

8192

Multicast FPV

Nexus 9300-FX2 switches

8000 (with system routing template - default), 32,000 (with system routing template - multicast -heavy - multicast - ext - heavy mode)

Nexus 9300-FX/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

IPv4 32,000 (Layer 2 + Layer 3) multicast routes

Outgoing interfaces (OIFs)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

40 (SVI + physical Layer 3) or 256 (physical Layer 3)

Nexus 9600-R and 9600-RX line cards

16 OIFs for 32K mroutes or 287 OIFs for 1000 mroutes

Nexus 9808 switches

256 (physical Layer 3)

IGMP snooping groups

Nexus 9700-EX line cards

8000

Nexus 9300-FX2 switches and Nexus 9700-FX line cards

8000 (with system routing template - default), 16000 (with system routing template - multicast - heavy - multicast - ext - heavy mode)

Nexus 9600-R, 9600-RX, and 9600-R2 line cards

8000

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches, and Nexus X9716D-GX line card

16,000

PIM neighbors

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

250

Nexus 9808 switches

500

Nexus 9600-R, 9600-RX, and 9700-EX/FX line cards

500

MVPN - unidimensional

Multicast VRFs

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

300

Default MDT groups

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

300

MVPN Peers (PIM neighbors) per device

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

900

Maximum number of PEs per VRF

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

200 PEs per VRF with up to 3 VRFs (600 PIM neighbors)

Maximum number of Data MDT groups per VRF on a PE

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

1000

Maximum number of Data MDT groups across all VRFs on a PE

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

10,000

Maximum number of MDT groups across all VRFs on PE

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

10,300 (10,000 Data + 300 default DMT)

Maximum number of Multicast routes on a PE node

Nexus 9600-R and 9600-RX line cards (except the Nexus X96136YC-R line card)

32,000

17 All line cards must have the FX type.
18 All line cards must have the FX type.

Note


  • The IPv4 multicast routes and the IPv4/IPv6 host routes share the same hardware table. Limits are provided for both the default line card mode and the max host line card mode.

  • High availability (graceful restart and stateful switchover) is not supported when unicast or multicast aggressive timers are configured at any scale.


IP Fabric for Media Solution Verified Scalability Limits

Description Verified Limit
NBM-Active Mode Only NBM-Passive Mode Only Mixed Mode
NBM-Active VRF NBM-Passive VRF
Switches 120 32 32
Number of flows 32000 32000 32000
VRFs 16 16 16
Host Policy - Sender 16000 N/A 16000 N/A
Host Policy - Receiver 16000 N/A 16000 N/A
Host Policy - PIM 2000 N/A 2000 N/A
Flow Policy 32000 N/A

32000

N/A
ASM group-range 20 N/A 20 N/A
NBM Static Receiver
Per Switch Maximum (receiver leaf where the static OIF will be programmed) 1500 8000 1500
Per Fabric Maximum 8000 32000 8000
NBM IGMP Receivers
Per Switch Maximum 8000 N/A 8000 N/A
Per Fabric Maximum 24000 N/A 24000 N/A
NBM NAT Flows
Egress-NAT (E-NAT) 2000 2000 1000 1000
Ingress-NAT (I-NAT) 2000 2000 1000 1000
Multicast-Unicast NAT (MU-NAT) 2000 2000 1000 1000
Unicast-Multicast NAT (UM-NAT) 2000 2000 1000 1000
Mixed Mode (E-NAT, I-NAT, MU-NAT, UM-NAT together) 2000 2000 1000 1000
RTP Flow Monitoring with ACL
ACL

128 IPv4 ACL entries or 64 IPv6 ACL entries (total 128 TCAM spaces)

Note

 
With combined IPv4 and IPv6 ACL entries, the scale limit cannot exceed 128 TCAM spaces.

IP Fabric for Media Solution Policer Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

NBM Flow Policers (Slice/System)

Nexus 9300-FX/FX3 switches

1536/1536

Nexus 9300-FX2 switches

1536/3072

Nexus 9300-GX/GX2B switches

1536/6144

Nexus 9300-GX2A switches

1536/12288

Nexus X9636C-R line cards

2048/12288

Nexus X9636Q-R line cards

2048/6144

Nexus X9636C-RX line cards

2048/8192

Nexus X9624D-R2 line cards

2048/8192

Nexus X9836DM-A line cards

700/6300

Nexus 9332D-H2R switches

1536/6144

Nexus 9348GC-FX3 switches

1536/1536

Nexus X98900CD-A line cards

700/4200

Nexus 93400LD-H1, and 9364C-H1 switches

1536/3072


Note


When storm control is enabled on Nexus 9300-FX3/GX/GX2/H2R/H1 Platform Series switches, the maximum supported scale for NBM flow policers is limited to 1534.

For a list of supported platforms, see Cisco Nexus 9000 Series NX-OS IP Fabric for Media Solution Guide.


Programmability Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

gNMI

VRF - Default

Nexus 9300-FX/FX2/FX319/GX/GX2 switches and Nexus 9700-FX line cards

16 concurrent subscriptions

VRF - Management

Nexus 9300-FX/FX2/FX319/GX/GX2 switches and Nexus 9700-FX line cards

16 concurrent subscriptions

VRF - Default and Management

Nexus 9300-FX/FX2/FX319/GX/GX2 switches and Nexus 9700-FX line cards

32 concurrent subscriptions

Paths

Nexus 9300-FX/FX2/FX319/GX/GX2 switches and Nexus 9700-FX line cards

48 paths in a single subscription

Message size

Nexus 9300-FX/FX2/FX319/GX/GX2 switches and Nexus 9700-FX line cards

Less than 12 MB

Aggregate MO's

Nexus 9300-FX/FX2/FX319/GX/GX2 switches and Nexus 9700-FX line cards

150,000

NX-API

See Guidelines and Limitations for NX-API limitations.

Maximum Number of concurrent VSH session

Nexus 9000 switches and line cards

5 concurrent VSH sessions and 5 persistent VSH sessions per worker process.

Number of worker processes in Nginx

Nexus 9000 switches and line cards

4 worker processes

Number of VSH sessions per worker process

Nexus 9000 switches and line cards

A maximum of 5 persistent VSH sessions are supported for each worker process

Maximum response size supported in output

Nexus 9000 switches and line cards

10 MB

Maximum number of concurrent session supported for chunk mode. See Configuring the Message Format and Command Type to know more about chunk mode

Nexus 9000 switches and line cards

2

Maximum size of response supported in chunk mode

Nexus 9000 switches and line cards

After 10.3(1) release, the maximum size supported in chunk mode is the same as the amount of space available in volatile.

DME

Note

 
  • If all the DME features are configured together, it may cause performance issues.

  • Model to CLI Conversion of payload is not supported.

Telemetry

Nexus 92348GC-X switches

4 telemetry receivers can be streamed in parallel

NETCONF

Nexus 92348GC-X switches

2 parallel NETCONF sessions

gNMI/gNOI

Nexus 92348GC-X switches

2 concurrent gNMI/gNOI subscriptions

19 gNMI scale is not qualified on Nexus 9348GC-FX3PH, and 9332D-H2R switches.

QoS Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Class maps per policy map

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, Nexus 9408, and Nexus 9808/9804 switches

128

AFD

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, and Nexus 9408 switches

30 profiles

WRED

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, and Nexus 9408 switches

30 profiles

Nexus 9808/9804 switches

14 Profiles

Ingress 1R2C

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, Nexus 9408, and Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

1280 per ASIC

Ingress

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • 6300 Policer / LC – PMN use case

  • QoS on physical or SI – Limited by 128 unique ACLs / ASIC

Egress 1R2C

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, and Nexus 9408 switches

256

Ingress 2R3C

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, and Nexus 9408 switches

766

Total policy maps

Nexus 9300-GX/GX2/FX2/FX320/H2R/H1, Nexus 9408, Nexus 9808/9804 switches

4000

QoS unique burst profiles

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

4/ASIC

TCAM label

Nexus 9300-FX320

64

20 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide, Release 10.4(x).

Security Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Egress ACLs

Nexus 9600-R line cards

20,000

System ACLs

Nexus 9600-R line cards

4000 TCAM entries in internal TCAM

64,000 TCAM entries in external TCAM

ACL

Nexus 9300-FX/FX2/FX3/GX/GX2 switches

IPv4 Ingress - 3584

IPv6 Ingress - 1792

Nexus 9332D-H2R switches

Total TCAM region size is 14,336 (Default TCAM carving: 10,240 Ingress and 4096 Egress)

  • 4 slice with 8 interface

  • 510 Ingress - RACL per slice

  • 254 Egress - RACL per slice

  • 30 PACL and Egress PACL per slice

Note

 

The maximum TCAM region size that can be carved as ingress or egress is 13056, as ing-sup/egr-sup cannot be carved size=0.

