Verified Scalability Guide for Cisco APIC, Release 4.2(1), Multi-Site, Release 2.2(1), and Cisco Nexus 9000 Series ACI-Mode Switches, Release 14.2(1)
Revised: May 8, 2023
Overview
This guide contains the maximum verified scalability limits for Cisco Application Centric Infrastructure (Cisco ACI) parameters in the following releases:
- Cisco Application Policy Infrastructure Controller (Cisco APIC), Release 4.2(1)
- Cisco ACI Multi-Site, Release 2.2(1)
- Cisco Nexus 9000 Series ACI-Mode Switches, Release 14.2(1)
These values are based on a profile where each feature was scaled to the numbers specified in the tables. These numbers do not represent the theoretically possible Cisco ACI fabric scale.
General Scalability Limits
L2 Fabric: In Legacy mode, there is no routing, L3 context, nor contract enabled in the L2 fabric profile. A tenant in this profile does not need to be mapped to one dedicated ACI tenant. A tenant can be represented by a set of EPGs instead. To improve the load sharing among APIC controller nodes, you must distribute EPGs and BDs across different ACI tenants.
L3 Fabric: The ACI L3 fabric solution provides a feature-rich highly scalable solution for public cloud and large enterprise. With this design, almost all supported features are deployed at the same time and are tested as a solution. The scalability numbers listed in this section are multi-dimensional scalability numbers. The fabric scalability numbers represent the overall number of objects created on the fabric. The per-leaf scale numbers are the objects created and presented on an individual leaf switch. The fabric level scalability numbers represent APIC cluster scalability and the tested upper limits. Some of the per-leaf scalability numbers are subject to hardware restrictions. The per-leaf scalability numbers are the maximum limits tested and supported by leaf switch hardware. This does not necessarily mean that every leaf switch in the fabric was tested with maximum scale numbers.
Stretched Fabric: Stretched fabric allows multiple fabrics (up to 3) distributed in multiple locations to be connected as a single fabric with a single management domain. The scale for the entire stretched fabric remains the same as for a single site fabric. For example, a L3 stretched fabric will support up to 200 leaf switches total, which is the maximum number of leaf switches supported on a single site fabric. Parameters only relevant to stretched fabric are mentioned in the tables below.
Multi-Pod: Multi-Pod enables provisioning a more fault-tolerant fabric comprised of multiple Pods with isolated control plane protocols. Also, Multi-Pod provides more flexibility with regard to the full mesh cabling between leaf and spine switches. For example, if leaf switches are spread across different floors or different buildings, Multi-Pod enables provisioning multiple Pods per floor or building and providing connectivity between Pods through spine switches. Multi-Pod uses a single APIC cluster for all the Pods; all the Pods act as a single fabric. Individual APIC controllers are placed across the Pods but they are all part of a single APIC cluster.
Multi-Site: Multi-Site is the architecture interconnecting and extending the policy domain across multiple APIC cluster domains. As such, Multi-Site could also be named as Multi-Fabric, since interconnects separate Availability Zones (Fabrics) and are managed by an independent APIC controller cluster. An ACI Multi-Site Orchestrator is part of the architecture and is used to communicate with the different APIC domains to simplify the management of the architecture and the definition of inter-site policies.
Leaf Switches and Ports
The maximum number of leaf switches overall is 400 per fabric scale. The maximum number of physical ports is 19,200 per fabric. The maximum number of remote leaf (RL) switches is 64 per fabric, with total number of BDs deployed on all remote leaf switches in the fabric not exceeding 30,000. The total number of BDs on all RLs is equal to the sum of BDs on each RL.
