Virtual private cloud (VPC) quotas define the maximum number of resources you can create or operations you can perform per account or region.
Quota types
Alibaba Cloud service quotas are applied on a per-account or per-region basis. See the table below for quota categories.
Type | Description |
General quota | Maximum number of resources that an Alibaba Cloud account can use. |
API rate limit | Maximum API calls per second, also known as a queries per second (QPS) limit. |
Privilege quota | Permissions granted to an account, such as the permission to use specific features. |
To view and request quota increases, log on to the Alibaba Cloud Quota Center console or VPC console. For more information, see Manage VPC quotas.
Quota changes apply to both new and existing resources.
General quotas
The following tables list the general quotas of VPC.
VPCs and vSwitches
Quota name | Description | Default limit | Adjustable |
vpc_quota_instances_num vpc_quota_instances_num_${RegionId} take precedence over vpc_quota_instances_num | VPCs in a single region. | 10 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_instances_num_${RegionId} ${RegionId} is a variable that specifies a region. The quota name varies based on the region. | VPCs in a specified region. | 10 | |
vpc_quota_vswitches_num | vSwitches per VPC. | 150 | |
vpc_quota_secondary_cidr_num | Secondary IPv4 CIDR blocks per VPC. | 5 | |
None | Secondary IPv6 CIDR blocks per VPC. | 5 | No. |
Reserved IPv4 CIDR blocks per VPC. | 100 | ||
Reserved IPv6 CIDR blocks per VPC. | 100 | ||
User CIDR blocks per VPC. | 3 | ||
Private IP addresses used by cloud resources in a VPC. | 300,000 1. If an Elastic Compute Service (ECS) instance has only one private IP, the ECS instance uses only one network address. 2. If an ECS instance is associated with multiple ENIs or multiple IP addresses are configured for the ENIs, the number of network addresses used by the ECS instance is the sum of the IP addresses that are assigned to the ENIs associated with the ECS instance. | ||
Tags per VPC. | 20 | ||
Tags per vSwitch. | 20 |
vRouters and route tables
Quota name | Description | Default limit | Adjustable |
vpc_quota_route_tables_num | Custom route tables per VPC. | 9 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_route_entrys_num | Custom route entries per route table (excluding dynamically propagated route entries). | 200 | |
vpc_quota_dynamic_route_entrys_num | Dynamically propagated routes per table. | 500 | |
vpc_quota_havip_custom_route_entry | Maximum custom routes pointing to HaVip. | 5 | |
vpc_quota_vpn_custom_route_entry | Maximum custom routes pointing to VPN gateway. | 50 | |
None | Tags per route table. | 20 | No. |
vRouters per VPC. | 1 | ||
Routes pointing to TR connection. | 600 |
DHCP options sets
Quota name | Description | Default limit | Adjustable |
None | DHCP options sets per account. | 10 | No. |
VPCs per DHCP options set. | 10 | ||
DHCP options sets per VPC. | 1 | ||
Domain names per DHCP options set. | 1 | ||
DNS server IPs per DHCP options set. | 4 |
Shared VPCs
Quota name | Description | Default limit | Adjustable |
vpc_quota_sharedvpc_share_user_num_per_vpc | vSwitch principals to which a VPC can be shared. | 50 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_sharedvpc_share_user_num_per_vswitch | vSwitch principals to which a vSwitch can be shared. | 50 | |
vpc_quota_sharedvpc_accept_shared_vswitch_num | Shared vSwitches that a vSwitch principal can accept. | 30 |
Flow logs
Quota name | Description | Default limit | Adjustable |
vpc_quota_flowlog_inst_nums_per_user | Flow log instances per account. | 10 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
Network ACLs
Quota name | Description | Default limit | Adjustable |
vpc_quota_nacl_ingress_entry | Inbound rules per network ACL. If IPv6 is enabled for the VPC to which the network ACL belongs, the default number of IPv4 and IPv6 inbound rules that can be created is 20. | 20 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_nacl_egress_entry | Outbound rules per ACL. If IPv6 is enabled for the VPC to which the network ACL belongs, the default number of IPv4 and IPv6 inbound rules that can be created is 20. | 20 | |
nacl_quota_vpc_create_count | Network ACLs per VPC. | 20 |
HaVips
Quota name | Description | Default limit | Adjustable |
None | The network type that supports high-availability virtual IP addresses (HaVips). | VPC | No. |
HaVips per ECS instance. | 5 | ||
EIPs per HaVip. | 1 | ||
ECS instances or ENIs per HaVip. | 10 1. An HaVip can be associated with 10 ECS instances or 10 ENIs at the same time. However, an HaVip cannot be associated with ECS instances and ENIs at the same time. 2. An HaVip has the subnet property. It can be associated only with ECS instances or ENIs that are in the same vSwitch. | ||