Nexus 93400LD-H1, and 9364C-H1 switches

Total TCAM region size is 14,336 (Default TCAM carving: 10,240 Ingress and 4096 Egress)

2 Slices 0 and 1 (with 33 ports each)

  • 510 Ingress - RACL per slice

  • 254 Egress - RACL per slice

  • 30 PACL and Egress PACL per slice

Optionally, you can carve a flexible TCAM region. However, you can carve it as either ingress or egress only, with a maximum size of 13568.

Nexus 93400LD-H1, and 9364C-H1 switches

Total TCAM region size is 14,336 (Default TCAM carving: 10,240 Ingress and 4096 Egress)

2 Slices 0 and 1

interface 1-32 ->slice 1

interface 33-52 -> slice 0

  • 510 Ingress - RACL per slice

  • 254 Egress - RACL per slice

  • 30 PACL and Egress PACL per slice

Optionally, you can carve a flexible TCAM region. However, you can carve it as either ingress or egress only, with a maximum size of 13568.

Nexus 9808/9804 switches

  • IPv4 Ingress 14,000 per slice

  • RACL on physical or sub-interfaces – Limited by 128 unique ACLs / ASIC

  • 126 Unique labels Ingress IPv4 per ASIC

  • 126 Unique labels Ingress IPv6 per ASIC

  • 14 Unique labels for Egress IPv4 per ASIC

  • 14 Unique labels for Egress IPv6 per ASIC

  • Ingress ACL Group (QOS + RACL) 252 per ASIC

  • Egress ACL Group (RACL) 60 per ASIC

RACL Labels (maximum)

Nexus 9504 and 9508 switches

4000

ACL LOU Threshold Support

Nexus 9500-R line cards

24 LOUs per line card

IPv4 ingress access control entries (ACEs)

Nexus 9600-R and 9600-RX line cards

  • RACL on LC Nexus X9636C-RX: 100,000

  • PACL on LC Nexus X9636C-RX: 12,000

  • RACL-2048, PACL-1024 (without TCAM Carving) IPv4 52,640 ACEs per system

  • PACL IPv4: 1024 TCAM entries in internal TCAM

  • PACL MAC: 2048 TCAM entries in internal TCAM

  • RACL IPv4: 2048 TCAM entries in internal TCAM

IPv6 ingress access control entries (ACEs)

Nexus 9600-R and 9600-RX line cards

  • RACL-1024, PACL-1024 (without TCAM Carving) IPv6 25,200 ACEs per system

  • PACL IPv6: 1024 TCAM entries in internal TCAM

  • RACL IPv6: 1024 TCAM entries in internal TCAM

IPv4 ingress TCAM entries

Nexus 9300-FX/FX2/FX321 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

3582 (per slice of the forwarding engine)

Nexus 9300-GX/GX2 switches

4608

IPv4 egress TCAM entries

Nexus 9300-FX/FX2/FX321/GX/GX2 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

1792 (per slice of the forwarding engine)

Nexus 92348GC-X switches

Ingress - 3072 IPv4, 1792 IPv6

IPv6 ingress TCAM entries

Nexus 9300-FX/FX2/FX321/GX/GX2 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

1792 (per slice of the forwarding engine)

IPv6 egress TCAM entries

Nexus 9300-FX/FX2/FX321/GX/GX2 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

896 (per slice of the forwarding engine)

Nexus 92348GC-X switches

Ingress - 3072 IPv4, 1792 IPv6

Ingress RACLv4

Nexus 9808 switches

9216 per slice

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • Physical: 14,000 per slice

  • Port-Channel: 5000

Ingress QoSv4

Nexus 9808 switches

9216

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • Physical: 9000 per slice

  • Port-Channel: 5000

Ingress SPAN filter v4

Nexus 9808 switches

9216

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

Physical: 14,000 per slice

Egress RACLv4

Nexus 9808 switches

9216

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • Physical: 9000 per slice

  • Port-Channel: 5000

Ingress RACLv6

Nexus 9808 switches

4608 22

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • Physical: 7000 per slice

  • Port-Channel: 2500

Ingress QoSv6

Nexus 9808 switches

4608 22

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • Physical: 7000 per slice

  • Port-Channel: 2500

Ingress SPAN filter v6

Nexus 9808 switches

4608 22

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

Physical: 7000 per slice

Egress RACL v6

Nexus 9808 switches

4608 22

Nexus 9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • Physical: 4500 per slice

  • Port-Channel: 2500

Number of unique ACLs each for RACLv4, RACLv6, QoS, ACL SPAN

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • 127 (per unit) each for ingress and QoS

  • 15 (per unit) each for egress (IPv4 and IPv6 RACL)

Number of unique ACL combinations

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

  • 252 (per unit) for ingress

  • 60 (per unit) for egress

DHCP snooping bindings

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

2048

802.1x

Nexus 9300-FX/FX2/FX3/GX/GX2/H1 switches

1024 hosts

Key Chain Keys Verified Scalability Limits (Unidimensional)

Type-6 Keys

Nexus 9000 Series switches

5000

Type 7 keys

Nexus 9000 Series switches

20,000

21 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.4(x).
22 Each IPv6 ACL is limited to 1000 ACEs. This applies to all IPv6 ACLs (RACL, QoS or SPAN filter). No such limitation applies for IPv4 ACL.

Note


  • The TCAM entries scalability limits also apply to policy-based TCAM entries (PBACLs).

  • Only 62 unique ACLs can be configured. Each ACL takes one label. If the same ACL is configured on multiple interfaces, the same label is shared. If each ACL has unique entries, the ACL labels are not shared, and the label limit is 62.


SRv6 Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

ARP

Nexus 9300-GX/GX2, and Nexus 9408 switches

48,000

Host and LPM IPv4 routes

Nexus 9300-GX/GX2, and Nexus 9408 switches

470,000

Host and LPM IPv6 routes

Nexus 9300-GX/GX2, and Nexus 9408 switches

256,000

Leaf

Nexus 9300-GX/GX2, and Nexus 9408 switches

256

SID DB

Nexus 9300-GX/GX2, and Nexus 9408 switches

2000

SRv6 and VXLAN Peer

Nexus 9300-GX/GX2, and Nexus 9408 switches

256

VRF

Nexus 9300-GX/GX2, and Nexus 9408 switches

1000

ND

Nexus 9300-GX/GX2, and Nexus 9408 switches

24,000

SRv6 Traffic Engineering policies

Nexus 9300-GX/GX2, and Nexus 9408 switches

1000

Number of prefixes (IPv4 and IPv6) that use SRv6 Traffic Engineering policies

Nexus 9300-GX/GX2, and Nexus 9408 switches

50,000

Maximum number of preferences per policy

Nexus 9300-GX/GX2, and Nexus 9408 switches

3

Maximum number of segment lists

Nexus 9300-GX/GX2, and Nexus 9408 switches

3000

Egress NetFlow Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Flow monitors

Nexus 9300-FX/FX2/GX/GX2 switches and 9500 with FX LC cards, 9500-GX LC cards

30 IPv4 flow monitor and each flow monitor with two exporters

28 IPv6 flow monitor and each flow monitor with two exporters

32 Layer 2 Flow monitor and each flow monitor with two exporters

Maximum number of exporters supported per flow monitor is 2

Maximum number of flows in the software table (IPv4 or CE flows)

Nexus 9000 switches

100,000 flows using the show flow cache command on 9500 modular chassis per line card

1,000,000 flows (1 Million) using the show flow cache command on 9300 switches

System Management Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

PTP

PTP ports

Nexus 9300-FX/GX, and 9364C-H1 switches

64 per system

Nexus 93180YC-FX3 and 93180YC-FX3S switches

68 per system

Note

 

Speed: Mixed Speed: 10G/25G/40G/100G - includes soft/physical break-out

Nexus 93108TC-FX3

48 per system

Note

 

Speed: All 1G ports

Nexus 93108TC-FX3P switches

48 per system

Note

 

Speed: All 1G ports

Nexus 9348GC-FX3 switches

48 per system

Note

 

Speed: All 1G ports

Nexus 9332D-H2R switches

128 per system

Note

 

Speed: 4x100G - Only Soft break-out

Nexus 9300-FX2/GX2 switches

144 per system

Nexus 9408 switches

144 per system

32 per LEM

Nexus 9500 switches with 9700-EX/FX line cards

1305 per chassis

The per line card limit is based on the maximum physical ports supported.

Note

 
PTP Offload is supported on 9700-EX/FX line cards.

Nexus 9508 switches with -R line cards

64 per line card

300 per chassis

Note

 
PTP Offload is supported on 9508-R line cards.

