This topic describes the limits of Express Connect that you must take note of before you get started.
Limits on resources
|The number of Express Connect circuits that each account can connect to an access point||2|
|The number of virtual border routers (VBRs) that can be created for each Express Connect circuit||10||To request a quota increase: Submit a ticket.|
|The number of Border Gateway Protocol (BGP) routes supported by each VBR||110|
|The number of VBRs that can be created for each Express Connect circuit after you enable outbound data transfer billing||
||To request a quota increase: Submit a ticket.|
|The number of VBRs that can be created for each Express Connect circuit when outbound data transfer billing is disabled||
||To request a quota increase: Submit a ticket.
When you create VBRs for an Express Connect circuit, you can create at most five VBRs for the current account and two VBRs for other accounts. You are charged for VBRs that you create beyond the free quotas.
|The number of routes that can be added to each VBR||48|
|The number of BGP routes that can be advertised from each VBR||1|
- By default, you cannot use your Alibaba Cloud account to create VBRs for other Alibaba Cloud accounts in regions within mainland China. If the owner of an Express Connect circuit and the user of the Express Connect circuit belong to the same enterprise, the owner can submit a ticket to apply for temporary permissions. Submit a ticket. If the owner has the required license, the owner can contact Alibaba Cloud and apply for the permissions. The required license must be issued by the Ministry of Industry and Information Technology (MIIT) to allow the owner to provide A26 domestic communications facilities services.
- By default, you cannot use your Alibaba Cloud account to create VBRs for other Alibaba Cloud accounts in regions outside mainland China. The owner of an Express Connect circuit can submit a ticket to apply for temporary permissions. Submit a ticket.
- If you want to attach a VBR to a Cloud Enterprise Network (CEN) instance, the VBR and the CEN instance must belong to the same account. Similarly, if you want to connect a VBR and a virtual private cloud (VPC), the VBR and the VPC must belong to the same account. If the owner and the user of an Express Connect circuit belong to the same enterprise, the owner can submit a ticket to apply for temporary permissions. Submit a ticket.
Limits on networks
To connect a data center to Alibaba Cloud over an Express Connect circuit, make sure that the CIDR blocks of services on Alibaba Cloud and the CIDR blocks of the data center do not conflict with each other. You must also make sure that the data center meets the following requirements:
- If you use optical fiber cables, you must use one of the following types of single-mode optical transceiver modules to connect to the access device of Alibaba Cloud. The configurations of the optical transceiver modules must be the same on both ends of the connection.
- 1 GE 1000Base-LX single-mode optical transceiver module
- 10 GE 10GBase-LR single-mode optical transceiver module
- 40 GE 40GBase-LR single-mode optical transceiver module
- 100 GE 100GBase-LR single-mode optical transceiver module
- You must disable auto-negotiation for the port. Then, specify the port rate and set the duplex mode to full-duplex.
- The connection over the Express Connect circuit and the devices that the Express Connect circuit traverses must support 802.1Q VLAN encapsulation.
- The gateway device in your data center must support BGP and MD5 authentication or static routing.
- To use a redundant Express Connect circuit, you must set route weights on your gateway device.
- The physical-layer maximum transmission unit (MTU) is 1,522 bytes, which is the sum of the 14-byte Ethernet header, 4-byte VLAN flag, 1,500-byte IP datagram, and 4-byte frame check sequence (FCS).
Recommended value: 1500.
- We recommend that you use private IP addresses to establish the connection between your data center and Alibaba Cloud. In addition, the CIDR blocks specified for the connection must not conflict with each other.
- You must not set the CIDR block of the data center to 100.64.0.0/12 in case it conflicts with the CIDR blocks of the services on Alibaba Cloud.
- You must not specify 100.64.0.0/12 as the peer CIDR block for the VBR on Alibaba Cloud or the gateway device in the data center.
- The gateway device in the data center must be capable of receiving more than 500 Internet Control Message Protocol (ICMP) echo requests per second. Otherwise, the gateway device cannot promptly respond to probe packets sent for health checks and consequently network jitter occurs.
Limits on transmission rate (Alibaba Cloud side)
Data transmission between a VPC and a data center is throttled when you use or an Express Connect circuit to connect them. In addition, the communication between a VPC and a data center has the following limits:
- Object Storage Service (OSS) supports a maximum read/write speed of 5 Gbit/s.
