All Products
Search
Document Center

Express Connect:Limits

Last Updated:Dec 29, 2023

This topic describes the limits of Express Connect that you must take note of before you get started.

Limits on resources

Item

Default limit

Adjustment

The maximum number of allowed prefixes that each virtual border router (VBR) can advertise

20

You can increase the quota by performing the following operations:

For more information about how to request a quota increase, see the Adjust quotas section of the "Manage Express Connect quotas" topic.

The maximum number of Express Connect circuits that can be connected to an access point with each Alibaba Cloud account

2

You can increase the quota by performing the following operations:

For more information about how to request a quota increase, see the Adjust quotas section of the "Manage Express Connect quotas" topic.

The maximum number of routes that each Border Gateway Protocol (BGP) peer in a BGP group can receive

110

The maximum number of peering connections that can be established in each virtual private cloud (VPC)

5

The maximum number of peering connections that each VBR can establish

5

The maximum number of peering connections that can be established with each Alibaba Cloud account, including VPC and VBR connections

10

The maximum number of VBRs that can be created for an Express Connect circuit after you enable billing for outbound data transfer

10

The maximum number of access point locations that can be queried by a user

0

The maximum number of routes that can be configured on each VBR

48

N/A

The maximum number of BGP CIDR blocks that each VBR can advertise

10

The maximum number of unpaid Express Connect circuits that can be created

10

The maximum number of VBRs that can be associated with a shared port

1

Note

By default, VBRs that belong to your Alibaba Cloud account cannot be attached to a Cloud Enterprise Network (CEN) instance that belongs to another Alibaba Cloud account. To attach VBRs to CEN instances across accounts, submit a ticket to acquire the permissions.

Limits on networks

To connect a data center to Alibaba Cloud over an Express Connect circuit, make sure that the CIDR blocks of services on Alibaba Cloud and the CIDR blocks of the data center do not conflict with each other. In addition, make sure that the data center meets the following requirements:

  • If you use optical fiber cables, you must use one of the following types of single-mode optical transceiver modules to connect to the access device of Alibaba Cloud. The configurations of the optical transceiver modules must be the same on both ends of the connection.

    • 1000 Base-LX single-mode optical transceiver module

    • 10 GBase-LR single-mode optical transceiver module

    • 40 GBase-LR single-mode optical transceiver module

    • 100 GBase-LR single-mode optical transceiver module

  • You must disable auto-negotiation for the port. Then, specify the port rate and set the duplex mode to full-duplex.

  • All devices used to establish the connection support 802.1Q virtual local area network (VLAN) encapsulation, including the intermediary devices in data centers.

  • The gateway device in your data center must support BGP and BGP MD5 authentication or static routing.

  • To use a redundant Express Connect circuit, you must set route weights on your gateway device.

  • The maximum transmission unit (MTU) on the physical layer is 1,500 bytes.

  • We recommend that you use private IP addresses to establish the connection between your data center and Alibaba Cloud. In addition, the CIDR blocks specified for the connection must not conflict with each other.

  • You must not set the CIDR block of the data center to 100.64.0.0/10 in case it conflicts with the CIDR blocks of the services in Alibaba Cloud.

  • You must not specify 100.64.0.0/10 as the peer CIDR block for the VBR in Alibaba Cloud or the gateway device in the data center.

  • The gateway device in the data center must be able to receive more than 500 Internet Control Message Protocol (ICMP) echo requests per second. Otherwise, the gateway device cannot promptly respond to probe packets sent for health checks and consequently network jitter occurs.

Limits on transmission rates (Alibaba Cloud side)

Data transmission between a VPC and a data center is throttled when you use an Express Connect circuit. In addition, the communication between a VPC and a data center is throttled due to the following reasons:

  • The maximum read/write speed for Object Storage Service (OSS) is 10 Gbit/s.

  • To improve reliability, the transfer of individual hashed traffic flow from a VPC to a VBR is throttled. The transmission rate is throttled to 1/12, 1/4, 1/8, or 1/16 of the bandwidth limit that you specify when you create a peering connection. For example, if the bandwidth limit of a peering connection between a VPC and a VBR is set to 1 Gbit/s, the transfer of individual hashed traffic flow from the VPC to the VBR is throttled to 85 Mbit/s.

    A hashed traffic flow is a data stream that is defined by the combination of the source IP address, source port, transport layer protocol, destination IP address, and destination port. For example, 192.168.1.1 10000 TCP 121.XX.XX.76 80 forms a hashed traffic flow. In this traffic flow, a terminal that is assigned with the IP address 192.168.1.1 and port 10000 is connected to a terminal that is assigned with the IP address 121.XX.XX.76 and port 80 over TCP.

