Alibaba Cloud sets default quotas on the cloud resources and API operations for each Alibaba Cloud account. This topic describes the quotas related to the SSL-VPN feature and the default values of the quotas. It also describes whether the quotas can be increased.
Overview
Quotas are set on a per-region or per-account basis. Quotas are categorized into the following types:
General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.
API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as queries per second (QPS) limits.
Privileges: the permissions that are granted to an Alibaba Cloud account to use advanced features.
VPN Gateway is subject to general quotas and API rate limits. You can apply for increases on specific quotas. You can log on to the Quota Center console or VPC console to view quotas or request a quota increase. For more information about how to manage SSL-VPN quotas, see Manage SSL-VPN quotas.
General quotas
The following table describes the general quotas for the SSL-VPN feature.
The default values of quotas provided in this topic are for reference only. The default values of quotas in the console prevail.
General quotas for VPN gateways
Item | Description | Default value | Adjustable |
vpn_quota_instances_num | Maximum number of VPN gateways that you can create within your Alibaba Cloud account | 30 Note This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs. For example, for each Alibaba Cloud account:
| |
N/A | Maximum bandwidth supported by a VPN gateway | 1,000 Mbit/s Note The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information about the regions, see Create and manage a VPN gateway. | No |
N/A | Maximum number of packets that can be transmitted by a VPN gateway per second | 120,000 (256 bytes per packet) | No |
N/A | Maximum number of connections supported by a VPN gateway | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | No |
General quotas for SSL-VPN connections
Item | Description | Default value | Adjustable |
vpn_quota_ssl_cert_num | Maximum number of SSL client certificates that you can create within your Alibaba Cloud account | 50 | |
N/A | Maximum number of SSL servers that can be associated with each VPN gateway | 1 | No |
N/A | Maximum number of local CIDR blocks that can be added to each SSL server | 5 | |
N/A | Maximum number of peer CIDR blocks that can be added to each SSL server | 1 | |
N/A | Validity period of an SSL client certificate | Three years |
General quotas for IPsec servers
Item | Description | Default value | Adjustable |
N/A | Maximum number of IPsec servers that you can create on a VPN gateway | 1 | No |
N/A | Maximum number of clients supported by an IPsec server | 50 |
API rate limits
The following table describes the API rate limits of VPN Gateway.
API | Version | Default value | Description | Adjustable |
CreateSslVpnClientCert | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateSslVpnClientCert operation per minute | No |
CreateSslVpnServer | 2016-04-28 | 100/3600(s) | Maximum number of times that each Alibaba Cloud account can call the CreateSslVpnServer operation per hour | No |
CreateVpnGateway | 2016-04-28 | 60/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnGateway operation per minute | No |
DescribeSslVpnClientCerts | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the DescribeSslVpnClientCerts operation per minute | No |
DescribeVpnGateways | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the DescribeVpnGateways operation per minute | No |