- To improve reliability, the transfer of individual hashed traffic flows from a VPC to a VBR is throttled. The transmission rate is throttled to 1/12, 1/4, 1/8, or 1/16 of the bandwidth limit that you specify when you create the peering connection. For example, if the bandwidth limit of the peering connection between the VPC and the VBR is set to 1 Gbit/s, the transfer of individual hashed traffic flows from the VPC to the VBR is throttled to 85 Mbit/s.
A hashed traffic flow is a data stream that is defined by the combination of the source IP address, source port, transport layer protocol, destination IP address, and destination port. For example,
192.168.1.1 10000 TCP 184.108.40.206 80forms a hashed traffic flow. In this traffic flow, a terminal that is assigned the IP address 192.168.1.1 and port 10000 is connected to a terminal that is assigned the IP address 220.127.116.11 and port 80 over TCP.
Limits on access points
Before you connect a data center to Alibaba Cloud over an Express Connect circuit, you must select an access point. Take note of the following limits before you select an access point:
- Each region provides multiple access points located in different zones. The network latency between two access points located in zones of the same region is lower than 5 milliseconds.
- If you want to minimize the network latency, you can summit a ticket for information about the access point nearest to your cloud servers. Submit a ticket.
Limits on Express Connect circuits
- Before you use Express Connect, you must plan the CIDR blocks of the VPC and the data center that you want to connect. Make sure that the CIDR blocks of the VPC and the data center do not overlap with each other.
- Cloud services deployed in VPCs use the 100.64.0.0/10 CIDR block. Therefore, data centers that are connected to VPCs over Express Connect circuits must not use the 100.64.0.0/10 CIDR block.
- Alibaba Cloud provides optical transceiver modules with 1 Gbit/s and 10 Gbit/s ports for you to connect your data center to access points. These optical transceiver modules support a maximum transmission distance of 10 km. If you want to use optical transceiver modules with 40 Gbit/s and 100 Gbit/s ports or optical transceiver modules that support a maximum transmission distance of greater than 10 km, purchase them from a third party.
Limits on redundant Express Connect circuits
- Alibaba Cloud guarantees service availability for connections over Express Connect circuits only when the Express Connect circuits are connected to different access points. If multiple Express Connect circuits share the same access point or only one Express Connect circuit is used, service availability is not guaranteed.
- If a data center is connected to a VPC over two Express Connect circuits, you must specify source IP addresses and destination IP addresses for health checks. After you configure health checks for the Express Connect circuits, the system checks the status of both Express Connect circuits. If one of the Express Connect circuits is down, network traffic is transmitted through the other Express Connect circuit. We recommend that you configure health checks to detect service disruptions and perform failovers at the earliest opportunity.
Limits on hosted connections over Express Connect circuits
- Alibaba Cloud cannot change the port settings to meet your business needs.
- Equal-cost multi-path (ECMP) is not supported.
Limits on installation
- The company in charge of the installation of an Express Connect circuit must follow the construction rules stipulated by the network carrier and engineers of the Alibaba Cloud data center. Installation is forbidden in case of violation.
- If you purchase optical ports, make sure that the network carrier uses optical fiber cables to connect to the port of Alibaba Cloud.
- If you purchase copper Ethernet ports, make sure that the network carrier uses copper cables to connect to the port of Alibaba Cloud.
- Alibaba Cloud data centers do not support fiber-optic transceivers. The company in charge of the installation cannot install fiber-optic transceivers in data centers of Alibaba Cloud.
- The installation schedule is subject to data center lockdowns required by local authorities and Alibaba Cloud. When the data center is locked down, you can contact your product manager from Alibaba Cloud.
- Data centers where Alibaba Cloud access points are located are leased from network carriers. Therefore, you may be charged by a network carrier for installing the Express Connect circuit in their building and using the indoor cables.
Time spans for installation
The following table describes the time required for installing Express Connect circuits.
|Review of the application to enter an Alibaba Cloud data center and perform site surveys for the installation||Two business days|
|Review of the application for a Letter of Authorization (LOA)||Two business days|
|Fiber pigtail installation||Optical transceiver modules provided by Alibaba Cloud
Optical transceiver modules from a third party
|Review of the application to enter an Alibaba Cloud data center to maintain an Express Connect circuit||Two business days|