I have a customer who has 2,000+ DFW rules defined in VMC. All those rules are applied to DFW. My understanding is that since the rules are applied to DFW, it means that every VM interface will have those rules in the processing chain and this will have a massive performance impact. Is that correct?
This also will exceed the configmax of 10,000 rules per host - they have about 30 VMs per host right now so (30 x 2,000 = 60,000 rules per host).
Can someone please confirm if this is a valid concern?
I checked in the configmax & according to that total rules across virtual NICs on a Hypervisor Host is 1,20,000. That means you are already touching the half way mark. Applying all the distributed firewall rules to DFW is not the good practice.