NSX for vSphere 6.3 configuration maximums

NSX for vSphere 6.3 configuration maximums

Woo! This document could not have come sooner enough. The NSX for vSphere 6.3 maximums document can be found here.

There are two lines in the document that are salient:

* It may not be possible to maximiz e all configuration settings and expect your desired outcome.

  • The recommended configuration maximums do not represent the theoretical possibilities of NSX for vSphere scale.

This is important. Just because you can scale some of these numbers to their maximums – is it the best design? What decisions did you make to use that many security groups? What led you to use dynamic matching criteria based on Security Tags versus entity based inclusions?

If you’re working on your VCDX – this is a document you can reference in regards to your decisions you make.

This document will be updated for each subsequent release that modifies maximums.


Use vNIC filter_hash in Log Insight

My colleague Dale wrote about the addition of the Filter Hash property introduced in NSX 6.2.4. This helps identify the the filter used on the vNIC. His examples show the ability to use the CLI to determine it.

The filter hash provides a reference to a DFW filter placed upon a vNIC. In Dale’s article it can be easily show with come commands. If you are logging Distributed Firewall rules the output is included in it. You could use the Filter Hash as a way to determine a source of a rule. This could be useful when a Virtual Machine may have numerous IP addresses on a vNIC. This could be the case in terms of a loopback or a Virtual IP.

The following value highlighting the filter hash is as follows:

Field Name: vmw_nsx_firewall_filterhash
Extracted value: Integer -?\d+
Pre context: dfwpktlogs:
Post context: INET


This will highlight the filter hash.  The hash can be used in dashboards below:

  • Unique number of hashs
  • Hash, src, dst and port
  • Hash