General Scalability Limits
| Configurable Options | L2 Fabric | L3 Fabric | Large L3 Fabric |
|---|---|---|---|
| Number of APIC controllers | 3* or 4 node APIC cluster | 3* or 4 node APIC cluster | 5*, 6, or 7 node APIC cluster |
| Note | * denotes preferred cluster size. While the higher number of controllers is supported, the preferred size is based on the number of leaf switches in the environment. | * denotes preferred cluster size. While the higher number of controllers is supported, the preferred size is based on the number of leaf switches in the environment. | * denotes preferred cluster size. While the higher number of controllers is supported, the preferred size is based on the number of leaf switches in the environment. |
| Number of leaf switches | 80 | 80 for 3-node cluster 200 for 4-node cluster |
300 for 5- or 6-node cluster 400 for 7-node cluster |
| Number of tier-2 leaf switches per Pod in Multi-Tier topology | 80 | 80 for 3-node cluster 100 for 4-node cluster |
100 |
| Note | The total number of leaf switches from all tiers should not exceed the "Number of leaf switches" listed above | The total number of leaf switches from all tiers should not exceed the "Number of leaf switches" listed above | The total number of leaf switches from all tiers should not exceed the "Number of leaf switches" listed above |
| Number of spine switches | Maximum spines per Pod: 6. Total spines per fabric: 24. |
Maximum spines per Pod: 6. Total spines per fabric: 24. |
Maximum spines per Pod: 6. Total spines per fabric: 24. |
| Number of FEXs | 20 FEXs per leaf switch 576 ports per leaf switch 650 FEXs per fabric |
20 FEXs per leaf switch 576 ports per leaf switch 650 FEXs per fabric |
20 FEXs per leaf switch 576 ports per leaf switch 650 FEXs per fabric |
| Number of tenants | 1000 | 1000 | 3000 |
| Number of Layer 3 (L3) contexts (VRFs) | N/A | 1000 | 3000 |
| Configurable Options | L2 Fabric | L3 Fabric | Large L3 Fabric |
|---|---|---|---|
| Number of contracts/filters | N/A | 10,000 contracts 10,000 filters |
10,000 contracts 10,000 filters |
| Number of endpoint groups (EPGs) | For a fabric with a single Tenant: 4,000 For a fabric with multiple Tenants: 500 per Tenant, up to 21,000 total across all Tenants |
For a fabric with a single Tenant: 4,000 For a fabric with multiple Tenants: 500 per Tenant, up to 15,000 total across all Tenants |
For a fabric with a single Tenant: 4,000 For a fabric with multiple Tenants: 500 per Tenant, up to 15,000 total across all Tenants |
| Number of Isolation enabled EPGs | 400 | 400 | 400 |
| Number of bridge domains (BDs) | 21,000 | 15,000 | 15,000 |
| Number of BGP + number of OSPF sessions + EIGRP (for external connection) | N/A | 3,000 | 3,000 |
| Number of Multicast routes | N/A | 32,000 | 32,000 |
| Number of Multicast routes per VRF | N/A | 32,000 | 32,000 |
| Number of static routes to a single SVI/VRF | N/A | 5,000 | 5,000 |
| Number of static routes on a single leaf switch | N/A | 10,000 | 10,000 |
| Number of vCenters | N/A | 200 VDS 50 AVS 50 Cisco ACI Virtual Edge |
200 VDS 50 AVS 50 Cisco ACI Virtual Edge |
| Number of Service Chains | N/A | 1000 | 1000 |
| Number of L4 - L7 devices | N/A | 30 managed or 50 unmanaged physical HA pairs, 1,200 virtual HA pairs (1,200 maximum per fabric) | 30 managed or 50 unmanaged physical HA pairs, 1,200 virtual HA pairs (1,200 maximum per fabric) |
| Number of ESXi hosts - VDS | N/A | 3200 | 3200 |
| Number of ESXi hosts - AVS | N/A | 3200 (Only 1 AVS instance per host) | 3200 (Only 1 AVS instance per host) |
| Number of ESXi hosts - AVE | N/A | 3200 (Only 1 AVE instance per host) | 3200 (Only 1 AVE instance per host) |
| Configurable Options | L2 Fabric | L3 Fabric | Large L3 Fabric |
|---|---|---|---|
| Number of VMs | N/A | Depends upon server scale | Depends upon server scale |
| Number of configuration zones per fabric | 30 | 30 | 30 |
| Number of BFD sessions per leaf switch | 256 | 256 | 256 |
| Minimum BFD timer required to support this scale: | minTx:50 minRx:50 multiplier:3 |
minTx:50 minRx:50 multiplier:3 |
minTx:50 minRx:50 multiplier:3 |
Multi-Pod
| Configurable Options | L2 Fabric | L3 Fabric | Large L3 Fabric |
|---|---|---|---|
| Note | * denotes preferred cluster size. 3* or 4 node APIC cluster 6 Pods 80 leaf switches overall |
* denotes preferred cluster size. 3* or 4 node APIC cluster 6 Pods 80 for 3-node cluster 200 for 4-node cluster |
* denotes preferred cluster size. 5* or 6 node APIC cluster, 6 Pods, 200 leaf switches max per Pod, 300 leaf switches max overall 7 node APIC cluster, 12 Pods, 200 leaf switches max per Pod, 400 leaf switches max overall |
