All Products
Search
Document Center

VPN Gateway:IPsec-VPN quotas

Last Updated:Dec 12, 2024

Alibaba Cloud sets default quotas on the cloud resources and API operations for each Alibaba Cloud account. This topic describes the quota items related to IPsec-VPN connections and the default values of the quotas. This topic also describes whether the quotas are adjustable.

Overview

Quotas are set on a per-region or per-account basis. Quotas are categorized into the following types:

  • General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.

  • API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as queries per second (QPS) limits.

  • Privileges: the permissions that are granted to an Alibaba Cloud account to use advanced features.

VPN Gateway is subject to general quotas and API rate limits. You can also apply for increases on some of the quotas. You can log on to the Quota Center console or VPC console to view quotas or request a quota increase. For more information about how to manage IPsec-VPN quotas, see Manage VPN Gateway quotas.

General quotas

The following table describes the general quotas of IPsec-VPN connections.

Note

The default values of quotas provided in this topic are for reference only. The default values of quotas in the console prevail.

General quotas of VPN gateways

Quota name

Description

Default quota value

Adjustable

vpn_quota_instances_num

Maximum number of VPN gateways that you can create within each Alibaba Cloud account

30

Note

This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs.

For example, for each Alibaba Cloud account:

  • You can create up to 30 VPN gateways for one VPC in one region.

  • You can create a total of up to 30 VPN gateways for multiple VPCs in multiple regions.

Yes

N/A

Maximum bandwidth supported by a VPN gateway

1000 Mbps

Note

The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information about the regions, see the Limits section of the "Create and manage a VPN gateway" topic.

No

You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic.

N/A

Maximum number of packets that can be transmitted by a VPN gateway per second

120,000 (256 bytes per packet)

Note

If a VPN gateway has multiple IPsec-VPN connections, the sum of inbound and outbound packets transmitted through these connections per second must not exceed 120,000. Each packet is 256 bytes in size.

No

N/A

Maximum number of connections supported by a VPN gateway

200,000

Note

A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols.

No

N/A

Maximum number of routes supported by the BGP route table of a VPN gateway

50

Submit a ticket or contact your account manager.

The maximum quota is 200.

vpn_pbr_route_entry_quota

Maximum number of policy-based routes supported by each VPN gateway

20

Yes

vpn_route_entry_quota

Maximum number of destination-based routes supported by each VPN gateway

30

Yes

Quotas of customer gateways

Quota name

Description

Default quota value

Adjustable

N/A

Maximum number of customer gateways that you can create in each region

150

No

IPsec-VPN

Quota name

Description

Default quota value

Adjustable

vpn_quota_ipsec_connetcions_num

Maximum number of IPsec-VPN connections that you can create on each VPN gateway

10

Yes

N/A

Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection

5

No

N/A

Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection

5

N/A

Maximum number of transit routers that can be associated with an IPsec-VPN connection

1

N/A

The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router

  • In single-tunnel mode, an IPsec-VPN connection supports up to 1,000 Mbit/s.

  • In dual-tunnel mode, an IPsec-VPN connection supports up[ to 2,000 Mbit/s. Each tunnel supports up to 1,000 Mbit/s.

No

You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. in which the RDS instance resides.

N/A

Total number of inbound and outbound packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router

  • In single-tunnel mode, the total number of inbound and outbound packets that can be transmitted through an IPsec-VPN connection per second is 120,000. Each packet is 256 bytes in size.

  • In dual-tunnel mode, the total number of inbound and outbound packets that can be transmitted through a tunnel per second is 120,000. Each packet is 256 bytes in size.

No

N/A

Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router

200,000

null

A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols.

N/A

Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router

16

API rate limits

The following table describes the API rate limits of VPN Gateway.

API

Version

Default value

Description

Adjustable

CreateVpnConnection

2016-04-28

120/60(s)

Maximum number of times that each Alibaba Cloud account can call the CreateVpnConnection operation per minute

No

CreateVpnGateway

2016-04-28

60/60(s)

Maximum number of times that each Alibaba Cloud account can call the CreateVpnGateway operation per minute

No

CreateVpnPbrRouteEntry

2016-04-28

20/60(s)

Maximum number of times that each Alibaba Cloud account can call the CreateVpnPbrRouteEntry operation per minute

No

CreateVpnRouteEntry

2016-04-28

10/60(s)

Maximum number of times that each Alibaba Cloud account can call the CreateVpnRouteEntry operation per minute

No

DescribeVpnGateways

2016-04-28

120/60(s)

Maximum number of times that each Alibaba Cloud account can call the DescribeVpnGateways operation per minute

No