Before you use a virtual private cloud (VPC), note the following limits.

Limits on VPCs and VSwitches

Item Default limit Quota increase
Number of VPCs that can be created in each region 10

Go to the Quota Management page and request a quota increase. For more information, see Quota management.

Number of VSwitches that can be created in each VPC 24
Available CIDR blocks for each VPC 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, and their subnets To use a public CIDR block as the VPC CIDR block,submit a ticket.
Number of secondary IPv4 CIDR blocks that can be created in each VPC 1 N/A
Number of user CIDR blocks that can be created in each VPC 3
Number of private IP addresses that can be used by cloud resources in each VPC 60,000
Note
  • If an Elastic Compute Service (ECS) instance has only one private IP address, the ECS instance must use the IP address for communication.
  • If an ECS instance is associated with one or more elastic network interfaces (ENIs), or the ENI of the ECS instance is assigned multiple IP addresses, the number of IP addresses that the ECS instance can use equals the total number of IP addresses assigned to the ENIs.
Number of tags that can be attached to each VPC 20
Number of tags that can be attached to each VSwitch 20

Limits on VRouters and route tables

Item Default limit Quota increase
Number of VRouters that can be created in each VPC 1 N/A
Number of custom route tables that can be created in each VPC 9
Note Custom route tables are supported in all regions except China (Beijing), China (Shenzhen), and China (Hangzhou).

Go to the Quota Management page and request a quota increase. For more information, see Quota management.

Number of custom route entries that can be created in each route table 48
VPCs that do not support custom route tables VPCs that contain ECS instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Overview of VPC advanced features.

N/A
Number of tags that can be attached to each route table 20

Limits on shared VPC

Item Default limit Quota increase
Number of participants supported by each VPC 20 N/A
Number of participants supported by each VSwitch in a VPC 20
Number of VSwitches that can be shared with each participant 10
Number of IP addresses that each VPC can use Shared by the resource owner and participants
Types of VSwitches that can be shared Non-default VSwitches
Regions that support shared VPCs
  • Singapore (Singapore)
  • China (Zhangjiakou-Beijing Winter Olympics)
  • China (Hangzhou)
  • China (Shanghai)
Cloud resources that can be created in a shared VSwitch
  • ECS instances
  • SLB instances
  • RDS instances
Limits on security groups in a shared VPC
  • A participant cannot create resources with security groups that belong to other participants or the resource owner, including the default security group
  • The resource owner cannot create resources with security groups that belong to participants

Limits on flow logs

Item Default limit Quota increase
Number of flow logs that can be created in each region 10 N/A
VPCs that do not support flow logs VPCs that contain instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

Upgrade or release an Elastic Compute Service (ECS) instance that does not support advanced network features.
Note If the VPC to which a VSwitch or ENI belongs contains one of the specified instance families and the flow logs feature is enabled, you must upgrade or release the instance for flow logs to work as expected. For more information, see Overview of VPC advanced features.
VSwitches that do not support flow logs VPCs to which VSwitches belong contain instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

ENIs that do not support flow logs VPCs to which ENIs belong contain instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

Limits on network access control lists (ACLs)

Item Default limit Quota increase
Number of network ACLs that can be created in each VPC 200 N/A
Number of network ACLs that can be associated with each VSwitch 1
Number of rules that can be added to a network ACL
  • Inbound rules: 20
  • Outbound rules: 20

Go to the Quota Management page and request a quota increase. For more information, see Quota management.

VPCs that do not support network ACLs VPCs that contain instances of the following instance families:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Overview of VPC advanced features.

Upgrade or release an Elastic Compute Service (ECS) instance that does not support advanced network features.
Note If the VPC contains one of the specified ECS instance families and the network ACL feature is enabled, you must upgrade or release the ECS instance for the network ACL to work as expected.

Limits on high-availability virtual IP addresses (HAVIPs)

Item Default limit Quota increase
Network types that support HAVIPs VPCs N/A
Number of HAVIPs that can be created under each account 5
Number of HAVIPs that can be created in each VPC 5
Number of HAVIPs that can be associated with each ECS instance 5
Number of ECS instances that can be associated with each HAVIP 2
Number of route entries destined for an HAVIP in each VPC 5
Whether HAVIPs support broadcast or multicast communication N/A
Note HAVIPs support only unicast. To implement high availability through third-party software such keepalived, you must modify the configuration file to change the communication method to unicast.