All Products
Search

This Product

    Virtual Private Cloud:Limits and quotas

    Document Center

    Virtual Private Cloud:Limits and quotas

    Last Updated:Nov 11, 2024

    Alibaba Cloud sets default quotas on the cloud resources and API operations for each Alibaba Cloud account (primary account). This topic describes the quota items, the default values of virtual private clouds (VPCs), and whether the quotas are adjustable.

    Quotas are set on a per-region or per-account basis and are categorized into the following types:

    • General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.

    • API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as QPS limits.

    • Privileges: the permissions to use advanced features. Privileges are granted by Alibaba Cloud to an account.

    You can view and manage quotas in the Alibaba Cloud Quota Center or the VPC console. For more information about how to manage quotas, see Manage VPC quotas.

    General quotas

    The following table lists the general quotas of VPCs.

    Quotas of VPCs and vSwitches

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_instances_num

    Note

    vpc_quota_instances_num_${RegionId} takes precedence over vpc_quota_instances_num

    Maximum number of VPCs that can be created in each region

    10

    You can increase the quota by performing the following operations:

    vpc_quota_instances_num_${RegionId}

    Note

    ${RegionId} is a regional variable that represents the name of the quota specific to each region.

    Maximum number of VPCs that can be created in a specified region

    10

    You can increase the quota by performing the following operations:

    vpc_quota_vswitches_num

    Maximum number of vSwitches that can be created in each VPC

    150

    You can increase the quota by performing the following operations:

    vpc_quota_secondary_cidr_num

    Maximum number of secondary IPv4 CIDR blocks that can be created in each VPC

    5

    You can increase the quota by performing the following operations:

    N/A

    Available CIDR blocks for each VPC

    • We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets.

    • You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets.

    N/A

    Maximum number of secondary IPv6 CIDR blocks that can be created in each VPC

    5

    Maximum number of customer CIDR blocks that can be created in each VPC

    3

    Maximum number of private IP addresses that can be used by cloud resources in each VPC

    300,000

    Note

    • If an Elastic Compute Service (ECS) instance has only one private IP address, it uses only one network address.

    • If an ECS instance is associated with multiple elastic network interfaces (ENIs), or multiple IP addresses are assigned to an ENI of an ECS instance, the number of network addresses used by the ECS instance equals the total number of IP addresses assigned to the ENIs associated with the ECS instance.

    Maximum number of tags that can be added to each VPC

    20

    Maximum number of tags that can be added to each vSwitch

    20

    Quotas of routers and route tables

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_route_tables_num

    Maximum number of custom route tables that can be created in each VPC

    9

    You can increase the quota by performing the following operations:

    vpc_quota_route_entrys_num

    Maximum number of custom routes that can be created in each route table (excluding dynamic routes)

    200

    vpc_quota_dynamic_route_entrys_num

    Maximum number of dynamic routes in each route table

    500

    vpc_quota_havip_custom_route_entry

    Maximum number of custom routes that point to a high-availability virtual IP address (HAVIP)

    5

    vpc_quota_vpn_custom_route_entry

    Maximum number of custom routes in a VPC that point to a VPN gateway

    50

    N/A

    Maximum number of tags that can be added to each route table

    20

    N/A

    Maximum number of vRouters that can be created in each VPC

    1

    Maximum number of routes that can point to a transit router supported by each VPC

    600

    Quotas of DHCP options sets

    Name/ID

    Description

    Default value

    Adjustable

    N/A

    Maximum number of DHCP options sets that can be created by each account

    10

    N/A

    Maximum number of VPCs that can be associated with each DHCP options set

    10

    Maximum number of DHCP options sets that can be associated with each VPC

    1

    Maximum number of domain names that can be specified in each DHCP options set

    1

    Maximum number of DNS server IP addresses that can be specified in each DHCP options set

    4

    Quotas of VPC sharing

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_sharedvpc_share_user_num_per_vpc

    Maximum number of principals supported by each VPC

    50

    You can increase the quota by performing the following operations:

    vpc_quota_sharedvpc_share_user_num_per_vswitch

    Maximum number of principals supported by each vSwitch in a VPC

    50

    vpc_quota_sharedvpc_accept_shared_vswitch_num

    Maximum number of vSwitches that can be shared with each principal

    30

    N/A

    Maximum number of IP addresses that each VPC can use

    Maximum number of IP addresses that the resource owner and principals can use in each VPC

