This topic describes the limits of Express Connect. Before you use Express Connect, take note of the following limits.
|The number of physical connections that can be established to an access point under each account||2|
|The number of virtual border routers (VBRs) that can be created for each physical connection||7||Submit a ticket|
|The number of Border Gateway Protocol (BGP) routes supported by each VBR||110|
|The number of idle VBRs without interfaces supported by each account||5||N/A|
|The number of VBRs that you can create for a physical connection under each account||5||Submit a ticket
In low-bandwidth scenarios, you can create up to five VBRs for a physical connection under each account free of charge. You are charged for the VBRs that exceed the free quota.
|The number of VBRs that you can create for other accounts with your account.||2||Submit a ticket
In low-bandwidth scenarios, you can use your current account to create up to two VBRs for other accounts free of charge. You are charged for the VBRs that exceed the free quota.
|The number of routes that can be added to each VBR||48|
|The number of BGP routes that can be advertised to each VBR||1|
|We recommend that you use private IP addresses for the connection between a data center and an Alibaba Cloud network. CIDR blocks that are used for the connection must not conflict with each other.|
|If you use two physical connections to connect a data center to a VPC, you must configure source IP addresses and destination IP addresses for health checks. After you configure health checks for the physical connections, the system checks the status of both physical connections. When the active physical connection is down, the system distributes network traffic to the standby physical connection.|
|By default, in regions within mainland China, VBRs are not applied to cross-account scenarios. The account that is used to create a physical connection and the account that uses the physical connection must belong to the same enterprise. If you have a cross-account requirement, submit a ticket with the account that is used to create the physical connection and apply for temporary permissions. In addition, if the owner of the account that is used to create the physical connection owns the required licenses, the owner can contact the product manager and apply for permissions to use VBRs in a cross-account scenario. The required licenses must be issued by the Ministry of Industry and Information Technology (MIIT) to allow the owner to provide A26 domestic communications facilities services and A14 Internet data transmission services.|
|By default, in regions outside mainland China, VBRs are not applied to cross-account scenarios. If you have a cross-account requirement, submit a ticket with the account that is used to create the physical connection and apply for temporary permissions.|
|If you want to attach a VBR to a Cloud Enterprise Network (CEN) instance, the VBR and the CEN instance must belong to the same account. Similarly, if you want to create a physical connection to connect a data center to a VPC, the VBR that you create for the physical connection and the VPC must belong to the same account. In addition, the account that is used to create the physical connection and the account that uses the physical connection must belong to the same enterprise. If you have a cross-account requirement, submit a ticket with the account that is used to create the physical connection and apply for temporary permissions.|
Limits on communication on Alibaba Cloud
The bandwidth of the communication between a VPC and a data center may be limited when you use or a physical connection. In addition, the communication between a VPC and a data center has the following limits:
- The maximum read/write speed for Object Storage Service (OSS) is 5 Gbit/s.
- To improve reliability, the speed of a hash-based traffic flow from a VPC to a VBR
on Alibaba Cloud is limited to 1/12, 1/4, 1/8, or 1/16 of the bandwidth that is allocated for the physical connection. The bandwidth that is allocated for each physical connection varies based on the
maximum bandwidth specifications provided by Express Connect. For example, if the
specification of maximum bandwidth from the VBR to the VPC is set to large1, bandwidth
of 1 Gbit/s is allocated for the connection between the VPC and VBR. In this case,
the maximum bandwidth of a hash-based traffic flow is 85 Mbit/s.
A hash-based traffic flow is a data stream that is defined by the combination of the source IP address, source port, transport layer protocol, destination IP address, and destination port. For example,
192.168.1.1 10000 TCP 220.127.116.11 80forms a hash-based traffic flow. In this traffic flow, a terminal that is assigned the IP address 192.168.1.1 and port 10000 is connected to a terminal that is assigned the IP address 18.104.22.168 and port 80 over Transmission Control Protocol (TCP).
Limits on access points
Before you connect a data center to Alibaba Cloud through a physical connection, you must specify access points for the physical connection. The access points have the following limits:
- Each region provides different locations for access points. The network latency between two access points that are located in the zones of the same region is less than five milliseconds.
- If you want to minimize the network latency, you can submit a ticket for information about the closest access point to your cloud servers.
Limits on physical connections
Physical connections have the following limits:
- Before you use Express Connect, you must properly specify CIDR blocks of the VPC and the data center that you want to connect. Make sure that the CIDR blocks of the VPC and the gateway in the data center do not overlap with each other.
- Cloud services in VPCs use the 100.64.0.0/10 CIDR block. Therefore, data centers that are connected to VPCs through physical connections must not use the 100.64.0.0/10 CIDR block.
- 1 Gbit/s and 10 Gbit/s ports are provided for access points of Alibaba Cloud. In addition, Alibaba Cloud provides optical modules that support 10 km transmission. To use 40 Gbit/s and 100 Gbit/s ports, or optical modules that support a longer transmission distance, make a purchase from a third party.
Limits on leased line installation in data centers of Alibaba Cloud
If you want to install a leased line in a data center of Alibaba Cloud, take note of the following limits:
- The company in charge of the installation must follow the construction rules stipulated by the data center provider and Alibaba Cloud engineers. The company that violates these rules is not allowed to install leased lines in the data center.
- When you purchase optical ports, make sure that the service provider connects an optical fiber to the port of Alibaba Cloud.
- If you purchase electrical ports, make sure that the service provider connects an electrical cable to the port of Alibaba Cloud.
- Alibaba Cloud data centers do not support fiber optical transceivers. The company in charge of the installation cannot install any fiber optical transceivers in data centers of Alibaba Cloud.
- The leased line installation schedule is subject to data center lockdowns required by local authorities and Alibaba Cloud. When the data center is locked down, you can contact your product manager from Alibaba Cloud.
- Data centers where Alibaba Cloud access points are located are rent from telecom service providers. Therefore, you may be charged by a telecom service provider for installing the leased line in their building and using their cable resources.
Limits on standby physical connections
Standby physical connections have the following limits:
- Alibaba Cloud guarantees service availability for physical connections only when the physical connections are connected to different access points. If multiple physical connections share the same access point or only one physical connection is established, service availability is not guaranteed.
- To use two physical connections to connect your data center to Alibaba Cloud, we recommend that you configure health checks to avoid business disruption. After you configure health checks for the physical connections, traffic is switched to the standby physical connection when the active physical connection is down.
Limits on shared physical connections
You can also use a leased line deployed by an Alibaba Cloud partner to establish a shared physical connection. Shared physical connections have the following limits:
- You cannot adjust port configurations when you use a shared physical connection.
- Equal-cost multi-path (ECMP) is not supported.
Time spans for leased line construction
The following table describes the time that Alibaba Cloud requires to install a leased line.
|Review of the application to enter an Alibaba Cloud data center and perform site surveys for leased line installation||Two business days|
|Review of the application for a Letter of Authorization (LOA)||Two business days|
|Fiber pigtail installation||If Alibaba Cloud provides optical modules:
If the customer provides optical modules:
|Review of the application to enter an Alibaba Cloud data center to maintain a leased line||Two business days|
Limits on peering connections
- If multiple VBRs are connected to a VPC, the VBRs cannot communicate with each other through the VPC.
- If multiple VPCs are connected to a VBR, the VPCs cannot communicate with each other through the VBR.