Nexus 9500 switches with 9600-RX line cards

128 per line card

512 per chassis

Nexus 93400LD-H1 switches

60 per system

Note

 

Speed: 10G/25G/40G/100G - includes soft/physical break-out ; 50G - Only Soft-breakout

Nexus 9808 switches

64 per line card

512 per chassis

PTP clients per port

Nexus 9300-FX/FX2/FX323/GX/GX2, 9408 and 9808 switches and Nexus 9500 switches with 9700-EX/FX, 9508-R and 9600-RX line cards

4

sFlow

sFlow ports

Nexus 9300-FX/FX2/GX switches

64

Nexus 9300-FX323 switches

30

Nexus 9700-EX/FX line cards

256

Nexus X9716D-GX line card

16

SPAN and ERSPAN

Configurable SPAN or ERSPAN sessions

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches, Nexus 9600-R, 9600-RX, and Nexus X9716D-GX line cards

32

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

10

Active SPAN or ERSPAN sessions24

Nexus 9300-FX/FX2/FX3/GX/H2R/H1 switches, and Nexus 9600-R, 9600-RX, and 9700-EX line cards

4 sessions (per chassis/ToR or based on the number of the line cards in the EoR.25

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

10

Active localized SPAN or ERSPAN sessions per line card26

Nexus 9300-FX/FX2/FX323 switches, and Nexus 9700-EX line cards

4

Nexus 9600-EX/FX line cards

32 sessions across ports on single-line card

Active localized SPAN or ERSPAN session (Rx and Tx, Rx, or Tx)

Nexus 9600-R and 9600-RX line cards

32 sessions, 128 sources, and 1 destination

Source interfaces per SPAN or ERSPAN session (Rx and Tx, Rx, or Tx)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9808/9804 switches, and Nexus 9700-EX, X9716D-GX, X9836DM-A and X98900CD-A line cards

48

Destination interfaces per SPAN session

Nexus 9300-FX/FX2/FX323/GX/GX2 switches, and Nexus 9600-R, 9600-RX, X9716D-GX, and 9700-EX line cards

1 (physical/PO interface)

Note

 

Destination as PO interface is not supported for Nexus X9716D-GX line card.

Nexus 9808/9804 switches, and Nexus X9836DM-A and X98900CD-A line cards

1 Physical only (no PO support).

Source VLANs per SPAN or ERSPAN session

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches, and Nexus 9600-R, 9600-RX, X9716D-GX, and 9700-EX line cards

32

Tap Aggregation

Redirect interfaces in the redirect port list

Nexus 9300-FX/FX2/FX3/GX/H2R

32

Nexus 93400LD-H1, and 9364C-H1 switches

12

Nexus 9500 Merchant Silicon platform switches

12

Nexus X9716D-GX line card

12

Redirect port lists per system

Nexus 9300-FX3/H2R/H1 switches

100

Nexus X9716D-GX line card

12

Deduplication

Nexus 9300-GX/GX2B/FX3/H1

240,000 (maximum supported flows)

Nexus 9300-FX2/GX2A

120,000 (maximum supported flows)

NetFlow

Flow monitors

Nexus 9500 switches with 9700-EX and FM-E fabric line cards

2 flow monitors per type (2 IPv4 flow monitors and 2 IPv6 flow monitors).

1 flow monitor for CE flows

2 exporters for each flow monitor. Hence, a total of 4 different exporters can be configured.

Nexus 9300-FX/FX2/GX/GX2/FX3/H2R switches and 9500 switches with 9700-FX/GX line cards

30 IPv4 flow monitor and each flow monitor with two exporters

28 IPv6 flow monitor and each flow monitor with two exporters

32 Layer 2 Flow monitor and each flow monitor with two exporters

Maximum number of exporters supported per flow monitor is 2

Maximum number of flows in the software table (IPv4 or IPv6 or CE flows)

Nexus 9000 switches

100,000 flows using the show flow cache command on 9500 modular chassis per line card

1,000,000 flows (1 Million) using the show flow cache command on 9300 switches

Maximum number of concurrent flows supported (IPv4 or IPv6 or CE flows)

Nexus 9300-FX/FX2 switches

6000 traffic flows.

By increasing LCPU-PG-SIZE using the following command one can achieve Max 18000 concurrent flows, after modifying LCPU-PG-SIZE, the switch needs reboot after saving configuration

switch(config)# hardware qos lcpu-pg-size ?
  <200-10000>  Pool Group size
 
switch(config)# hard qos lcpu-pg-size  5000
Warning:Reload required for configured PG size to take effect. Save configuration and reload the system.
switch(config)# copy running-config startup-config

In Cisco Nexus Release 9.3(3), the hardware qos command is not supported.

Netflow ingress VRF-id export support

Nexus 9300-FX/FX2/FX323/GX/GX2, Nexus 9300C and 9408 switches and Nexus 9500 switches with EX/FX/GX line cards

500 different VRFs

Flow visibility in Nexus Dashboard Insights and NetFlow

Flow monitors

Nexus 9300-FX/FX2/GX/GX2, Nexus 9408 switches and 9500 with FX/GX line cards

28 IPv4 flow monitor and each flow monitor with two exporters

26 IPv6 flow monitor and each flow monitor with two exporters

Maximum number of flows in the software table (IPv4 or IPv6 flows)

Nexus 9000 switches

20,000 flows using the show flow cache command

Traffic Analytics

Netflow Monitor

Cisco Nexus 9300-FX/FX2/FX3/GX/GX2 switches

30 IPv4 flow monitor and each flow monitor with two exporters

28 IPv6 flow monitor and each flow monitor with two exporters

Interface Filter

Cisco Nexus 9300-FX/FX2/FX3/GX/GX2 switches

32

VRF Filter

Cisco Nexus 9300-FX/FX2/FX3/GX/GX2 switches

100

Maximum number of flows in the software table (IPv4 or IPv6 flows)

Cisco Nexus 9300-FX/FX2/FX3/GX/GX2 switches

400,000

23 Nexus 9348GC-FX3PH switch has feature limitations due to Half Duplex only ports, see Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).
24 A single forwarding engine instance supports four SPAN or ERSPAN sessions. For Cisco Nexus 9300 Series switches, if the first three sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings.
25 If the source interface configured for a monitor session is on the same line card, the maximum supported active SPAN sessions are 4. Based on the number of line cards in the EoR, the total number of active SPAN sessions are 4 x n, where n is the number of line cards on EoR, provided the source and destination interface are on the same line module.
26 The number of SPAN or ERSPAN sessions per line card reduces to two if the same interface is configured as the bidirectional source in more than one session.

NetFlow Scalability Support (Flows)

Feature

Platform

Port Speed

Scale Limit per Slice (Flows)

Export Interval (seconds)

Packets / Flow

Layer 2 Flow monitor

Nexus 9300-FX/FX2/FX323 switches

10G

6000

60

89,000

40G

6000

60

356,000

100G

6000

60

885,000

Nexus 9300-GX switches

10G

6000

60

89,000

40G

6000

60

356,000

100G

6000

60

885,000

Layer 3 Flow monitor (IPv4)

Nexus 9300-FX/FX2/FX323

10G

24,000

60

12,000

40G

24,000

60

54,000

100G

24,000

60

160,000

Nexus 9300-GX switches

10G

24,000

60

12,000

40G

24,000

60

54,000

100G

24,000

60

1,60,000

Layer 3 Flow monitor (IPv6)

Nexus 9300-FX/FX2/FX323

10G

11,000

60

12,000

40G

11,000

60

54,000

100G

11,000

60

160,000

Nexus 9300-GX

10G

11,000

60

12,000

40G

11,000

60

54,000

100G

11,000

60

160,000

NetFlow Scalability Support (Flows) for Cisco Nexus 9500 Family Switches

Feature

Platform

Scale Limit per Slice (Flows)

IP flow monitor

Nexus 9500-EX Line cards

2

IPv6 flow monitor

2

Layer 2 Flow monitor

1

Maximum number of exporters per each flow monitor

2

Flow Scale

24,000 per ASIC slice

IP flow monitor

Nexus 9500-FX Line cards

30

IPv6 flow monitor

28

Layer 2 Flow monitor

1

Maximum number of exporters per each flow monitor

2

Flow Scale

24,000 per ASIC slice

NetFlow SVI Verified Scalability Limits

Platform (VLAN Ports)

SVI

VLAN

SVI + VLAN

IPv4

IPv6

IPv4 + IPv6

IPv4

IPv6

IPv4 + IPv6

IPv4

IPv6

IPv4 + IPv6

Member ports from Cisco Nexus 9300-FX switches

Total interfaces supported in the system

Member ports from Nexus 9300-FX switches (EOR chassis)

474

118

94

474

118

94

237

61

38


Note


The scale numbers are based on the TCAM space available on the Cisco Nexus 9300-FX switches. A IPv4 flow monitor uses 4 TCAM space for the Cisco Nexus 9300-FX switches. Similarly, a IPv6 flow monitor uses 2 TCAM space for the Cisco Nexus 9300-FX switches.

For port channels, SVIs, and VLANs that have port from both 9300-EX and 9300-FX switches, the lower common denominator limit of the 9300-EX and 9300-FX switches is applied.


Unicast Routing Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

IPv4 ARP and IPv6 ND

IPv4 ARP (Default routing template)

Nexus 9364C switches

32,000

Nexus 9600-R, 9600-RX, and 9700-EX/FX line cards

48,000

Nexus 9300-FX2 switches

48,000 (without URPF)

32,000 (with URPF enabled)

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches and Nexus X9716D-GX line card

98,000 (Hash Table: Shared between IPv6 ND, IPv4 ARP)

Nexus 9408 switches

49,152

Nexus 9808 switches

4000

IPv6 ND (Default routing template)

Nexus 9364C, 9300-FX2 switches

32,000 (default), 16,000 (lpm heavy)

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches

98,000 (in default routing mode, Hash Table: Shared between IPv6 ND, IPv4 ARP)

Nexus 9408 switches

32,768

Nexus 9600-R, 9600-RX, and 9700-EX/FX line cards

32,000

Nexus 9808 switches

4000

IPv4 ARP (Internet peering mode)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches and Nexus 9700-EX/FX/GX line cards

32,000 (Hash Table: Shared between IPv6 ND, IPv4 ARP, and protocol learned IPv6 host) over L3 interface and 16,000 over a SVI/VLAN (as the upper limit of the dynamic learned MAC address in the "internet peering" mode is 16,000

Nexus 9408 switches

32,768

IPv6 ND (Internet-peering mode)

Nexus 9300-FX2 switches and Nexus 9700-EX/FX line cards

16,000 (Hash Table: Shared between IPv6 ND, IPv4 ARP, and protocol learned IPv6 host)

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches and Nexus X9716D-GX line cards

32,000 (Hash Table: Shared between IPv6 ND, IPv4 ARP, and protocol learned IPv6 host) over L3 interface and 16,000 over a SVI/VLAN (as the upper limit of the dynamic learned MAC address in the "internet Peering" mode is 16,000

Nexus 9408 switches

16,384

IPv4 ARP (Dual-host mode)

Nexus 9364C switches

64,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

98,000

IPv6 ND (Dual-host mode)

Nexus 9364C switches

64,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

98,000

IPv4 and IPv6 Routes

Default Routing Template

IPv4 host routes 27

Nexus 9364C switches

96,000 (default system routing mode without system routing Layer 3 scale)

128,000 (default system routing mode with system routing Layer 3 scale)

Nexus 9300-FX2 switches

524,000 / 471,000 (without / with URPF enabled)

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches

1,153,000

Nexus 9408 switches

734,003

Nexus 9700-EX/FX line cards

FM-E: 589,000

FM-E2: 589,000

FM-G: 1,000,000

Nexus 9600-R/RX and Nexus X9716D-GX line cards

1,000,000 (default routing template)

Nexus 9808 switches

256,000

IPv6 host routes28

Nexus 9364C switches

48,000 (default system routing mode without system routing Layer 3 scale)

64,000 (default system routing mode with system routing Layer 3 scale)

Nexus 9300-FX2 switches

265,000

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches

628,000

Nexus 9408 switches

412,876

Nexus 9700-EX/FX line cards

FM-E: 32,000

FM-E2: 235,000

FM-G: 235,000

Nexus 9600-RX line cards

256,000

Nexus X9716D-GX line card

235,000

Nexus 9808 switches

64,000

IPv4 LPM routes

Nexus 9364C switches

Default system routing mode without system routing Layer 3 scale:

  • Default values: 8000 (IPv4), 1900 (IPv6), and 2000 (multicast)

  • With hardware profile multicast max-limit lpm-entries 0 configured: 10,000 (IPv4), 1900 (IPv6), and 0 (multicast)

  • With hardware profile ipv6 lpm-entries maximum 0 configured: 14,000 (IPv4), 0 (IPv6), and 2000 (multicast)

  • With hardware profile ipv6 lpm-entries maximum 4096 and hardware profile multicast max - limit lpm - entries 0 configured: 4000 (IPv4), 4096 (IPv6), and 0 (multicast)

  • When you allocate the entire table for IPv4 or IPv6 LPM unicast routes, the other address family cannot be used.

128,000 (default system routing mode with system routing Layer 3 scale)

Nexus 9300-FX switches

1,153,000 / 996,000 (without / with URPF enabled)

Nexus 9300-FX2 switches

524,000 / 471,000 (without / with URPF enabled)

Nexus 9300-FX3/GX/GX2/H2R/H1 switches

1,153,000

Nexus 9408 switches

734,003

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

589,000

Nexus 9600-R line cards

192,000

Nexus 9600-RX line cards

1,000,000

Nexus 9808 switches

400,000

IPv6 LPM routes

Nexus 9364C switches

Default system routing mode without system routing Layer 3 scale

  • Default values: 8000 (IPv4), 1900 (IPv6), and 2000 (multicast)

  • With hardware profile multicast max-limit lpm-entries 0 configured: 10,000 (IPv4), 1900 (IPv6), and 0 (multicast)

  • With hardware profile ipv6 lpm-entries maximum 0 configured: 14,000 (IPv4), 0 (IPv6), and 2000 (multicast)

  • With hardware profile ipv6 lpm-entries maximum 4096 and hardware profile multicast max - limit lpm - entries 0 configured: 4000 (IPv4), 4096 (IPv6), and 0 (multicast)

  • When you allocate the entire table for IPv4 or IPv6 LPM unicast routes, the other address family cannot be used

64,000 (default system routing mode with system routing Layer 3 scale)

Nexus 9300-FX switches

628,000 / 560,000 (without / with URPF enabled)

Nexus 9300-FX2 switches

294,000 / 265,000 (without / with URPF enabled)

Nexus 9300-FX3/GX/GX2/H2R/H1 switches

628,000 / 628,000 (without/with URPF enabled)

Nexus 9408 switches

412,876

Nexus 9500 switches

20,000 (default system routing mode)

4000 (max-host routing mode)

80,000 with no IPv4 routes (64-bit ALPM routing mode)

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

FM-E: 176,000 (/64 prefix length); 3900 (non /64 prefix length)

FM-E2: 235,000 (any prefix length)

FM-G: 235,000

Nexus 9600-R line cards

62,000

Nexus 9600-RX line cards

256,000

LPM Heavy Mode

IPv4 host routes

Nexus 9364C switches

262,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

786,000 / 734,000 (with out/with URPF enabled)

Nexus 9408 switches

1,048,576

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

786,000

Nexus 9808 switches

256,000

IPv6 host routes

Nexus 9364C switches

131,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

442,000 / 412,000 (with out/with URPF enabled)

Nexus 9408 switches

589,824

Nexus 9700-EX/FX line cards

FM-E: 32,000 (shared between IPv6 ND and protocol learned host)

FM-E2: 235,000

FM-G: 235,000

Nexus X9716D-GX line card

235,000

Nexus 9808 switches

64,000

IPv4 LPM routes

Nexus 9364C switches

262,000

Nexus 9300-FX/FX3/FX2/GX/GX2/H2R/H1 switches

786,000 / 734,000 (with out/with URPF enabled)

Nexus 9408 switches

1,048,576

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

786,000

Nexus 9808 switches

900,000

IPv6 LPM routes

Nexus 9364C switches

131,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

442,000 / 412,000 (with out/with URPF enabled)

Nexus 9408 switches

589,824

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

FM-E: 235,000 (/64 prefix length); 3900 (non /64 prefix length)

FM-E2: 235,000 (any prefix len)

FM-G: 235,000

Nexus 9808 switches

250,000

Dual Host Mode

IPv4 host routes

Nexus 9364C switches

163,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

262,000

Nexus 9808 switches

256,000

IPv6 host routes

Nexus 9364C switches

81,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

131,000

Nexus 9808 switches

64,000

IPv4 LPM routes

Nexus 9300-FX and 9364C switches

8000

Nexus 9300-FX2/GX/GX2/H2R/H1, and Nexus 9408 switches

10,000

Nexus 9300-FX3 switches

7000

IPv6 LPM routes

Nexus 9300-FX/FX3, and Nexus 9364C switches

1900

Nexus 9300-FX2/GX/GX2/H2R/H1, and Nexus 9408 switches

3900

Internet Peering Mode

IPv4 host routes

Nexus 9300-FX2 switches and Nexus 9700-EX/FX and 9700-GX line cards

1,000,000

Nexus 9300-FX switches

1,256,000

Nexus 9300-FX3/H2R/H1/GX/GX2 switches

2,000,000

Nexus 9408 switches

1,468,006

IPv6 host routes

Nexus 9300-FX2 switches and Nexus 9700-FX/GX line cards

500,000

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches

628,224

Nexus 9408 switches

412,876

Nexus 9700-EX line cards

16,000 (Hash Table: Shared between IPv6 ND and protocol learned IPv6 host)