    N/A

    Types of cloud resources that can be created in a shared vSwitch

    • ECS instance

    • SLB instance

    • RDS instance

    • Terway component

    • ApsaraDB for MongoDB instance

    • ApsaraDB for Redis instance

    • Message Queue for Apache Kafka instance

    • Elasticsearch

    • Container Registry instance

    • PolarDB for MySQL cluster

    • ApsaraMQ for RocketMQ instance

    • Microservices Engine

    N/A

    Limits on security groups in a shared VPC

    • A principal cannot create resources in security groups that belong to other principals or the resource owner. This includes the default security group.

    • The resource owner cannot create resources in security groups that belong to principals.

    Types of vSwitches that can be shared

    Non-default vSwitches

    Quotas of flow logs

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_flowlog_inst_nums_per_user

    Maximum number of flow logs that can be created by each account

    10

    You can increase the quota by performing the following operations:

    Quotas of network ACLs

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_nacl_ingress_entry

    Maximum number of inbound rules that can be added to a network access control list (ACL)

    20

    You can increase the quota by performing the following operations:

    vpc_quota_nacl_egress_entry

    Maximum number of outbound rules that can be added to a network ACL

    20

    nacl_quota_vpc_create_count

    Maximum number of network ACLs that can be created in each VPC

    20

    Quotas of HAVIPs

    Name/ID

    Description

    Default value

    Adjustable

    N/A

    Network types that support HAVIPs

    VPC

    N/A

    Maximum number of HAVIPs that can be associated with each ECS instance

    5

    Maximum number of EIPs that can be associated with each HAVIP

    1

    Maximum number of ECS instances or ENIs that can be associated with each HAVIP

    10

    Note

    • Each HAVIP can be associated with up to 10 ECS instances or 10 ENIs. However, you cannot associate an HAVIP with an ECS instance and an ENI at the same time.

    • HAVIPs can be associated with ECS instances or ENIs in the same vSwitch.

    Whether HAVIPs support broadcasting or multicasting

    N/A

    Note

    HAVIPs only support unicast. If using third-party software like Keepalived for high availability, change the communication mode to unicast in the configuration file.

    Maximum number of HAVIPs that can be created with each Alibaba Cloud account

    50

    Maximum number of HAVIPs that can be created in each VPC

    50

    vpc_quota_havip_custom_route_entry

    Maximum number of route entries that point to an HAVIP in each VPC

    5

    You can increase the quota by performing the following operations:

    Quotas of traffic mirroring

    Name/ID

    Description

    Default value

    Adjustable

    trafficmirror_quota_source_num_per_session

    Maximum number of traffic mirror sources that can be specified in each traffic mirror session

    10

    You can increase the quota by performing the following operations:

    N/A

    Maximum number of traffic mirror sessions that you can create in each region with each Alibaba Cloud account

    20,000

    N/A

    Maximum number of traffic mirror sessions supported by each traffic mirror source

    3

    Maximum number of traffic mirror destinations that can be specified by each Alibaba Cloud account

    Unlimited

    Maximum number of traffic mirror sources that can use each traffic mirror destination

    • If the traffic mirror destination is an internal-facing Classic Load Balancer (CLB) instance, it can be used by at most 200 traffic mirror sources.

    • If the traffic mirror destination is an ENI and the ENI is associated with an ECS instance of the following instance families, the ECS instance can be used by at most 100 traffic mirror sources. If the associated ECS instance does not belong to the following instance families, the ECS instance can be used by at most 10 traffic mirror sources.