| L3 EVPN Services over Fabric WAN - GOLF (with and without OpFlex) | N/A | 1000 VRFs, 60,000 routes in a fabric | 1000 VRFs, 60,000 routes in a fabric |
| Layer 3 Multicast routes | N/A | 32,000 | 32,000 |
| Number of Routes in Overlay-1 VRF | 1,000 | 1,000 | 1,000 |
Multiple Fabric Options Scalability Limits
Stretched Fabric
| Configurable Options | Per Fabric Scale |
|---|---|
| Maximum number of fabrics that can be a stretched fabric | 3 |
| Maximum number of Route Reflectors | 6 |
Multi-Pod
| Configurable Options | Per Fabric Scale |
|---|---|
| Maximum number of Pods | 12 |
| Maximum number of leaf switches per Pod | 200 |
| Maximum number of leaf switches overall | 400 |
| Maximum number of Route Reflectors for L3Out | 24 |
| Number of External Route Reflectors between Pods | For 1-3 Pods: Up to 3 external route reflectors. We recommend full mesh for external BGP peers instead of using external route reflectors when possible. For 4 or more Pods: Up to 4 external route reflectors. We recommend using external route reflectors instead of full mesh. We recommend that the external route reflectors are distributed across Pods so that in case of any failure there are always at least two Pods with external route reflectors still reachable. |
Cisco ACI vPod Scalability Limits
Cisco ACI vPod Scalability Limits
| Configurable Options | Scale |
|---|---|
| Number of vPods | 6 |
| Number of Cisco ACI Virtual Edge (AVE) instances per vPod | 32 |
| Number of Virtual Ethernet Ports (vEThs) per AVE in vPod | 32 |
| Number of EPGs per vPod | 256 |
| Number of EPGs across all vPods | 864 |
| Number of EPGs across all physical and virtual pods | 15,000 |
| Number of filters per ACI Virtual Edge | 128 |
| Number of contracts per ACI Virtual Edge | 36 |
| *The total number of filters used by all contracts must not exceed the filter limit above |
Cisco ACI Multi-Site Scalability Limits
Stretched Vs. Non-Stretched
Stretched in Multi-Site means that the fabric has stretched objects such as EPGs, BDs, VRFs, or subnets across multiple sites or has cross-site contracts between EPGs.
Non-Stretched in Multi-Site means all objects such as EPG, contract, and BD are local to a site only and do not cross the local-site boundary.
The total number of stretched and non-stretched objects must not exceed the maximum verified scalability limit for that object, which are listed in their respective sections in this guide.
Note: For maximum scale Multi-Site configurations with many features enabled simultaneously, it is recommended that those configurations be tested in a lab before deployment.
Multi-Site General Scalability Limits
| Configurable Options | Scale |
|---|---|
| Sites | 12 |
| Pods per site | 12 |
| Leaf switches per site | 200 |
Multi-Site Object Scale
| Configurable Options | Scale |
|---|---|
| Policy Objects per Schema | 500 |
| Templates per Schema | 5 |
| Application Profiles per Schema | 200 |
| Number of Schemas | 80 |
| Number of Templates | 400 |
| Multi-Site Orchestrator Users (nonparallel*) | 50 |
| *Multi-Site Orchestrator processes requests sequentially from multiple users even if they are deploying different schemas. |
Multi-Site Scalability Limits for Stretched Objects
| Configurable Options | Scale (Stretched) |
|---|---|
| Tenants | 400 |
| VRFs | 1000 |
| BDs | 4000 |
| Contracts | 4000 |
| Endpoints | 150,000 including: - 100,000 - learned from other sites - 50,000 - locally learned in site-local |
| EPGs | 4000 |
| Isolated EPGs | 400 |
| Microsegment EPGs | 400 |
| IGMP Snooping | 8000 |
| Layer-3 multicast routes | 8000 |
| L3Out external EPGs | 500 |
| Subnets | 8000 |
| Contract Preferred Group (BD/EPG combinations) | 250* *EPGs must be added to the preferred group gradually |
| Number of L4-L7 logical devices | 400 |
| Number of graph instances | 250 |
| Number of device clusters per tenant | 10 |
| Number of interfaces per device cluster | Any |
| Number of graph instances per device cluster | 125 |
Multi-Site VRF/BD VNID Translation Scale
| Configurable Options | Scale |
|---|---|
| Fixed spines | 21,000 |
| Modular spines | 42,000 |
Fabric Topology, SPAN, Tenants, Contexts (VRFs), External EPGs, Bridge Domains, Endpoints, and Contracts Scalability Limits
The following table shows the mapping of the "ALE/LSE Type" to the corresponding ToR switches. This information is helpful to determine which ToR switch is affected when we use the terms ALE v1, ALE v2, LSE, or LSE2 in remaining sections.