IPv4 LPM routes

Nexus 9300-FX2 switches

1,000,000

Nexus 9300-FX switches

1,256,000

Nexus 9300-FX3/GX/GX2/H2R/H1 switches and Nexus 9700 GX line cards

2,000,000

Nexus 9408 switches

1,468,006

Nexus 9700-EX/FX line cards

1,000,000

IPv6 LPM routes

Nexus 9300-FX2 switches

500,000

Nexus 9300-FX/FX3/GX/GX2/H2R/H1 switches

628,224

Nexus 9408 switches

412,876

Nexus 9700-EX line cards

500,000 (Prefix length 48-83) protocol learned

1900 (Prefix length /84-127)

Nexus 9700-FX/GX line cards

500,000 (Prefix length 48-128) protocol learned

Nexus 9500 switches with the FM-E2 fabric line cards

176,000 (Prefix length 0–47 ) protocol learned host

Nexus 9500 switches with the FM-G fabric line cards

500,000

Routes

Nexus 9600-R and 9600-RX line cards

1 Million29

IPv4 routes

Nexus 9600-R and 9600-RX line cards

852,00030

IPv6 routes

Nexus 9600-R line cards

175,00031

Routes

Nexus 9600-R line cards

852,000

IPv4 routes

Nexus 9600-R line cards

781,000

IPv6 routes

Nexus 9600-R line cards

71,000

L3 Heavy Mode

IPv4 LPM routes

Nexus 9600-RX line cards

1,800,000

IPv6 LPM routes (l3-heavy mode)

Nexus 9600-RX line cards

750,000

Unicast Protocols

Bidirectional Forwarding Detection (BFD)

BFD sessions (echo mode)

Nexus 9364C switches

128 when the BFD intervals are set to default, which is 50 ms

2048 when the BFD intervals are relaxed to 300 ms

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

128 when the BFD intervals are set to default, which is 50 ms

2048 sessions when the BFD intervals are relaxed to 300 ms

Nexus 9700-EX/FX line cards

128 when the BFD intervals are set to default, which is 50 ms

2048 sessions when the BFD intervals are relaxed to 300 ms

Note

 

On EoR, per line card session limit will be 256.

Nexus X9716D-GX line card

512 when the BFD intervals are set to default, which is 50 ms

1024 when the BFD intervals are relaxed to 300 ms

Note

 

On EoR, per line card session limit will be 256.

Nexus 9600-R and 9600-RX line cards

288

Nexus 9800 switches (single hop)

1000 (IPv4 and IPv6) sessions when the BFD intervals are relaxed to 300 ms

Note

 

For Nexus 9800 switches, the maximum session limit per L3 port channel and its subinterfaces is 128.

Border Gateway Protocol

BGP neighbors (IPv4 and IPv6 combined)

Nexus 92348GC-X switches

141

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

1024

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

2000

Nexus 9600-R, 9600-RX and 9600-R2 line cards

1024

Nexus 9808 switches

1000 (IPv4 and IPv6)

HSRP

HSRP groups

Nexus 9600-R/RX line cards

490

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

1000 32

Nexus 9700-EX/FX switches and Nexus X9716D-GX line cards

1000 (virtual MAC address support)33

Nexus 9600-R and 9600-RX line cards

16 (Maximum 16 groups because 16 is the unique virtual MAC address limit)

EIGRP

EIGRP routes

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, 9808 switches

20,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

50,000

EIGRP neighbors

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, 9808 switches

256

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

2000

IS-IS

IS-ISv4 adjacencies (either L1, L2, or sum of L1 and L2 with default timers)

Nexus 9364C, and 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

255

IS-ISv4 BFD sessions (with default timers)

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

255

IS-ISv4 routes

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

10,000

Groups

Groups with default timers (3s/10s) and multiple group optimizations. [There are 2 primary, one for IPv4 and the other for IPv6, and 7926 secondary]

Nexus X9636C-R/RX and X9636Q-R line cards

7928

Groups with aggressive timers (1s/3s) and multiple groups optimization. [There are 2 primary, one for IPv4 and the other for IPv6, and 7926 secondary]34

Nexus X9636C-R/RX and X9636Q-R line cards

7928

Groups per interface or I/ module

Nexus X9636C-R/RX and X9636Q-R line cards

Maximum 16 (Because 16 is the unique virtual MAC address limit)

OSPFv2 and OSPFv3

OSPFv2/OSPFv3 LSA/LSDB size

Nexus 9600-R and 9600-RX line cards

250,000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9364C, and 9808 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

100,000

OSPFv2/OSPFv3 areas

Nexus 9600-R and 9600-RX line cards

200

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9364C, and 9808 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

100

OSPFv2/OSPFv3 neighbors

Nexus 9600-R, 9600-RX, Nexus X9716D-GX, and 9700-EX/FX line cards

1000

Nexus 9364C, and 9300-FX3/GX2/H2R/H1, and 9808 switches

256

Nexus 9300-FX/FX2/GX

650

Static Routes

IPv4 Static routes

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and 9808 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

8000

IPv6 Static routes

Nexus 9364C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and 9808 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

8000

Virtual Routing and Forwarding

VRFs

Nexus 9364C, and 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and 9808 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

1000

Nexus 9600-R and 9600-RX line cards

3967

Policy Based Routing

Configured sequences per policy

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and 9408, 9800 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

128

Next-hop addresses per policy

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and 9408, 9800 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

32

IPv4 ACEs (unidimensional)

Nexus 9300-FX/FX2/FX3/GX/GX2/H1 and 9408 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

3582 (per network forwarding engine)

Nexus 9800 switches

14,000

IPv6 ACEs (unidimensional)

Nexus 9300-FX/FX2/FX3/GX/GX2/H1 and 9408 switches

1792 (per network forwarding engine)

IPv4 and IPv6 ACEs

Nexus 9300-FX/FX2/FX3/GX/GX2/H1 and 9408 switches

1024 IPv4 + 128 IPv6

Nexus 9700-EX/FX/GX line cards

1024 IPv4

Interfaces with PBR policy

Nexus 9300-FX3/GX/GX2/H2R/H1 switches

510

Nexus 9300-FX/FX2, 9408, 9800 switches and Nexus 9700-EX/FX line cards

512

Nexus X9716D-GX line card

256

VRRP

VRRP groups per interface or I/O module

Nexus 9364C, and 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches, and Nexus 9700-EX/FX and Nexus X9716D-GX line cards

250

VRRPv3 groups per interface

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches and Nexus 9700-EX/FX line cards

255

Nexus X9716D-GX line card

250

VRRPv3 groups with default timers (1 s)

Nexus 9700-EX/FX line cards

490

Nexus 9300-FX/FX2/FX3 switches

255

Nexus 9300-GX/GX2/H2R/H1 switches and Nexus 9700-GX line cards

250

VRRPv3 groups with relaxed timers (3 s)

Nexus 9700-EX/FX line cards

490

Nexus 9300-FX/FX2/FX3 switches

255

Nexus 9300-GX/GX2/H2R/H1 switches and Nexus 9700-GX line cards

250

Pathways with one VRRPv3 group with default timer (1 s)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches and Nexus 9700-EX/FX line cards

489

VRRPv3 groups and pathways combined

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches and Nexus 9700-EX/FX line cards

490

Nexus X9716D-GX line card

250

ECMP Scale

ECMP Paths - IPv4 (internet-peering mode)

Nexus 9300-FX/FX3/GX/GX2, and Nexus 9408 switches

16

ECMP Paths - IPv6 (internet-peering mode)

Nexus 9300-FX/FX3/GX/GX2, and Nexus 9408 switches

16

ECMP Paths (IPv4 and IPv6 Unicast Address-family)

Nexus 9300-FX/FX2/FX3/FXP/GX/GX2/H2R/H1, 9408, and 9808 switches, and Nexus X9716D-GX line cards

12835

Nexus 9504/9508 switches with -R/RX line cards and

64

ECMP Groups

Nexus 9808 switches

4000

Dynamic Load Balancing Enabled ECMP

Maximum DLB Enabled ECMP Groups

Nexus 9300-FX3/GX/GX2/H2R/H1

128

Internet Peering ECMP

Maximum ECMP paths (Route scale: 1,800,000 million IPv4 + 200,000 IPv6 LPM routes)

Nexus 9300-GX/GX2/H2R/H1

Note

 

Required RAM 64 GB

32

Nexus 9300-FX3/GX/GX2/H2R/H1

Note

 

Required RAM 32 GB

16

27 The hash table is subject to collisions. Depending on the host route pattern, collisions might occur.
28 The hash table is subject to collisions. Depending on the host route pattern, collisions might occur.
29 Contains internet peering profile with additional IPv4 and IPv6 routes.
30 Internet profile with additional IPv4 routes (total of 914K routes consisting of IPv4 and 62K of IPv6)
31 Internet profile with additional IPv6 routes (total of 871K routes consisting of IPv6 and 696K of IPv4)
32 If you have more than 490 groups, then only one group per SVI. SVIs cannot have a user defined MAC or any VRRP group with it.
33 If you have more than 490 groups, then only one group per SVI. SVIs cannot have a user defined MAC or any VRRP group with it.
34 If the user has Multi-protocol configuration, user should configure appropriate CoPP policies to avoid any control plane traffic drops.
35 128-way ECMP paths are not supported for MPLS, VXLAN, and L3 tunnels. Resilient hashing is not supported on Cisco Nexus 9808 switch for routing, PBR and Port-channel.