      Instance family

      ecs.ebmc7.32xlarge, ecs.ebmg7.32xlarge, ecs.ebmr7.32xlarge, ecs.ebmhfg7.48xlarge, ecs.ebmhfc7.48xlarge, ecs.ebmhfr7.48xlarge, ecs.ebmc7a.64xlarge, ecs.ebmg7a.64xlarge, ecs.ebmg7se.32xlarge, ecs.ebmg6a.64xlarge, ecs.ebmg6e.26xlarge, ecs.ebmc6a.64xlarge, ecs.ebmc6e.26xlarge, ecs.ebmr7a.64xlarge, ecs.ebmr6a.64xlarge, ecs.ebmr6e.26xlarge, ecs.c8i.48xlarge, ecs.g8i.48xlarge, ecs.c7nex.32xlarge, ecs.g7nex.32xlarge,

      ecs.g7ne.24xlarge, ecs.c7.32xlarge, ecs.g7.32xlarge, ecs.r7.32xlarge, ecs.r6e.26xlarge,

      ecs.g7t.32xlarge, ecs.g6t.26xlarge, ecs.g6e.26xlarge, ecs.c7t.32xlarge, ecs.c6t.26xlarge, ecs.c6e.26xlarge, ecs.g5ne.18xlarge, and ecs.r7t.32xlarge

    Maximum number of rules that can be specified in each filter

    10

    Maximum number of traffic mirror sessions that can be associated with each filter

    2,000

    Quotas of VPC peering connections

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_cross_region_peer_num_per_vpc

    Maximum number of inter-region VPC peering connections for each VPC

    20

    You can increase the quota by performing the following operations:

    vpc_quota_intra_region_peer_num_per_vpc

    Maximum number of intra-region VPC peering connections for each VPC

    10

    vpc_quota_peer_num

    Maximum number of VPC peering connections that can be created by each account in each region

    20

    vpc_quota_peer_cross_border_bandwidth

    Maximum bandwidth for cross-border VPC peering connections

    1024 Mbps

    vpc_quota_peer_cross_region_bandwidth

    Maximum bandwidth for inter-region VPC peering connections

    1024 Mbps

    N/A

    Default maximum bandwidth for intra-region connections

    -1 Mbps, which indicates unlimited bandwidth

    N/A

    Quotas of IPv4 gateways

    Name/ID

    Description

    Default value

    Adjustable

    N/A

    Maximum number of IPv4 gateways allowed for each VPC

    1

    N/A

    Maximum number of gateway route tables for each IPv4 gateway

    1

    Quotas of prefix lists

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_prefixlist_num

    Maximum number of prefix lists that can be created by an Alibaba Cloud account

    10

    You can increase the quota by performing the following operations:

    vpc_quota_prefixlist_cidr_num_per_prefixlist

    Maximum number of CIDR blocks each prefix list can contain

    50

    vpc_quota_prefixlist_accept_shared_prefixlist_num

    Maximum number of prefix lists that can be shared with each principal

    100

    vpc_quota_prefixlist_share_user_num_per_prefixlist

    Maximum number of principals with which a prefix list can be shared

    10

    N/A

    Maximum number of associations for each prefix list

    Unlimited

    N/A

    Quotas of IP address manager (IPAM)

    Name/ID

    Description

    Default value

    ipam_quota_per_region

    Maximum number of IPAMs that each user can create in each region

    1

    ipam_scope_quota_per_ipam

    Maximum number of scopes allowed in each IPAM

    5

    ipam_pool_quota_depth

    Maximum depth for each IPAM pool

    10

    ipam_cidr_quota_per_ipam_pool

    Maximum number of CIDR blocks in each IPAM pool

    50

    ipam_sub_pool_quota_per_ipam_pool

    Maximum number of subpools in each IPAM pool

    50

    ipam_pool_quota_per_scope

    Maximum number of address pools in each IPAM scope

    500

    ipam_resource_discovery_quota_per_region

    Maximum number of resource discoveries for each account in a region

    1

    resource_share_quota_per_ipam_pool

    Maximum number of resources that can be shared from each IPAM pool

    100

    shared_ipam_pool_quota_per_user

    Maximum number of IPAM pools that can be shared with each user

    100

    API rate limits

    Item

    Limit

    Adjustable

    API rate limit

    You can use one of the following methods to view the API rate limits:

    N/A

    Privileges

    When the default value of a privilege is 0, the corresponding advanced feature is unavailable. You must apply for the privilege before you can use the feature. The following table describes the privileges of VPC.

    Name/ID

    Description

    Adjustable

    havip privilege whitelist

    Allows users to access the HAVIP feature that is in beta testing

    You can increase the quota by performing the following operations: