Internal interfaces are generally for East-West traffic, while uplink interfaces are for North-South traffic.

An NSX Edge Services Gateway (ESG) can have up to 10 internal, uplink, or trunk interfaces. These limits are enforced by the NSX Manager. When a logical router (DLR) is connected to an edge services gateway (ESG), the interface on the router is an uplink interface, while the interface on the ESG is an internal interface. An NSX trunk interface is for internal networks, not external networks. The trunk interface allows multiple internal networks (either VLAN or VXLAN) to be trunked.

An NSX Data Center deployment can have up to a 1,000 distributed logical router (DLR) instances on a single ESXi host. On a single logical router, you can configure up to eight uplink interfaces, and up to 991 internal interfaces. These limits are enforced by the NSX Manager. For more information about interface scaling in an NSX Data Center deployment, see the NSX Network Virtualization Design Guide at

Note: IPv6 multicast addresses are not supported on NSX ESG interfaces in NSX Data Center for vSphere 6.2.x, 6.3.x, and 6.4.x.


  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Navigate to NSX Edge interface settings by clicking Manage > Settings > Interfaces.
  5. Select an interface and click the Edit (Edit icon or Edit icon) icon.
  6. In the Edit Edge Interface dialog box, enter a name for the interface.
  7. To indicate whether this interface is an internal or an external (uplink) interface, click Internal or Uplink.
    Select Trunk when creating a sub interface. For more information, see Add a Sub Interface.
  8. Select the port group or logical switch to which you want to connect this interface to.
    1. Next to the Connected To text box, click Edit icon or Change.
    2. Depending on what you want to connect to the interface, click the Logical Switch, Standard Port Group, or Distributed Virtual Port Group tab.
    3. Select the appropriate logical switch or port group, and click OK.
  9. Select the connectivity status for the interface.
  10. In Configure Subnets, click Add to add a subnet for the interface.
    An interface can have multiple non-overlapping subnets. Enter one primary IP address and a comma-separated list of multiple secondary IP addresses. NSX Edge considers the primary IP address as the source address for locally generated traffic. You must add an IP address to an interface before using it on any feature configuration.
  11. Enter the subnet prefix length or subnet mask for the interface.
  12. If you are using NSX 6.4.4 or later, click the Advanced tab, and then continue with the remaining steps in this procedure. If you are using NSX 6.4.3 or earlier, go to the next step.
  13. Change the default MTU, if necessary.
  14. Under Options, specify the following options.
    Option Description
    Proxy ARP Supports overlapping network forwarding between different interfaces.
    Send ICMP Redirect Conveys routing information to hosts.
    Reverse Path Filter Verifies the reachability of the source address in packets being forwarded. In enabled mode, the packet must be received on the interface that the router might use to forward the return packet. In loose mode, the source address must appear in the routing table.
  15. Enter the fence parameters.

    Configure fence parameters if you want to reuse IP and MAC addresses across different fenced environments. For example, in a cloud management platform (CMP), fencing allows you to run several cloud instances simultaneously with the same IP and MAC addresses isolated or "fenced".

  16. Click Save or OK.