Note


  • With IPv6 scale, traffic loss could be there for a few seconds during switchover.

  • The maximum number of PBR next-hops based on 4 FM-E supported is 192 per slice of the forwarding engine

    • The IPv4/IPv6 host routes and the IPv4 multicast routes share the same hardware table. Limits are provided for both the default line card mode and the max host line card mode.

    • The IPv4 and IPv6 unicast routes share the same hardware table. Limits are provided for both the default line card mode and the max host line card mode.

    • High availability (graceful restart and stateful switchover) is not supported when unicast or multicast aggressive timers are configured at any scale.


Guidelines and Limitations for OSPF Verified Scalability Limits

  • To achieve the highest scale, we recommend that you use a single OSPF instance instead of multiple instances.

  • Each OSPFv2 and OSPFv3 scale value might vary when combined with other parameters.

  • The graceful restart timeout value might be increased in multidimensional scenarios.

RIPng Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

RIPng Neighbors

Nexus 9300 and 9500 switches

250

RIPng Routes

Nexus 9300 and 9500 switches

1500

PVLAN VXLAN Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

Primary VLANs

Nexus 9300-FX/FX2/FX3/H2R switches

16

Secondary VLANs

Nexus 9300-FX/FX2/FX3/H2R switches

20

Ports in community host mode

Nexus 9300-FX/FX2/FX3/H2R switches

40

Port in Isolated host mode

Nexus 9300-FX/FX2/FX3/H2R switches

40

Ports in isolated trunk mode

Nexus 9300-FX/FX2/FX3/H2R switches

40

Ports in promiscuous mode

Nexus 9300-FX/FX2/FX3/H2R switches

5

PVLANs allowed on a PVLAN port

Nexus 9300-FX/FX2/FX3/H2R switches

16


Note


The above scale numbers are applicable for both IPv4 and IPv6 Underlay. However, for Nexus 9300-H2R switches the above scale is applicable only for IPv4 Underlay.

VXLAN Verified Scalability Limits

Feature

Supported Platforms

Verified Limits

VTEP Peers36

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, 9700-EX/FX, and X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

512 (with Multicast underlay for L2VNIs)

1100 (with Ingress Replication for L2VNI)

Nexus 9600-R, 9600-RX line cards

256

Underlay multicast groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

512

Maximum policy scale or number of VNIs to which a policy can be applied

Nexus 9300-FX2/FX3/GX/GX2/H2R/H1 switches, and Nexus 9408 switches

510

Note

 

The default scale is 60 on Nexus 9300-FX2 ToR switches. To increase the scale to 510, use the hardware access-list tcam label ing-racl 9 command.

Nexus 9300-FX platform switches and Nexus 9700-FX and 9700-GX line cards

60

IGMP snooping over VXLAN

VXLAN VLANs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and X9716D-GX line cards

1000

Multi-Site 37

Asymmetric VNIs per peer

Nexus 9332C, 9364C, 9300-FX/FX2/FX3/FXP/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

3900

Number of Tunnel Encryption sessions

Nexus 9300, 9336C-FX2, 93240YC-FX2, 93360YC-FX2, 93216TC-FX2, 93180YC-FX3, and 93108TC-FX3P switches 39

12838

Number of BGWs per site for Secure VXLAN EVPN Multi-Site using CloudSec

Nexus 9336C-FX2/FX3, 93240YC-FX2/FX3, 93360YC-FX2/FX3, 93216TC-FX2/FX3, 9332D-GX2B switches 39

6 per 10 sites

Number of sites

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, 9332C, 9364C, 9500 switches, and Nexus 9700-EX/FX/GX line cards

128

Number of sites for Secure VXLAN EVPN Multi-Site using CloudSec

Nexus 9300-FX2/FX339/GX2 switches

10 sites

Number of sites for TRM

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, 9332C, 9364C switches and Nexus 9700-EX/FX/GX line cards

16 sites

Number of BGWs per site40

Nexus 9332C and 9364C switches and Nexus 9700-EX/FX/GX line cards

4 (Anycast), 2(vPC)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

6 (Anycast), 2 (vPC)

Number of BGWs per site with TRM enabled

Nexus 9332C, 9364C, 9500 switches and Nexus 9700-EX/FX/GX line cards

2 (Anycast), 2 (vPC)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

6 (Anycast), 2 (vPC)

Number of Cloudsec Security Associations for Secure VXLAN EVPN Multi-Site using CloudSec sessions

Nexus 9300-FX2/FX339/GX2 switches

128 41

Multisite-PIP ECMP

Nexus 9300-FX2/FX339/GX/GX2 switches

100042

VTEPs per Site

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

512

Multi-Site with PIP (Anycast BGWs)

Nexus 9300-EX/FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

L2VNI: 2000

L3VNI: 900

Multi-Site with PIP (vPC BGWs)

Nexus 9300-FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

L2VNI: 2000

L3VNI: 900

Tenant Route Multicast Layer 3 Mode with VXLAN BGP eVPN

VXLAN Layer 2 VNI

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

1000

VXLAN Layer 3 VNI/VRFs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX and X9836DM-A and X98900CD-A line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

250

VTEP Peers

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

254

Underlay Multicast Group (PIM ASM Underlay)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-EX/FX/GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

51243

Total Multicast routes (PIM ASM & PIM SSM)

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus 9700-FX/GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

32,000

Nexus 9300-FX2 switches and Nexus 9700-EX line card

8000

VXLAN Flood and Learn

Virtual network identifiers (VNIs) or VXLAN-mapped VLANs

Nexus 9600-R and 9600-RX line cards

2000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, Nexus 9700-EX/FX switches, and Nexus X9716D-GX line cards

3900

Underlay multicast groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

512

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

Overlay MAC addresses

Nexus 9300-FX switches

90,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

Nexus 9300-FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

60,000

Ingress replication peers 44

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

512

Nexus 9700-EX/FX and Nexus X9716D-GX line card

Ingress replication Layer 2 VNIs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

1000

Nexus 9700-EX/FX and Nexus X9716D-GX line card

MAC addresses for ingress replication

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

90,000

Nexus 9700-EX/FX and Nexus X9716D-GX line card

1000

Port VLAN translations under an interface

Nexus 9700-EX/FX and Nexus X9716D-GX line card

100

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

3967

Port VLAN translations in a switch

Nexus 9700-EX/FX and Nexus X9716D-GX line card

2000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

24,000

Static MAC addresses pointing to a remote VTEP

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

1000

Nexus 9700-EX/FX and Nexus X9716D-GX line card

2000

VXLAN VLANs per FEX port (host interface)

Nexus 9300-FX2/FX339/GX/GX2, and Nexus 9408 switches

75

Layer 2 routed VNIs for vPC-centralized gateway

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

450

Nexus 9700-EX/FX and Nexus X9716D-GX line card

IGMP groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

8192

Nexus 9700-EX/FX and Nexus X9716D-GX line card

Port Multi-VLAN Mapping45

Nexus 9300-FX2/GX/GX2/H2R/H1 switches

51046

Nexus 9300-FX switches

36847

VXLAN BGP eVPN

Layer 2 VNIs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

48

3900 49

Nexus 9600-R and 9600-RX line cards

2000

Xconnect VLANs

Nexus 9332C, 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

40

SVI with Distributed Anycast Gateway; Layer 2 VNI extended

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, and Nexus X9716D-GX line cards

3900

Nexus 9700-EX/FX switches

1000

Layer 3 VNIs / VRFs50

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

51

2000 52

Nexus 9600-R and 9600-RX line cards

900

Nexus 9700-EX/FX line cards

750

Underlay multicast groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

512

VTEPs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9600-R, 9600-RX, 9700-EX/FX and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

512 (with Multicast underlay for L2VNIs)

1100 (with Ingress Replication for L2VNI)

Note

 

For VTEPs with a scale of 1100, ensure that the buffer size is set to very-high to avoid loss due to log throttling. For configuration details, see Configuring Event History Size for L2RIB.

ARP

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

96,000

Note

 

To scale ARP, use system routing template-dual-stack-host-scale command and reload the switch.

ND

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

96,000

Note

 

To scale ND, use system routing template-dual-stack-host-scale command and reload the switch.

MAC addresses

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

96,000

Note

 

To scale MAC addresses, use system routing template-dual-stack-host-scale command and reload the switch.

