diff --git a/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py b/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
index b00fccde19..f297ce506c 100644
--- a/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
+++ b/vmware_nsx/plugins/nsx_v/drivers/distributed_router_driver.py
@@ -203,13 +203,8 @@ class RouterDistributedDriver(router_driver.RouterBaseDriver):
     def _validate_multiple_subnets_routers(self, context, router_id,
                                            interface_info):
         _nsxv_plugin = self.plugin
-        is_port, is_sub = _nsxv_plugin._validate_interface_info(interface_info)
-        if is_port:
-            net_id = _nsxv_plugin.get_port(
-                context, interface_info['port_id'])['network_id']
-        elif is_sub:
-            net_id = _nsxv_plugin.get_subnet(
-                context, interface_info['subnet_id'])['network_id']
+        net_id = _nsxv_plugin._get_interface_info_net_id(context,
+                                                         interface_info)
 
         port_filters = {'device_owner': [l3_db.DEVICE_OWNER_ROUTER_INTF],
                         'network_id': [net_id]}
diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py
index 13fbbbb9f8..ff967278ab 100644
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@@ -2108,7 +2108,31 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             else:
                 edge_utils.update_internal_interface(*update_args)
 
+    def _get_interface_info_net_id(self, context, interface_info):
+        is_port, is_sub = self._validate_interface_info(interface_info)
+        if is_port:
+            net_id = self.get_port(
+                context, interface_info['port_id'])['network_id']
+        elif is_sub:
+            net_id = self.get_subnet(
+                context, interface_info['subnet_id'])['network_id']
+        return net_id
+
+    def _is_external_interface_info(self, context, interface_info):
+        net_id = self._get_interface_info_net_id(context, interface_info)
+        network = self.get_network(context, net_id)
+        if (network.get(ext_net_extn.EXTERNAL)):
+            return True
+        return False
+
     def add_router_interface(self, context, router_id, interface_info):
+        # Do not support external subnet/port as a router interface
+        if self._is_external_interface_info(context.elevated(),
+                                            interface_info):
+            msg = (_('cannot add an external subnet/port as a router '
+                     'interface'))
+            raise n_exc.InvalidInput(error_message=msg)
+
         router_driver = self._find_router_driver(context, router_id)
         try:
             return router_driver.add_router_interface(
diff --git a/vmware_nsx/tests/unit/nsx_v/test_plugin.py b/vmware_nsx/tests/unit/nsx_v/test_plugin.py
index 3309ac3b6b..5999d755ca 100644
--- a/vmware_nsx/tests/unit/nsx_v/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_v/test_plugin.py
@@ -3165,6 +3165,20 @@ class TestVdrTestCase(L3NatTest, L3NatTestCaseBase,
                                           s1['subnet']['id'],
                                           None)
 
+    def test_router_add_interface_with_external_net_fail(self):
+        with self.router() as r,\
+                self.network() as n,\
+                self.subnet(network=n) as s:
+            # Set the network as an external net
+            net_id = n['network']['id']
+            self._set_net_external(net_id)
+            err_code = webob.exc.HTTPBadRequest.code
+            self._router_interface_action('add',
+                                          r['router']['id'],
+                                          s['subnet']['id'],
+                                          None,
+                                          err_code)
+
     def test_delete_ext_net_with_disassociated_floating_ips(self):
         with self.network() as net:
             net_id = net['network']['id']