Note: In the following table, the N9K-C9336C-FX2 switch is listed as LSE for scalability limits purposes only; the switch supports LSE2 platform features. Consult specific feature documentation for the full list of supported devices.
| ALE/LSE Type | ACI-Supported ToR switches |
|---|---|
| ALE v1 | N9K-C9396PX + N9K-M12PQ N9K-C93128TX + N9K-M12PQ N9K-C9396TX + N9K-M12PQ |
| ALE v2 | N9K-C9396TX + N9K-M6PQ N9K-C93128TX + N9K-M6PQ N9K-C9396PX + N9K-M6PQ N9K-C9372TX 64K N9K-C9332PQ N9K-C9372PX |
| LSE | N9K-C93108TC-EX + N9K-C93180YC-EX + N9K-C9336C-FX2 |
| LSE2 | N9K-C93108TC-FX + N9K-C93180YC-FX + N9K-C9348GC-FXP |
Note: Unless explicitly called out, LSE represents both LSE and LSE2 and ALE represents both ALE v1 and ALE v2 in the rest of this document.
Fabric Topology
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Number of PCs, vPCs | 320 (with FEX HIF) | N/A |
| Number of encapsulations per access port, PC, vPC (non-FEX HIF) | 3,000 | N/A |
| Number of encapsulations per FEX HIF, PC, vPC | 20 | N/A |
| Number of member links per PC, vPC* | 16 *vPC total ports = 32, 16 per leaf |
N/A |
| Number of ports x VLANs (global scope and no FEX HIF) | 64,000 168,000 (when using legacy BD mode) |
N/A |
| Number of ports x VLANs (FEX HIFs and/or local scope) | For ALE v1 and v2: 9,000 For LSE and LSE2: 10,000 |
N/A |
| Number of static port bindings | For ALE v1 and v2: 30,000 For LSE and LSE2: 60,000 |
400,000 |
| Number of VMACs | For ALE v2: 255 For LSE and LSE2: 510 |
N/A |
| STP | All VLANs | N/A |
| Mis-Cabling Protocol (MCP) | 256 VLANs per interface 2000 logical ports (port x VLAN) per leaf |
N/A |
| Maximum number of endpoints (EPs) | 16-slot and 8-slot modular spine switches: Max. 450,000 Proxy Database Entries in the fabric, which can be translated into any one of the following: - 450,000 MAC-only EPs (each EP with one MAC only) - 225,000 IPv4 EPs (each EP with one MAC and one IPv4) - 150,000 dual-stack EPs (each EP with one MAC, one IPv4, and one IPv6) The formula to calculate in mixed mode is as follows: #MAC + #IPv4 + #IPv6 <= 450,000 NOTE: Four fabric modules are required on all spines in the fabric to support above scale. 4-slot modular spine switches: Max. 360,000 Proxy Database Entries in the fabric, which can be translated into any one of the following: - 360,000 MAC-only EPs (each EP with one MAC only) - 180,000 IPv4 EPs (each EP with one MAC and one IPv4) - 120,000 dual-stack EPs (each EP with one MAC, one IPv4, and one IPv6) The formula to calculate in mixed mode is as follows: #MAC + #IPv4 + #IPv6 <= 360,000 NOTE: Four fabric modules are required on all spines in the fabric to support above scale. |
Fixed spine switches: Max. 180,000 Proxy Database Entries in the fabric, which can be translated into any one of the following: - 180,000 MAC-only EPs (each EP with one MAC only) - 90,000 IPv4 EPs (each EP with one MAC and one IPv4) - 60,000 dual-stack EPs (each EP with one MAC, one IPv4, and one IPv6) The formula to calculate in mixed mode is as follows: #MAC + #IPv4 + #IPv6 <= 180,000 |
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of IP Longest Prefix Matches (LPM) entries | Default (Dual Stack) profile: - For ALE v1 and v2: - IPv4: 10,000 or - IPv6: 6,000 or - IPv4: 4,000, IPv6: 4,000 - IPv6 wide prefixes (>/64): 1,000 - For LSE or LSE2: - IPv4: 20,000 or - IPv6: 10,000 - IPv6 wide prefixes (>= /84): 1,000 NOTE: For LSE2 and FX2 models there's no restriction on wide prefixes. IPv4 scale profile: - For LSE or LSE2: - IPv4: 38,000 - IPv6: Not supported - For ALE v1 and v2: Not supported High Dual Stack scale profile: - For LSE or LSE2: - IPv4: 38,000 or - IPv6: 19,000 - IPv6 wide prefixes (>= /84): 1,000 NOTE: For LSE2 and FX2 models there's no restriction on wide prefixes. - For ALE v1 and v2: Not supported High Policy profile: |
