Before you get started with Virtual Private Cloud (VPC), we recommend that you understand the limits and learn how to increase quotas.

Limits and quotas on VPCs and vSwitches

ItemLimitAdjustable
Maximum number of VPCs that can be created in each region10
You can request a quota increase by using one of the following methods:
Maximum number of vSwitches that can be created in each VPC150
You can request a quota increase by using one of the following methods:
Available CIDR block for each VPC
  • We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets.
  • You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets.
No
Maximum number of secondary IPv4 CIDR blocks that can be created in each VPC5
You can request a quota increase by using one of the following methods:
Maximum number of secondary IPv6 CIDR blocks that can be created in each VPC3No
Maximum number of customer CIDR blocks that can be created in each VPC3
Maximum number of private IP addresses that can be used by cloud resources in each VPC 60,000
Note
  • If an Elastic Compute Service (ECS) instance has only one private IP address, the ECS instance uses only one network address.
  • If an ECS instance is associated with multiple elastic network interfaces (ENIs), or multiple IP addresses are assigned to an ENI, the number of network addresses used by the ECS instance equals the total number of the IP addresses assigned to the ENIs that are associated with the ECS instance.
Maximum number of tags that can be added to each VPC20
Maximum number of tags that can be added to each vSwitch20

Limits and quotas on vRouters and route tables

ItemLimitAdjustable
Maximum number of vRouters that can be created in each VPC1No
Maximum number of custom route tables that can be created in each VPC9
You can request a quota increase by using one of the following methods:
Maximum number of custom routes that can be created in each route table200
Maximum number of custom routes that point to an HAVIP5
VPCs that do not support custom route tablesIf a VPC contains an ECS instance that belongs to one of the following instance families, the VPC does not support custom route tables:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Advanced VPC features.

If your Elastic Compute Service (ECS) instance does not support advanced virtual private cloud (VPC) features, upgrade or release the ECS instance.
Maximum number of tags that can be added to each route table20

Limits and quotas on Dynamic Host Configuration Protocol (DHCP) options sets

ItemLimitAdjustable
Maximum number of DHCP options sets that can be created with each Alibaba Cloud account10No
Maximum number of VPCs that can be associated with each DHCP options set10
Maximum number of DHCP options sets that can be associated with each VPC1
Maximum number of domain names that can be specified in each DHCP options set1
Maximum number of DNS server IP addresses that can be specified in each DHCP options set4
VPCs that cannot be associated with DHCP options setsIf a VPC contains an ECS instance that belongs to one of the following instance families, the VPC does not support DHCP options sets:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Advanced VPC features.

If your Elastic Compute Service (ECS) instance does not support advanced virtual private cloud (VPC) features, upgrade or release the ECS instance.

Limits and quotas on shared VPCs

ItemLimitAdjustable
Maximum number of principals supported by each VPC50
You can request a quota increase by using one of the following methods:
Maximum number of principals supported by each vSwitch in a VPC50
Maximum number of vSwitches that can be shared with each principal30
Maximum number of IP addresses that each VPC can useMaximum number of IP addresses that the resource owner and principals can use in each VPC No
Types of cloud resources that can be created in a shared vSwitch
  • ECS instance
  • SLB instance
  • ApsaraDB RDS instance
  • Terway component
  • ApsaraDB for MongoDB instance
  • ApsaraDB for Redis instance
  • Message Queue for Apache Kafka instance
  • Elasticsearch
  • Container Registry instance
  • PolarDB for MySQL cluster
N/A
Limits on security groups in a shared VPC
  • A resource principal cannot create resources in security groups that belong to other resource principals or the resource owner. The security groups include the default security group.
  • The resource owner cannot create resources in security groups that belong to resource principals.
Types of vSwitches that can be sharedNon-default vSwitches

Limits and quotas on flow logs

ItemLimitAdjustable
Maximum number of flow logs that can be created in each region10No
ECS instance families that do not support flow logs
  • When you enable flow logs for a VPC or a vSwitch, ECS instances in the VPC or vSwitch do not support flow logs if they belong to the following instance families. Other ECS instances that meet the requirements support flow logs:
  • ENIs that are associated with ECS instances of the following instance families do not support flow logs:

    ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

Upgrade the ECS instances that do not support flow logs. For more information, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance.

Limits and quotas on network access control lists (ACLs)

ItemLimitAdjustable
Maximum number of network ACLs that can be created in each VPC20No
Maximum number of rules that can be added to a network ACL
  • Inbound rules: 20
  • Outbound rules: 20
You can request a quota increase by using one of the following methods:
VPCs that do not support network ACLsIf a VPC contains an ECS instance of the following instance families, the VPC does not support network ACLs:

ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

For more information, see Advanced VPC features.

If your Elastic Compute Service (ECS) instance does not support advanced virtual private cloud (VPC) features, upgrade or release the ECS instance.
Note If a VPC contains an ECS instance of the specified instance families and the network ACL feature is enabled, you must upgrade or release the ECS instance for the network ACL to work as expected.

Limits and quotas on HAVIPs

ItemLimitAdjustable
Network types that support high-availability virtual IP addresses (HAVIPs)VPCNo
Number of HAVIPs that can be associated with each ECS instance5
Number of ECS instances or ENIs that can be associated with each HAVIP10
Whether HAVIPs support broadcasting or multicastingNot supported
Note HAVIPs support only unicasting. To implement high availability by using third-party software such as keepalived, you must modify the configuration file to change the communication method to unicasting.
Number of HAVIPs that can be created with each Alibaba Cloud account5
Number of HAVIPs that can be created in each VPC5
Number of route entries that point to an HAVIP in each VPC5
You can request a quota increase by using one of the following methods:

Limits and quotas on traffic mirroring

ItemLimitAdjustable
Maximum number of traffic mirror sources that can be specified in each traffic mirror session10
You can request a quota increase by using one of the following methods:
Maximum number of traffic mirror sessions that you can create in each region with each Alibaba Cloud account20,000No
Maximum number of traffic mirror sessions supported by each traffic mirror source1
Maximum number of traffic mirror destinations that can be specified by each Alibaba Cloud accountUnlimited
Maximum number of traffic mirror sessions supported by each traffic mirror destination
  • 200 (if the traffic mirror destination is an internal-facing CLB instance)
  • 10 (if the traffic mirror destination is an ENI)
Maximum number of rules that can be specified in each filter10
Maximum number of traffic mirror sessions that can be associated with each filter1,000

Limits and quotas on VPC peering connections

ItemLimitAdjustable
The maximum number of VPC peering connections supported by each VPC10
You can request a quota increase by using one of the following methods:
The maximum number of VPC peering connections supported by each Alibaba Cloud account in each region20
The maximum bandwidth supported by cross-border connections1024 Mbps
The maximum bandwidth supported by inter-region connections1024 Mbps

Limits and quotas on IPv4 gateways

ItemLimitAdjustable
The maximum number of IPv4 gateways that can be created in a VPC1No
The maximum number of gateway route tables that can be associated with an IPv4 gateway1

Limits and quotas on prefix lists

ItemLimitAdjustable
Maximum number of entries supported by each prefix list50

Not supported

Maximum number of times that each prefix list can be associatedUnlimited
Maximum number of prefix lists that can be shared with each participant10
Maximum number of participants with which each prefix list can be shared10