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

90,000

Port VLAN translations under an interface (IPv4 and IPv6 Underlay)

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

100

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

3967

Port VLAN translations in a switch (IPv4 and IPv6 Underlay)

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

2000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

24,000

IPv4 host routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

471,000

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

128,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

656,000

Nexus 9600-R and 9600-RX line cards

128,000

IPv6 host routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

265,000

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

64,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

34,000

Nexus 9600-R and 9600-RX line cards

32,000

Overlay IPv4 LPM routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

471,000

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

440,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

656,000

Overlay IPv6 LPM routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

265,00053

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

206,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

174,00054

Overlay IPv6 ND Suppression cache

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches

64,000

IGMP groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

8192

BGP sessions at BGW

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

4000

VXLAN BGP eVPN Ingress Replication

Layer 2 VNIs

Nexus 9600-R and 9600-RX line cards

2000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, 9700-EX/FX switches and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

3900

Xconnect VLANs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

40

Selective Qinvni with multiprovider tag (IPv4 and IPv6 Underlay)

Nexus 93180YC-FX, 9336C-FX2, Nexus 9300-FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

Port level: 4000 mappings, 10 provider VLANs;

System wide: 48,000 mappings, 512 Provider VLANs

SVI with Distributed Anycast Gateway; Layer 2 VNI extended

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

3900

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

1000

Layer 3 VNIs / VRFs55

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

2000

Nexus 9600-R and 9600-RX line cards

900

Nexus 9700-EX/FX line cards

750

VTEPs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

512 (with Multicast underlay for L2VNIs)

1100 (with Ingress Replication for L2VNI)

MAC addresses

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

90,000

Port VLAN translations under an interface

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

100

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

3967

Port VLAN translations in a switch

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

2000

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 and Nexus 9408 switches

24,000

IPv4 host routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

471,000

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

128,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

656,000

IPv6 host routes

Nexus 9300-FX/FX2/GX/GX2/H2R/H1, and Nexus 9408 switches

265,000

Nexus 9300-FX3 switches

500,000

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

64,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

34,000

Overlay IPv4 LPM routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

471,500

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

440,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

656,000

Overlay IPv6 LPM routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, and Nexus 9408 switches

265,00056

Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards

206,000

Nexus 9700-EX/FX and Nexus X9716D-GX line cards

174,00057

IGMP groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408 switches, Nexus 9700-EX/FX and Nexus X9716D-GX line cards

8192

VXLAN and IP-in-IP Tunneling

IP-in-IP tunnels

Nexus 9300-FX2 switches

16

VXLAN Static Tunnels

VNIs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, and 9364C switches

100

VRFs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, and 9364C switches

100

VTEP peers

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, and 9364C switches

254

V4 routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, Nexus 9408, and 9364C switches

10,000

First Hop Security

DHCP snooping bindings

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1 switches, Nexus X9716D-GX and Nexus 9700-EX/FX line cards

2048

Security Groups (Micro-Segmentation with VXLAN GPO)

Note

 

This feature is supported only with security-groups template.

Endpoint Security Group (ESG) selectors

Nexus 9300-FX3/GX/GX2 switches

8000

Total Security Group ACL Entries

Nexus 9300-FX3/GX/GX2B switches

64,000

Nexus 9300-GX2A switches

32,000

IPv4/IPv6 Trie (Shared)

Nexus 9300-FX3/GX/GX2B switches

320,000

Nexus 9300-GX2A switches

128,000

IPv4 host routes

Nexus 9300-FX3/GX switches

56,000

Nexus 9332D-GX2B switches

67,000

Nexus 9300-GX2A switches

22,000

IPv6 host routes

Nexus 9300-FX3/GX switches

24,000

Nexus 9332D-GX2B switches

28,000

Nexus 9300-GX2A switches

10,000

MAC addresses

Nexus 9300-FX3/GX/GX2B switches

67,000

Nexus 9332D-GX2B switches

44,000

Nexus 9300-GX2A switches

33,000

IPv4 Multicast

Nexus 9300-FX3/GX/GX2 switches

32,000

IPv6 Multicast

Nexus 9300-FX3/GX/GX2 switches

8000

MPLS Labels

Nexus 9300-FX3/GX/GX2 switches

16,000

ECMP Groups

Nexus 9300-FX3/GX/GX2 switches

24,000

ECMP Members

Nexus 9300-FX3/GX/GX2B switches

128,000

Nexus 9300-GX2A switches

64,000

Next Hops

Nexus 9300-FX3/GX/GX2B switches

96,000

Nexus 9300-GX2A switches

48,000

Multicast RPF

Nexus 9300-FX3/GX/GX2 switches

32,000

36 In case of IR, each VNI can have a max of 64 peers.
37 All the other BGW numbers (number of supported L2VNIs, L3VNIs, MAC addresses, IP addresses, and so on) match the values supported on a generic VXLAN EVPN VTEP node.
38 Total number of Cloudsec Security Associations in hardware = 128 (M *N*L) where (M = no. of Cloudsec peers, N = no. of uplinks on each Cloudsec endpoint, L is number of border gateway nodes)
39 This feature is not supported on Nexus 9348GC-FX3, 9348GC-FX3PH, 9332D-H2R and 93108TC-FX3 switches.
40 Multi-Site enabled with TRM supported number of L2VNIs –1000 and L3VNIs –100. Maximum supported multicast underlay and overlay route is 8000. From Cisco NX-OS Release 10.2(3), Multi-Site enabled with TRM supported number of L3VNIs –250. Maximum supported multicast underlay and overlay route is 32000 for Nexus 9700-FX/FX3/GX/GX2 and 8000 for Nexus 9700-EX/FX2 and Nexus 9508.
41 Total number of Cloudsec Security Associations in hardware = 128 (M *N*L) where (M = no. of Cloudsec peers, N = no. of uplinks on each Cloudsec endpoint, L is number of border gateway nodes)
42 Number of vrfs * number of sites = 1000
43 VXLAN underlay and overlay multicast routes shares the same hardware table. Maximum Multicast routes is 8000 in the default mode. If you want more overlay route scale, reduce the underlay multicast control group.
44 In case of IR, each VNI can have a maximum number of 64 peers; 512 peers supported on 100 VNIs only.
45 Only one provider VLAN is supported.
46 The maximum number of Layer-2 subinterfaces is based on the available entries allocated for ing-pacl-sb tcam region.
47 Since Nexus 9300-FX have only one slice, the maximum number of Layer-2 subinterfaces that can be created is lower than the limit for Nexus 9300-FX2.
48 The full scale of 3900 L3VNI is only supported on the platforms with >24G memory. Nexus 93240YC-FX2, 93360YC-FX2, 93216TC-FX2, 93108TC-FX3P, 93180YC-FX3 would require add-on memory to support extended 3900 L3VNI scale. Nexus N9K-C9358GY-FXP and N9K-C92348GC-X can not support extended scale.
49 Switches running scaled deployment, including scaled BGP EVPN VXLAN VNI, the memory alert may be seen during Non-Disruptive ISSU as the default system memory threshold has been lowered beginning with Cisco NX-OS Release 10.3(3)F release. To avoid system reacting to critical memory alert, before upgrade configure higher value for system memory thresholds. For example: Set system memory thresholds as 90 for minor, 94 for severe, and 95 for critical.
50 ECMP objects are not shared across multiple VRFs.
51 The full scale of 2000 L3VNI is only supported on the platforms with >24G memory. Nexus 93240YC-FX2, 93360YC-FX2, 93216TC-FX2, 93108TC-FX3P, 93180YC-FX3 would require add-on memory to support extended 2000 L3VNI scale. Nexus N9K-C9358GY-FXP and N9K-C92348GC-X can not support extended scale.
52 Only 26,000 (peer, L3VNI) adjacencies are supported for Nexus 9808/9804 switches with X9836DM-A and X98900CD-A line cards.
53 All /64 routes + 4000 for non /64 routes.
54 All /64 routes + 4000 for non /64 routes.
55 ECMP objects are not shared across multiple VRFs.
56 All /64 routes + 4000 for non /64 routes.
57 All /64 routes + 4000 for non /64 routes.

Tetration Verified Scalability Limits

Feature

Supported Platforms

Verified Limit

TCAM size

9300-FX switches

1024 entries

IPv4 –2 entries per rule (ICMP and IP)

IPv6 –8 entries per rule (4 entries per ICMP and IPv6 for a total of 8 entries)

24 entries out of 1000 is consumed for default.

TCAM

Nexus 9300-FX switches

500 (IPv4) or 125 (IPv6)

The entire Cisco Tetration Analytics documentation set is available at the following URL: https://www.cisco.com/c/en/us/support/data-center-analytics/tetration-analytics/tsd-products-support-series-home.html

Verified Scalability Limits - Multidimensional

The tables in this section list the verified scalability limits for the Cisco Nexus 9000 Series platform switches. These limits are validated with a multidimensional configuration. The values provided in these tables focus on the scalability of all listed features at the same time.