N/A |
| Maximum number of IP Longest Prefix Matches (LPM) entries (Continued) | High LPM Scale profile - LSE or LSE2: - IPv4: 128,000 or - IPv6: 64,000 - IPv6 wide prefixes (>= /84): 1,000 NOTE: For LSE2 and FX2 models there's no restriction on wide prefixes. - ALE v1 and v2: Not supported High Policy profile: - LSE2 (N9K-C93180YC-FX with 32GB of RAM only): - IPv4: 20,000 or - IPv6: 10,000 |
N/A |
| Maximum number of Secondary addresses per logical interface | 1 | 1 |
| Maximum number of L3 interfaces per Context | 1000 SVIs 8 Routed interfaces 100 sub-interfaces with or without port-channel |
N/A |
| Maximum number of L3 interfaces | 1000 SVIs 8 Routed interfaces 1000 sub-interfaces with or without port-channel |
N/A |
| Maximum number of ARP entries for L3 Outs | 7,500 | N/A |
| Shared L3 Out | IPv4 Prefixes: 2000 or IPv6 Prefixes: 1000 |
IPv4 Prefixes: 6000 or IPv6 Prefixes: 3000 |
| Maximum number of L3 Outs | 400 For LSE and LSE2: 800 |
2400 (single-stack) 1800 (dual-stack) |
External EPGs
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Number of External EPGs | 800 | ALE: 2400 LSE: 4000 The listed scale is calculated as a product of (Number of external EPGs)*(Number of border leaf switches for the L3Out) For example, the following combination adds up to a total of 2000 external EPGs in the fabric (250 external EPGs * 2 border leaf switches * 4 L3Outs): - 250 External EPGs in L3Out1 on leaf1 and leaf2 - 250 External EPGs in L3Out2 on leaf1 and leaf2. - 250 External EPGs in L3Out3 on leaf3 and leaf4 - 250 External EPGs in L3Out4 on leaf3 and leaf4 |
| Number of External EPGs per L3Out | 250 | 600 The listed scale is calculated as a product of (Number of external EPGs per L3Out)*(Number of border leaf switches for the L3Out) For examples, 150 external EPGs on L3Out1 that is deployed on leaf1, leaf2, leaf3, and leaf4 adds up to a total of 600 |
| Maximum number of LPM Prefixes for External EPG Classification | ALE: 1000 IPv4 LSE: refer to LPM scale section. Note: Maximum combined number of IPv4/IPv6 host and LPM prefixes for External EPG Classification must not exceed 64,000 |
N/A |
| Maximum number of host prefixes for External EPG Classification | Note: Maximum combined number of IPv4/IPv6 host and LPM prefixes for External EPG Classification must not exceed 64,000 | N/A |
| ALE: 1000 LSE and LSE2: - Default Profile: - IPv4 (/32): 16,000 - IPv6 (/128): 12,000 Combined number of host prefixes and endpoints can't exceed 12,000. - IPv4 Profile: - IPv4 (/32): 16,000 Combined number of host prefixes, mcast routes, and endpoints can't exceed 56,000. - IPv6 (/128): 0 - High Dual Stack Profile: - IPv4 (/32): 64,000 Combined number of host prefixes, mcast routes, and endpoints can't exceed 64,000. - IPv6 (/128): 24,000 (LSE) Combined number of host prefixes and endpoints can't exceed 24,000. - IPv6 (/128): 48,000 (LSE2 only) Combined number of host prefixes and endpoints can't exceed 48,000. - High LPM Profile: - IPv4 (/32): 24,000 Combined number of host prefixes, mcast routes, and endpoints can't exceed 24,000. - IPv6 (/128): 12,000 Combined number of host prefixes and endpoints can't exceed 12,000. - High Policy profile (N9K-C93180YC-FX with 32GB of RAM only): - IPv4 (/32): 16,000 - IPv6 (/128): 12,000 Combined number of host prefixes and endpoints can't exceed 12,000. |
Bridge Domain
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of BDs | 1,980 Legacy mode: 3,500 On ALE ToR switches with multicast optimized mode: 50 |
15,000 |
| Maximum number of BDs with Unicast Routing per Context (VRF) | ALE: 256 LSE: 1000 |
1750 |
| Maximum number of subnets per BD | 1,000, cannot be for all BDs. | 1,000 per BD |