Whether HaVips support broadcast and multicast. | No HaVips support only unicast communication. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode to unicast in the configuration file. | ||
HaVips per account. | 50 | ||
HaVips per VPC. | 50 | ||
vpc_quota_havip_custom_route_entry | Entries whose destination is an HaVip in a route table. | 5 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
Traffic mirror
Quota name | Description | Default limit | Adjustable |
trafficmirror_quota_source_num_per_session | Traffic mirror sources per session. | 10 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_traffic_mirror_source_num_per_large_ecs_target | Traffic mirror sources supported by a traffic mirror destination when the destination is an ENI and the ENI is attached to an ECS instance of one of the following instance types. | 200 | |
vpc_quota_traffic_mirror_source_num_per_small_ecs_target | Traffic mirror sources supported by a traffic mirror destination when the destination is an ENI and the ENI is not attached to an ECS instance of one of the following instance types. | 20 | |
vpc_quota_traffic_mirror_rules_num_per_filter | Filter rules per filter. | 20 | |
None | Traffic mirror sessions per account in a region. | 20,000 | No. |
Traffic mirror sessions per traffic mirror source. | 3 | ||
Traffic mirror sources supported by a traffic mirror destination when the destination is a private Classic Load Balancer (CLB) instance. | 500 | ||
Traffic mirror sources supported by a traffic mirror destination when the destination is a Gateway Load Balancer endpoint (GWLBe). | 500 | ||
Filters per account in a region. | 100 | ||
Traffic mirror sessions per filter. | 2,000 |
VPC peering connections
Quota name | Description | Default limit | Adjustable |
vpc_quota_cross_region_peer_num_per_vpc | Inter-region peering connections per VPC. | 20 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_intra_region_peer_num_per_vpc | Intra-region peering connections per VPC. | 10 | |
vpc_quota_peer_num | Peering connections per account in a region. | 20 | |
vpc_quota_peer_cross_border_bandwidth | The maximum cross-border bandwidth. | 1,024 Mbps | |
vpc_quota_peer_cross_region_bandwidth | The maximum inter-region bandwidth. | 1,024 Mbps |
IPv4 gateways
Quota name | Description | Default limit | Adjustable |
None | IPv4 gateways per VPC. | 1 | No. |
Gateway route tables per IPv4 gateway. | 1 |
Prefix lists
Quota name | Description | Default limit | Adjustable |
vpc_quota_prefixlist_num | Prefix lists per account. | 10 | Yes. Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_prefixlist_cidr_num_per_prefixlist | CIDR entries per prefix list. | 50 | |
vpc_quota_prefixlist_accept_shared_prefixlist_num | Shared prefix lists that a principal can accept. | 100 | |
vpc_quota_prefixlist_share_user_num_per_prefixlist | The number of principals to which a prefix list can be shared. | 10 |
IP Address Manager (IPAM)
Quota name | Description | Default limit | Adjustable |
ipam_quota_per_region | IPAMs per user in each region. | 1 | No. |
ipam_scope_quota_per_ipam | IPAM scopes per IPAM. | 5 | |
ipam_pool_quota_depth | The maximum depth of an IPAM pool. | 10 | |
ipam_cidr_quota_per_ipam_pool | CIDRs that can be provisioned in an IPAM pool. | 50 | |
ipam_sub_pool_quota_per_ipam_pool | Sub-pools per IPAM pool. | 50 | |
ipam_pool_quota_per_scope | IPAM pools that can be created in each private IPAM scope. | 500 | |
ipam_resource_discovery_quota_per_region | Resource discoveries per account in a region. | 1 | |
resource_share_quota_per_ipam_resource_discovery | Shared resources created by a resource discovery. | 100 | |
shared_ipam_resource_discovery_quota_per_user | Shared resource discoveries per user. | 100 | |
resource_share_quota_per_ipam_pool | Resource shares per IPAM pool. | 100 | |
shared_ipam_pool_quota_per_user | Shared IPAM pools per user. | 100 | |
ipam_public_ipv6_top_pool_quota_per_region_isp | Public top-level IPv6 IPAM pools each user can create for each ISP type in each region. | 1 | |
ipam_cidr_quota_per_public_ipv6_top_pool | CIDR blocks that each user can provision for public top-level IPv6 IPAM pools in each region. | 1 |
API rate limits
Name | Limit | Adjustable |
API rate limit | View the API rate limits in one of the following ways:
| Go to the Quota Management page or Quota Center to request a quota increase. |
Privilege quotas
The default value for a VPC privilege quota is 0. This means the feature is unavailable by default. You can use the feature only after you are granted the permissions by Alibaba Cloud. The following table lists the privilege quotas for VPC.
Quota name | Description | Adjustable |
Havip_privilege_whitelist | Used to control the whitelist for a newly launched feature (HaVip) during private beta testing. | Go to the Quota Management page or Quota Center to request a quota increase. |