Alibaba Cloud sets default quotas on the cloud resources and API operations for each Alibaba Cloud account. This topic describes the quota items related to IPsec-VPN connections and the default values of the quotas. This topic also describes whether the quotas are adjustable.
Overview
Quotas are set on a per-region or per-account basis. Quotas are categorized into the following types:
General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.
API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as queries per second (QPS) limits.
Privileges: the permissions that are granted to an Alibaba Cloud account to use advanced features.
VPN Gateway is subject to general quotas and API rate limits. You can also apply for increases on some of the quotas. You can log on to the Quota Center console or VPC console to view quotas or request a quota increase. For more information about how to manage IPsec-VPN quotas, see Manage VPN Gateway quotas.
General quotas
The following table describes the general quotas of IPsec-VPN connections.
The default values of quotas provided in this topic are for reference only. The default values of quotas in the console prevail.
General quotas of VPN gateways
Quota name | Description | Default quota value | Adjustable |
vpn_quota_instances_num | Maximum number of VPN gateways that you can create within each Alibaba Cloud account | 30 Note This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs. For example, for each Alibaba Cloud account:
| |
N/A | Maximum bandwidth supported by a VPN gateway | 1000 Mbit/s Note The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information about the regions, see the Limits section of the "Create and manage a VPN gateway" topic. | No You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
N/A | Maximum number of packets that each VPN gateway can transmit per second | 120,000 (256 bytes per packet) | No |
N/A | Maximum number of connections supported by a VPN gateway | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | No |
N/A | Maximum number of routes supported by the BGP route table of a VPN gateway | 50 | Submit a ticket or contact your account manager. The maximum quota is 200. |
vpn_pbr_route_entry_quota | Maximum number of policy-based routes supported by each VPN gateway | 20 | |
vpn_route_entry_quota | Maximum number of destination-based routes supported by each VPN gateway | 30 |
Quotas of customer gateways
Quota name | Description | Default quota value | Adjustable |
N/A | Maximum number of customer gateways that you can create in each region | 150 | No |
Quotas of IPsec-VPN connections
Quota name | Description | Default quota value | Adjustable |
vpn_quota_ipsec_connetcions_num | Maximum number of IPsec-VPN connections that you can create on each VPN gateway | 10 | |
N/A | Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection | 5 | No |
N/A | Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection | 5 | |
N/A | Maximum number of transit routers that can be associated with an IPsec-VPN connection | 1 | |
N/A | The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router | 1000 Gbit/s | No You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
N/A | Maximum number of packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router | 120,000 (256 bytes per packet) | No |
N/A | Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router | 200,000 null A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | |
N/A | Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router | 16 |
API rate limit
The following table describes the API rate limits of VPN Gateway.
API | Version | Default value | Description | Adjustable |
CreateVpnConnection | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnConnection operation per minute | No |
CreateVpnGateway | 2016-04-28 | 60/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnGateway operation per minute | No |
CreateVpnPbrRouteEntry | 2016-04-28 | 20/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnPbrRouteEntry operation per minute | No |
CreateVpnRouteEntry | 2016-04-28 | 10/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnRouteEntry operation per minute | No |
DescribeVpnGateways | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the DescribeVpnGateways operation per minute | No |