| Maximum number of EPGs per BD | 3,960 | 4,000 |
| Number of L2 Outs per BD | 1 | 1 |
| Number of BDs with Custom MAC Address | 1,750 Legacy mode: 3,500 On ALE ToR switches with multicast optimized mode: 50 |
1,750 Legacy mode: 3,500 On ALE ToR switches with multicast optimized mode: 50 |
| Maximum number of EPGs + L3 Outs per Multicast Group | 128 | 128 |
| Maximum number of BDs with L3 Multicast enabled | 1,750 | 1,750 |
| Maximum number of VRFs with L3 Multicast enabled | 64 | 64 |
| Maximum number of L3 Outs per BD | ALE: 4 LSE: 16 |
N/A |
| Number of static routes behind pervasive BD (EP reachability) | N/A | 450 |
Endpoint Groups (Under App Profiles)
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of EPGs | Normally 3,960; if legacy mode 3,500 | 15,000 |
| Maximum amount of encapsulations per EPG | 1 Static leaf binding, plus 10 Dynamic VMM | N/A |
| Maximum Path encap binding per EPG | Equals to number of ports on the leaf | N/A |
| Maximum amount of encapsulations per EPG per port with static binding | One (path or leaf binding) | N/A |
| Maximum number of domains (physical, L2, L3) | 100 | N/A |
| Maximum number of VMM domains | N/A | 200 VDS 50 AVS 50 Cisco ACI Virtual Edge |
| Maximum number of native encapsulations | One per port, if a VLAN is used as a native VLAN. Total number of ports, if there is a different native VLAN per port. |
Applicable to each leaf independently |
| Maximum number of 802.1p encapsulations | 1, if path binding then equals the number of ports. If there is a different native VLAN per port, then it equals the number of ports. |
Applicable to each leaf independently |
| Can encapsulation be tagged and untagged? | No | N/A |
Contracts
Cisco ACI supports two types of compression for policy CAM (content-addressable memory):
- Bidirectional compression: ensures that bidirectional rules consume a single entry in the policy CAM and is supported starting with Cisco APIC release 3.2(1).
- Policy TCAM indirection compression: enables multiple contracts to refer to the same filter rules and is supported starting with Cisco APIC release 4.0(1).
If you enable compression in release 4.0(1) or later, APIC will use either or both optimizations depending on the configuration. When enabling compression on -EX switches, APIC will apply bidirectional compression. The policy TCAM compression feature requires -FX leaf switches or newer.
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of Static endpoints per EPG | Maximum endpoints | N/A |
| Maximum number of Subnets for inter-context access per tenant | 4,000 | N/A |
| Maximum number of Taboo Contracts per EPG | 2 | N/A |
| IP-based EPG (bare metal) | 4,000 | N/A |
| MAC-based EPG (bare metal) | 4,000 | N/A |
| Security TCAM size | Default scale profile: - For ALE v1: 4,000 - For ALE v2: 40,000 - For LSE and LSE2: 64,000 IPv4 scale profile: - For LSE and LSE2: 64,000 - For ALE v1/v2: N/A High Dual Stack scale profile: - For LSE: 8,000 - For LSE2: 128,000 - For ALE v1/v2: N/A High LPM scale profile: - For LSE and LSE2: 8,000 - For ALE v1/v2: N/A High Policy profile: - LSE2 (N9K-C93180YC-FX with 32GB of RAM only): 256,000 |
N/A |
| Software policy scale with Policy Table Compression enabled (Number of actrlRule Managed Objects) | Dual stack profile: - LSE (N9K-C9336C-FX2 only): 80,000 - LSE2 (N9K-C93180YC-FX only): 80,000 High Dual Stack profile: - LSE2 (N9K-C93180YC-FX and N9K-C93600CD-GX only) : 140,000 |
N/A |
| Approximate TCAM calculator given contracts and their use by EPGs | Number of entries in a contract X Number of Consumer EPGs X Number of Provider EPGs X 2 | N/A |
| Number of consumers (or providers) of a contract that has more than 1 provider (or consumer) | 100 | 100 |
