This topic describes the limits and quotas of VPN gateways and how to request a quota increase.
Limits
Item | Limit | Adjustable |
Maximum number of VPN gateways that you can create with each Alibaba Cloud account | 30 Note This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs. For example, for each Alibaba Cloud account:
| You can use one of the following methods to increase the quota:
|
Maximum bandwidth supported by a VPN gateway | 1000 Mbps Note The maximum bandwidth supported by VPN gateways in some regions is 200 Mbit/s. For more information about the regions, see Limits on VPN gateways. | N/A You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
Maximum number of packets that can be transmitted by a VPN gateway per second | 120,000 (256 bytes per packet) | N/A |
Maximum number of connections supported by a VPN gateway | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | N/A |
Maximum number of routes supported by the BGP route table of a VPN gateway | 50 | Submit a ticket or contact your account manager. You can increase the quota to up to 200. |
Maximum number of policy-based routes supported by each VPN gateway | 20 | You can use one of the following methods to increase the quota:
|
Maximum number of destination-based routes supported by each VPN gateway | 30 |
Limits on customer gateways
Item | Limit | Adjustable |
Maximum number of customer gateways that you can create in each region | 150 | N/A |
Limits on IPsec-VPN connections
Item | Limit | Adjustable |
Maximum number of IPsec-VPN connections that you can create on each VPN gateway | 10 | You can use one of the following methods to increase the quota:
|
Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection | 5 | N/A |
Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection | 5 | |
Maximum number of transit routers that can be associated with an IPsec-VPN connection | 1 | |
Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router | 16 | |
The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transfer router | 1 Gbps | N/A You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
Maximum number of packets that can be transmitted per second by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router | 120,000 (256 bytes per packet) | N/A |
Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | N/A |
Ports that are not supported by IPsec-VPN connections | 2222 Note Port 2222 is used only within a VPN gateway. Requests destined for port 2222 of an IPsec-VPN connection are dropped. | N/A |
Limits on SSL-VPN connections
Item | Limit | Adjustable |
Maximum number of SSL client certificates that you can create with each Alibaba Cloud account | 50 | You can use one of the following methods to increase the quota:
|
Maximum number of SSL servers that can be associated with each VPN gateway | 1 | N/A |
Maximum number of local CIDR blocks that can be added to each SSL server | 5 | |
Maximum number of peer CIDR blocks that can be added to each SSL server | 1 | |
Maximum number of clients supported by each VPN gateway | 1,000 | |
Ports that are not supported by SSL servers | 22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, and 4500 | |
Validity period of an SSL client certificate | Three years |
Limits on IPsec servers
Item | Limit | Adjustable |
Maximum number of IPsec servers that you can create on each VPN gateway | 1 | N/A |
Maximum number of clients supported by an IPsec server | 50 |