Before you get started with Virtual Private Cloud (VPC), we recommend that you understand the limits and learn how to increase the quota.

Limits on VPCs and vSwitches

Item Default limit Adjustable
Maximum number of VPCs that can be created in each region 10

Go to the Quota Management page to increase the quota. For more information, see Manage resource quotas.

Maximum number of vSwitches that can be created in each VPC 150
Available CIDR blocks for each VPC 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and their subnets To assign a public CIDR block to a VPC, submit a ticket.
Maximum number of secondary IPv4 CIDR blocks that can be created in each VPC 1 N/A
Maximum number of customer CIDR blocks that can be created in each VPC 3
Maximum number of private IP addresses that can be used by cloud resources in each VPC 60,000
Note
  • If an Elastic Compute Service (ECS) instance has only one private IP address, the ECS instance uses only one network address.
  • If an ECS instance is associated with multiple elastic network interfaces (ENIs), or multiple IP addresses are assigned to an ENI, the number of network addresses used by the ECS instance equals the total number of the IP addresses assigned to the ENIs that are associated with the ECS instance.
Maximum number of tags that can be added to each VPC 20
Maximum number of tags that can be added to each vSwitch 20

Limits on vRouters and route tables

Item Default limit Adjustable
Maximum number of vRouters that can be created in each VPC 1 N/A
Maximum number of route tables that can be created in each VPC 9

Go to the Quota Management page to increase the quota. For more information, see Manage resource quotas.

Maximum number of custom route entries that can be created in each route table 200
VPCs that do not support custom route tables VPCs that contain ECS instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Advanced VPC features.

Upgrade or release an Elastic Compute Service (ECS) instance that does not support advanced network features.
Maximum number of tags that can be added to each route table 20

Limits on DHCP options sets

Item Default limit Adjustable
Maximum number of DHCP options sets that can be created with each account 10 N/A
Maximum number of VPCs that can be associated with each DHCP options set 10
Maximum number of DHCP options sets that can be associated with each VPC 1
Maximum number of domain names that can be specified in each DHCP options set 1
Maximum number of DNS server IP addresses that can be specified in each DHCP options set 4
VPCs that cannot be associated with DHCP options sets VPCs that contain ECS instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Advanced VPC features.

Upgrade or release an Elastic Compute Service (ECS) instance that does not support advanced network features.

Limits on shared VPCs

Item Default limit Adjustable
Maximum number of resource users supported by each VPC 20 N/A
Maximum number of resource users supported by each vSwitch in a VPC 20
Maximum number of vSwitches that can be shared with each resource user 10
Maximum number of IP addresses that each VPC can use Shared by the resource owner and resource users
Types of vSwitches that can be shared Non-default vSwitches
Cloud resources that can be created in a shared vSwitch
  • ECS instances
  • Server Load Balancer (SLB) instances
  • ApsaraDB for RDS instances
  • Terway
  • ApsaraDB for MongoDB instances
  • ApsaraDB for Redis instances
  • Message Queue for Apache Kafka instances
  • Elastic Search
  • Container Registry instances
  • PolarDB for MySQL clusters
Limits on security groups in a shared VPC
  • A resource user cannot create resources in security groups that belong to other resource users or the resource owner. The security groups include the default security group.
  • The resource owner cannot create resources in security groups that belong to resource users

Limits on flow logs

Item Default limit Adjustable
Maximum number of flow logs that can be created in each region 10 N/A
ECS instance families that do not support flow logs
  • When you enable flow logs for a VPC or a vSwitch, ECS instances in the VPC or vSwitch do not support flow logs if they belong to the following instance families. Other ECS instances that meet the requirement support flow logs.
  • ENIs that are associated with ECS instances of the following instance families do not support flow logs.

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

Upgrade or release an ECS instance.

Limits on network access control lists (ACLs)

Item Default limit Adjustable
Maximum number of network ACLs that can be created in each VPC 200 N/A
Maximum number of network ACLs that can be associated with a vSwitch 1
Maximum number of rules that can be added to a network ACL
  • Inbound rules: 20
  • Outbound rules: 20

Go to the Quota Management page to increase the quota. For more information, see Manage resource quotas.

VPCs that do not support network ACLs VPCs that contain ECS instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Advanced VPC features.

Upgrade or release an Elastic Compute Service (ECS) instance that does not support advanced network features.
Note If the VPC contains one of the specified ECS instance families and the network ACL feature is enabled, you must upgrade or release the ECS instance for the network ACL to function as expected.

Limits on high-availability IP addresses (HAVIPs)

Item Default limit Adjustable
Network types that support HAVIPs VPCs N/A
Maximum number of HAVIPs that can be associated with each ECS instance 5
Maximum number of ECS instances or ENIs that can be associated with each HAVIP 2
Whether HAVIPs support broadcasting or multicasting Not supported
Note HAVIPs support only unicasting. To implement high availability through third-party software such as keepalived, you must modify the configuration file to change the communication method to unicasting.
Maximum number of HAVIPs that can be created with each account 5

Go to the Quota Management page to increase the quota. For more information, see Manage resource quotas.

Maximum number of HAVIPs that can be created in each VPC 5
Maximum number of route entries that point to an HAVIP in each VPC 5

Limits on traffic mirroring

Item Limit Quota increase
The number of traffic mirror sessions supported by each region within each Alibaba Cloud account 20000 N/A
The number of traffic mirror sessions supported by each traffic mirror source 1
The number of traffic mirror sources that can be specified in each traffic mirror session 1
The number of traffic mirror destinations that can be specified by each account Unlimited
The number of traffic mirror sessions supported by each traffic mirror destination
  • 200 (if the traffic mirror destination is an internal-facing SLB instance)
  • 10 (if the traffic mirror destination is an ENI)
The number of rules that can be specified in each filter 10
The number of traffic mirror sessions that can be associated with each filter 1000