Testing ONTAP Maximums with PowerShell: ‘Export Policy Rules’ Example

Quite possibly a pointless post - this has never been a good reason to stop me posting something…

I needed to test if there’s a limit to the number of export policy rules in an export policy.
If you check out the ONTAP Maximums, it says (this is for small (<=4) / medium (<=8) / large clusters) -

Maximum number of export policies = 4000 / 12000 / 12000
Maximum number of export rules = 70000 / 70000 / 140000

- it also says that ‘these aren’t enforced by code’, so we don’t really expect to hit any limit. The ONTAP Maximums don’t tell us “Maximum number of export rules in an export policy”, hence the test (the figures above were the same in 8.3.x as 9.1).

To find out if there is any enforced limit with number of export rules in an export policy, you can run a simple test in PowerShell with the Data ONTAP PowerShell toolkit.

Import-Module DataOntap
Connect-NcController CLUSTER_NAME_IP
New-NcExportPolicy -Name TEST1 -VserverContext SVM
for($i = 1; $i -lt 50000; $i++){ $i; New-NcExportRule -Policy TEST1 -VserverContext SVM -index $i -ClientMatch ("host" + $i + ".lab.priv") -ReadOnlySecurityFlavor any -ReadWriteSecurityFlavor sys}

I went for 50’000 and had no problem creating 50’000. It’s not a good idea to have anything like this number of export rules in an export policy (the use of NetGroups to manage sets of clients - where there’s lots of client - is highly recommended!) Really, I was just curious to see if 4’000 was possible (don’t ask why.)

Image: Export Policy with 50’000 Export Policy Rules!