| Number of consumers (or providers) of a contract that has a single provider (or consumer) | 1000 | 1000 |
| Scale guideline for the number of Consumers and Providers for the same contract | N/A | Number of consumer EPGs * number of provider EPGs * number of filters in the contract <= 50,000 |
FCoE NPV
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of VSANs | 32 | N/A |
| Maximum number of VFCs configured on physical ports and FEX ports | 151 | N/A |
| Maximum number of VFCs on port-channel (PC), including SAN port-channel | 7 | N/A |
| Maximum number of VFCs on virtual port-channel (vPC) interfaces, including FEX HIF vPC | 151 | N/A |
| Maximum number of FDISC per port | 255 | N/A |
| Maximum number of FDISC per leaf | 1000 | N/A |
FC NPV
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of FC NP Uplink interfaces | 48 | N/A |
| Maximum number of VSANs | 32 | N/A |
| Maximum number of FDISC per port | 255 | N/A |
| Maximum number of FDISC per leaf | 1000 | N/A |
| Maximum number of SAN port-channel, including VFC port-channel | 7 | N/A |
| Maximum number of members in a SAN port-channel | 16 | N/A |
VMM Scalability Limits
VMware
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Number of vCenters (VDS) | N/A | 200 (Verified with a load of 10 events/minute for each vCenter) |
| Number of vCenters (AVS) | N/A | 50 |
| Number of vCenters (Cisco ACI Virtual Edge) | N/A | 50 |
| Datacenters in a vCenter | N/A | 4 |
| Total Number of VMM domain (vCenter, Datacenter) instances. | N/A | 200 VDS 50 AVS 50 Cisco ACI Virtual Edge |
| Number of ESX hosts per AVS | 240 | N/A |
| Number of ESX hosts running Cisco ACI Virtual Edge | 150 | N/A |
| Number of EPGs per vCenter/vDS | N/A | 5,000 |
| Number of EPGs to VMware domains/vDS | N/A | 5,000 |
| Number of EPGs per vCenter/AVS | N/A | 3,500 |
| Number of EPGs to VMware domains/AVS | N/A | 3,500 |
| Number of EPGs per vCenter/Cisco ACI Virtual Edge | N/A | VLAN Mode: 1300 VXLAN Mode: 2000 |
| Number of EPGs to VMware domains and Cisco ACI Virtual Edge | N/A | VLAN Mode: 1300 VXLAN Mode: 2000 |
| Number of endpoints (EPs) per AVS | 10,000 | 10,000 |
| Number of endpoints per VDS | 10,000 | 10,000 |
| Number of endpoints per vCenter | 10,000 | 10,000 |
| Number of endpoints per Cisco ACI Virtual Edge | 10,000 | 10,000 |
| Support RBAC for AVS | N/A | Yes |
| Support RBAC for VDS | N/A | Yes |
| Support RBAC for Cisco ACI Virtual Edge | N/A | Yes |
| Number of Microsegment EPGs with vDS | 400 (Tested with a total of 500 EPs attached to 1 vPC) | N/A |
| Number of Microsegment EPGs with AVS | 1,000 | N/A |
| Number of Microsegment EPGs with Cisco ACI Virtual Edge | 1,000 | N/A |
| Number of DFW flows per vEth with AVS | 10,000 | N/A |
| Number of DFW flows per vEth with Cisco ACI Virtual Edge | 10,000 | N/A |
| Number of DFW denied and permitted flows per ESX host with AVS | 250,000 | N/A |
| Number of DFW denied and permitted flows per ESX host with Cisco ACI Virtual Edge | 250,000 | N/A |
| Number of VMM domains per EPG with AVS | N/A | 10 |
| Number of VMM domains per EPG with Cisco ACI Virtual Edge | N/A | 10 |
| Number of VM Attribute Tags per vCenter | N/A | vCenter version 6.0: 500 vCenter version 6.5: 1000 |
Microsoft SCVMM
| Configurable Options | Per Leaf Scale (On-Demand Mode) | Per Leaf Scale (Pre-Provision Mode) | Per Fabric Scale |
|---|---|---|---|
| Number of controllers per SCVMM domain | N/A | N/A | 5 |
| Number of SCVMM domains | N/A | N/A | 5 |
| EPGs per Microsoft VMM domain | N/A | N/A | 3,000 |
| EPGs per all Microsoft VMM domains | N/A | N/A | 9,000 |
| EP/VNICs per HyperV host | N/A | N/A | 100 |
| EP/VNICs per SCVMM | 3,000 | 10,000 | 10,000 |
| Number of Hyper-V hosts | 64 | N/A | N/A |
| Number of logical switch per host | N/A | N/A | 1 |