Limits on access points

Before you connect a data center to Alibaba Cloud over an Express Connect circuit, you must choose an access point. Take note of the following limits before you choose an access point:

  • A region provides multiple access points located in different zones. The network latency between two access points located in zones of the same region is lower than 5 milliseconds.

  • If you want to minimize the network latency, you can submit a ticket to obatin information about the access point nearest to your cloud servers.

Limits on Express Connect circuits

  • Before you use Express Connect, you must plan the CIDR blocks of the VPC and the data center that you want to connect. Make sure that the CIDR blocks of the VPC and the data center do not overlap with each other.

  • Cloud services deployed in VPCs use the 100.64.0.0/10 CIDR block. Therefore, data centers that are connected to VPCs over Express Connect circuits must not use the 100.64.0.0/10 CIDR block.

  • Alibaba Cloud provides single-mode optical transceiver modules with 1 Gbit/s and 10 Gbit/s ports for you to connect your data center to access points. These optical transceiver modules support a maximum transmission distance of 10 km. If you want to use optical transceiver modules with 40 Gbit/s and 100 Gbit/s ports or optical transceiver modules that support a maximum transmission distance longer than 10 km, purchase them from a third party.

  • Express Connect circuits do not support virtual extensible local area network (VXLAN) traffic from the destination port 4789 over the UDP protocol.

Limits on redundant Express Connect circuits

  • Alibaba Cloud guarantees service availability for connections over Express Connect circuits only when the Express Connect circuits are connected to different access points. If multiple Express Connect circuits share the same access point or only one Express Connect circuit is used, service availability is not guaranteed.

  • If a data center is connected to a VPC over two Express Connect circuits, you must specify source IP addresses and destination IP addresses for health checks. After you configure health checks for the Express Connect circuits, the system checks the status of both Express Connect circuits. If one of the Express Connect circuits is down, network traffic is transmitted over the other Express Connect circuit. We recommend that you configure health checks to detect service interruptions. This way, the system can perform failovers at the earliest opportunity.

Limits on hosted connections over Express Connect circuits

  • Alibaba Cloud cannot change the port settings to meet your business requirements.

  • Equal-cost multi-path routing (ECMP) is not supported.

  • When you set a bandwidth limit on a hosted connection over an Express Connect circuit, make sure that the sum of the bandwidth limits of all hosted connections does not exceed the bandwidth limit of the Express Connect circuit.

Limits on Express Connect circuit installation

  • The company in charge of the installation of an Express Connect circuit must follow the construction rules stipulated by connectivity providers and engineers of the Alibaba Cloud data center. Installation is forbidden in case of violation.

  • If you purchase optical ports, make sure that the connectivity provider uses optical fiber cables to connect to the port of Alibaba Cloud.

  • If you purchase copper Ethernet ports, make sure that the connectivity provider uses copper cables to connect to the port of Alibaba Cloud.

  • Alibaba Cloud data centers do not support fiber-optic transceivers. The company in charge of the installation cannot install fiber-optic transceivers in data centers of Alibaba Cloud.

  • The installation schedule is subject to data center lockdowns required by local authorities and Alibaba Cloud. If the data center is locked down, you can contact your account manager.

  • Data centers where Alibaba Cloud access points are located are leased from the telecom service provider or third-party service providers. Therefore, you may be charged by a service provider for installing the Express Connect circuit in their buildings and using the indoor cables.

Time spans for Express Connect circuit installation

The following table describes the amount of time required for installing Express Connect circuits.

Work item

Duration

Review of the application to enter an Alibaba Cloud data center and perform site surveys for the installation

Two business days

Review of the application for a Letter of Authorization (LOA)

Two business days

Fiber pigtail installation

Optical transceiver modules provided by Alibaba Cloud

  • Within the Chinese mainland: two business days

  • Outside the Chinese mainland: three business days

    Note

    If the access point is located in Japan, four business days are required.

Optical transceiver modules provided by a third party

  • Within the Chinese mainland: two business days after Alibaba Cloud receives the optical transceiver modules

  • Outside the Chinese mainland: three business days after Alibaba Cloud receives the optical transceiver modules

    Note

    If the access point is located in Japan, four business days are required.

Review of the application to enter an Alibaba Cloud data center to maintain an Express Connect circuit

Two business days