For each corresponding feature, the number given is the absolute maximum currently supported in this release. If the hardware is capable of a higher scale, future software releases might increase this verified maximum limit. Results might differ from the values listed here when trying to achieve maximum scalability with multiple features enabled.


Note


These numbers are not the maximum verified values if each feature is viewed in isolation. For these numbers, see the corresponding "Verified Scalability Limits" section.
Table 1. eBGP/IS-IS Profile Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

Number of 100G ports

288

ECMP

16-way (Upstream)

BGP neighbors

960

BGP IPv4 /32 unicast routes

30,000

BGP IPv4 VLSM unicast routes

18,000

BGP IPv6 /128 unicast routes

16,000

BGP IPv6 VLSM unicast routes

1000

IS-IS v2 neighbors

255

IS-IS v3 neighbors

255

IS-IS Layer 2 adjacency

16

IS-IS IPv4 /32 unicast routes

20,000

IS-IS IPv4 VLSM unicast routes

1000

IS-IS IPv6 /128 unicast routes

20,000

IS-IS IPv6 VLSM unicast routes

1000

BFD sessions

272

PIM neighbors

256

ACL ACEs

15,000

500

Sub-interfaces

712

SPAN sessions

1 local SPAN session

Multicast SSM

20,000

Table 2. iBGP/OSPF Profile Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

Number of 100G ports

180

Number of 40G ports

108

ECMP

8-way (Upstream)

BGP neighbors

8

BGP IPv4 VLSM unicast routes

40,000

BGP IPv6 VLSM unicast routes

10,000

OSPFv2 neighbors

108

OSPFv3 neighbors

30

OSPF IPv4 /32 unicast routes

100,000

OSPF IPv4 VLSM unicast routes

155,000

OSPFv3 IPv6 /128 unicast routes

1000

OSPFv3 IPv6 VLSM unicast routes

9000

BFD sessions

108

VRF

250

PIM neighbors

108

IPv4 (*,G) multicast routes

2000

IPv4 (S,G) multicast routes

10,000

ACL ACEs

500 (IPv4)

500 (IPv6)

SPAN sessions

1 local SPAN session

Table 3. iBGP/EIGRP Profile Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

Number of 100G ports

180

Number of 40G ports

108

ECMP

16-way (Upstream)

BGP neighbors

8

BGP IPv4 VLSM unicast routes

40,000

BGP IPv6 VLSM unicast routes

10,000

EIGRP v4 neighbors

276

EIGRP v6 neighbors

276

EIGRP IPv4 /32 unicast routes

30,000

EIGRP IPv4 VLSM unicast routes

1000

EIGRP IPv6 /128 unicast routes

30,000

EIGRP IPv6 VLSM unicast routes

1000

BFD sessions

276

VRF

250

PIM neighbors

276

IPv4 (*,G) multicast routes

6000

IPv4 (S,G) multicast routes

16,000

ACL ACEs

500 (IPv4)

500 (IPv6)

SPAN sessions

1 local SPAN session

Table 4. MPLS Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

MPLS L3VPN

3967

VPE

3967

PE nodes

3

PE routes

20,000

X9636C-RX line card: ACL scale-IPv4

95,000

X9636C-RX line card: ACL scale-IPv6

20,000

HSRP, HSRP VIP

3967 each for v4 and v6

vPC uRPF

3967

Strict uRPF

Yes

VRF

3967

SVI

3967

Layer 3 VPN routes IP ECMP

2000

MPLS LSR ECMP

2000

VPNv4 routes

400,000

VPNv6 routes

90,000

EBGP neighbors

750

Table 5. Layer 2/Layer 3 Boundary Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

MAC addresses

19,000

vPC Port channels

46

ECMP

16-way (Upstream)

OSPFv2 neighbors

47

OSPFv3 neighbors

47

OSPF IPv4 /32 unicast routes

45,000

OSPF IPv4 VLSM unicast routes

1000

OSPF IPv6 /128 unicast routes

20,000

OSPF IPv6 VLSM unicast routes

1000

BFD sessions

49

VRF

250

VLAN

3750

SVI

3750

VRRP v4 groups

1996 VRRS / 4 VRRPv3

VRRP v6 groups

1996 VRRS / 4 VRRPv3

HSRP IPv4

1743 Secondary groups / 7 Primary groups

HSRP IPv6

1743 Secondary groups / 7 Primary groups

PIM neighbors

396

IPv4 (*,G) multicast routes

3080

IPv4 (S,G) multicast routes

26,600

IGMP snooping database entries

6400

sFlow enabled interfaces

83

UDLD enabled interfaces

93

SPAN sessions

1 local SPAN session

Table 6. Segment Routing Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

VLAN

100

SVI

100

MAC entries

10,000

ARP entries

70

HSRPv4 VIPs

100

HSRpv6 VIPs

100

LACP

11

LACP members

4

eBGP IPv6 neighbors

9

eBGP IPv4 LU neighbors

9

IPv4 (LU) routes

6888

IPv4 (LU) paths

17580

IPv6 routes

6663

6PE routes

17,338

SR ECMP

18 (dual-homed)

MPLS HW entries

11,957

Table 7. VXLAN Profile Verified Scalability Limits (Multidimensional)

Feature

Verified Limits

Ports

16

ECMP

8-way (Upstream)

BGP neighbors

200

BGP EVPN Layer 2 VPN host routes

64,000

BGP IPv4 VLSM unicast routes or OSPF

10,000

BGP IPv6 VLSM unicast routes or OSPF

6000

BFD sessions

20

PIM neighbors

20

IPv4 (*, G) multicast routes (co-existing)

4000

IPv4 (S,G) multicast routes (co-existing)

2000

Layer 3 VNI

900

Layer 2 VNI

2000

Local VTEP

1

Remote VTEPs

256

VLAN

3600

SVI

900

MAC

90,000

Deployment Case Studies

This section provides sample topologies for some common deployments. For each topology, the scalability numbers are the limits with all of the listed features enabled at the same time.


Attention


These numbers are not the maximum verified values if each feature is viewed in isolation. For these numbers, see the "Verified Scalability Limits" section.

VXLAN BGP/eVPN iBGP Centric Topology

This VXLAN BGP/eVPN iBGP centric topology consists of Cisco Nexus 9300 and 9500 Platform switches acting as VXLAN vPC tunnel endpoints (VTEPs) and VXLAN non-vPC VTEPs. VXLAN VTEPs establish iBGP sessions to a Cisco Nexus 9508 switch (route reflector) acting as a spine node. VXLAN-distributed anycast gateway SVIs are configured for dual stack, and the traffic is dual stack.

The focus of this topology is to test VXLAN overlay network scale and underlay Layer 2 switching and other routing, multicast, and Layer 4 through Layer 7 features for management and operations. Underlay PIM neighbors and IS-IS adjacency were tested with the default timer and Bidirectional Forwarding Detection (BFD) enabled on all links.

In the following table, the Verified Limit column lists the verified scaling capabilities with all listed features enabled at the same time. These numbers are not the maximum verified values if each feature is viewed in isolation.

Table 8. VXLAN BGP/eVPN iBGP Centric Topology

Feature

Supported Platform

Verified Limit

System Routing Template

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

default

Nexus 9364C switches

Not applicable

VXLAN VTEPs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

128

VXLAN Layer 2 VNIs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

2000

VXLAN Layer 3 VNIs/VRFs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX line cards

500

VXLAN multicast groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

128

VXLAN overlay MAC addresses

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX line cards

64,000

VXLAN overlay IPv4 host routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

60,000

VXLAN overlay IPv6 host routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

16,000

Nexus 9364C switches

Not applicable

VXLAN overlay IGMP Snooping groups

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

1000

VXLAN IPv4 LPM routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

5120

VXLAN IPv6 LPM routes

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

1500

Nexus 9364C switches

Not applicable

VXLAN VLAN logical port VP count

Nexus 9364C switches

Not applicable

VLANs on VTEP node

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408, 9364C switches, and 9500 switches with 9700-EX/FX/GX line cards

1700 (total VLANs)

1500 (VXLAN VLANs)

200 (non-VXLAN VLANs)

MST instances

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

20

Nexus 9364C switches

Not applicable

STP logical ports

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

3500

Nexus 9364C switches

Not applicable

vPC port channels

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

40

Nexus 9364C switches

Not applicable

Underlay IS-IS neighbors

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

32

Nexus 9364C switches

Not applicable

Underlay PIM neighbors

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

12

Nexus 9364C switches

Not applicable

Underlay HSRP groups for regular VLANs

Nexus 9364C switches

Not applicable

Underlay vPC SVIs

Nexus 9300-FX/FX2/FX3/GX/GX2/H2R/H1, 9408 switches, and 9500 switches with 9700-EX/FX/GX line cards

200

Nexus 9364C switches

Not applicable