| Number of uplinks per logical switch | N/A | N/A | 4 |
| Microsoft micro-segmentation | 1,000 | Not Supported | N/A |
Microsoft Windows Azure Pack
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Number of Windows Azure Pack subscriptions | N/A | 1,000 |
| Number of plans per Windows Azure Pack instance | N/A | 150 |
| Number of users per plan | N/A | 200 |
| Number of subscriptions per user | N/A | 3 |
| VM networks per Windows Azure Pack user | N/A | 100 |
| VM networks per Windows Azure Pack instance | N/A | 3,000 |
| Number of tenant shared services/providers | N/A | 40 |
| Number of consumers of shared services | N/A | 40 |
| Number of VIPs (Citrix) | N/A | 50 |
| Number of VIPs (F5) | N/A | 50 |
Layer 4 - Layer 7 Scalability Limits
(L4-L7 Configurations)
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Maximum number of L4-L7 logical device clusters | N/A | 1,200 |
| Maximum number of graph instances | N/A | 1,000 |
| Number of device clusters per tenant | N/A | 30 |
| Number of interfaces per device cluster | N/A | Any |
| Number of graph instances per device cluster | N/A | 500 |
| Deployment scenario for ASA (transparent or routed) | N/A | Yes |
| Deployment scenario for Citrix - One arm with SNAT/etc. | N/A | Yes |
| Deployment scenario for F5 - One arm with SNAT/etc. | N/A | Yes |
AD, TACACS, RBAC Scalability Limits
| Configurable Options | Per Leaf Scale | Per Fabric Scale |
|---|---|---|
| Number of ACS/AD/LDAP authorization domains | N/A | 4 tested (16 maximum /server type) |
| Number of login domains | N/A | 15 (can go beyond). |
| Number of security domains/APIC | N/A | 15 (can go beyond). |
| Number of security domains in which the tenant resides | N/A | 4 (can go beyond). |
| Number of priorities | N/A | 4 tested (16 per domain) |
| Number of shell profiles that can be returned. | N/A | 4 tested (32 domains total) |
| Number of users | N/A | 8,000 local / 8,000 remote |
| Number of simultaneous logins | N/A | 500 connections / NGNIX simultaneous REST logins |
Cisco Mini ACI Fabric and Virtual APICs Scalability Limits
| Property | Maximum Scale |
|---|---|
| Multicast Groups | 200 |
| BGP + OSPF Sessions | 25 |
| Number of Graphs Instances | 20 |
| Maximum number of L4-L7 logical device clusters | 3 Physical or 10 Virtual |
| Number of Pods | 1 |
| GOLF VRF, Route Scale | N/A |
| Tenants | 25 |
| Endpoints | 20,000 |
| Bridge domains (BDs) | 1000 |
| Endpoint groups (EPGs) | 1000 |
| VRFs | 25 |
| Number of Leafs | 4 |
| Number of Spines | 2 |
| Contracts | 2000 |
Cisco Cloud APIC Scalability Limits
| Configurable Options | Scale |
|---|---|
| Number of Tenants | 20 |
| Number of Application Profiles | 500 |
| Number of EPGs | 500 |
| Number of Cloud End Points | 1000 |
| Number of VRFs | 20 |
| Cloud Context Profiles | 40 |
| Number of Contracts | 1000 |
| Number of L4-L7 Service Graphs | 200 |
| Number of L4-L7 Services Devices (AWS ALB) | 100 |
Cisco ACI and UCSM Scalability
The following table shows verified scalability numbers for Cisco Unified Computing System with Cisco ACI ExternalSwitch app.
| Configurable Options | Scale |
|---|---|
| Number of UCSMs per APIC cluster | 12 |
| Number of VMM Domains per UCSM | 4 |
| Number of VLANs + PVLAN per UCSM | 4000 |
| Number of vNIC Templates per UCSM | 16 |
QoS Scalability Limits
The following table shows QoS scale limits. The same numbers apply for topologies with or without remote leafs as well as with COS preservation and MPOD policy enabled.
| QoS Mode | QoS Scale |
|---|---|
| Custom QoS Policy with DSCP | 7 |
| Custom QoS Policy with DSCP and Dot1P | 7 |
| Custom QoS Policy with Dot1P | 38 |
| Custom QoS Policy via a Contract | 38 |
United States Federal Communications Commission Notice - Cisco
ExternalSwitch
