NFS & SMB Share and Policy Limits and Constraints

  • Updated on Jan 24, 2026
  • 1 minute(s) read
Prev Next

Max number of IP or Netgroup Constraints

The maximum number of IP or Netgroup constraints and their impact on the number of View Policies requires some explanation. Internally, VAST organizes the constraint list of a given policy into a constraint table. Each table can hold up to 50 constraints. There are approximately 8000 IP constraint tables and 8000 netgroup constraint tables per cluster. In the case of IP constraints, a constraint is expressed as a single IP element (IP address, subnet in CIDR notation, or a wildcard range) and a type of constraint (read only, read write, root squash, etc.). Netgroup constraints are similar, except the IP element is replaced with a netgroup name.

Consider this example view policy created using VCLI: 

viewpolicy create --name NAME --read-write 98.51.100.1,98.51.100.2 -nfs-no-squash * --trash-access 98.51.100.*

This policy expresses a total of 4 constraints. The constraints are: read-write:98.51.100.1, read-write:98.51.100.2, nfs-no-squash:*, trash-access:98.51.100.*. 

Each View Policy uses at least one IP constraint table and one netgroup constraint table. If there are no more than 50 constraints of each type for each policy, then there are 4096 policies available.

However, if the constraints on a policy are complex and more than 50 constraints are specified, additional constraint tables are automatically used. 

The result of this behavior is that, in almost all situations, 4096 View Policies are available. However, under extreme conditions, it is possible that the system can run out of constraint tables before policies. Here are a few examples:

Average number of Constraints per View Policy

Number of Constraint Tables Needed per View Policy

Maximum number of View Policies

1

1

4096

10

1

4096

50

1

4096

75

2

4000

100

2

4000

200

4

2000

As you can see, in typical situations, the practical number of policies is 4096. It's also important to remember that if only a few policies use many constraints, there should be no impact on the total number of policies. For example, if 30 policies use 500 constraints each, those 30 policies will use 300 constraint tables, leaving 7700 for the remaining 4086 policies - essentially no impact on the total number of policies.

Constraints Prior to VAST 3.0:

Prior to VAST-3.0, there was a limit of 64 constraints per export policy.  An entry was defined as one of:

  • IP address

  • Subnet-CIDR

  • Netgroup

Related articles