Limits and quotas on VPC - Virtual Private Cloud - Alibaba Cloud Documentation Center

Alibaba Cloud sets quotas on the cloud resources and API operations for each Alibaba Cloud account. This topic describes the quota items and their default values of Virtual Private Cloud (VPC), as well as whether the quotas are adjustable.

Quotas are set on a per-region or per-account basis. Quotas are categorized into the following types:

General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.
API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as queries per second (QPS) limits.
Privileges: the permissions to use advanced features. Privileges are granted by Alibaba Cloud to an account.

You can view and manage quotas in Alibaba Cloud Quota Center or in the VPC console console. For more information about how to manage VPC quotas, see Manage VPC quotas.

General quotas

The following table describes the general quotas of VPC.

Quotas of VPCs and vSwitches

Name/ID	Description	Default value	Adjustable
vpc_quota_instances_num_${RegionId} Note ${RegionId} indicates that the quota limits the item only in the specified region.	Maximum number of VPCs that can be created in each region	10	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
vpc_quota_vswitches_num	Maximum number of vSwitches that can be created in each VPC	150	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
vpc_quota_secondary_cidr_num	Maximum number of secondary IPv4 CIDR blocks that can be created in each VPC	5	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
N/A	Available CIDR block for each VPC	We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets. You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets.	No
	Maximum number of secondary IPv6 CIDR blocks that can be created in each VPC	3
	Maximum number of customer CIDR blocks that can be created in each VPC	3
	Maximum number of private IP addresses that can be used by cloud resources in each VPC	300,000 Note If an Elastic Compute Service (ECS) instance has only one private IP address, the ECS instance uses only one network address. If an ECS instance is associated with multiple elastic network interfaces (ENIs), or multiple IP addresses are assigned to an ENI of an ECS instance, the number of network addresses used by the ECS instance equals the total number of the IP addresses assigned to the ENIs that are associated with the ECS instance.
	Maximum number of tags that can be added to each VPC	20
	Maximum number of tags that can be added to each vSwitch	20

Quotas of routers and route tables

Name/ID	Description	Default value	Adjustable
vpc_quota_route_tables_num	Maximum number of custom route tables that can be created in each VPC	9	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
vpc_quota_route_entrys_num	Maximum number of custom routes that can be created in each route table	200
vpc_quota_havip_custom_route_entry	Maximum number of custom routes that point to an HAVIP	5
N/A	Maximum number of tags that can be added to each route table	20	No
	Maximum number of vRouters that can be created in each VPC	1
	Maximum number of routes that can point to a transit router supported by each VPC	600

Quotas of DHCP options sets

Name/ID	Description	Default value	Adjustable
N/A	Maximum number of DHCP options sets that can be created with each Alibaba Cloud account	10	No
	Maximum number of VPCs that can be associated with each DHCP options set	10
	Maximum number of DHCP options sets that can be associated with each VPC	1
	Maximum number of domain names that can be specified in each DHCP options set	1
	Maximum number of DNS server IP addresses that can be specified in each DHCP options set	4

Quotas of VPC sharing

Name/ID	Description	Default value	Adjustable
vpc_quota_sharedvpc_share_user_num_per_vpc	Maximum number of principals supported by each VPC	50	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
vpc_quota_sharedvpc_share_user_num_per_vswitch	Maximum number of principals supported by each vSwitch in a VPC	50
vpc_quota_sharedvpc_accept_shared_vswitch_num	Maximum number of vSwitches that can be shared with each principal	30
N/A	Maximum number of IP addresses that each VPC can use	Maximum number of IP addresses that the resource owner and principals can use in each VPC	No
	Types of cloud resources that can be created in a shared vSwitch	ECS instance SLB instance ApsaraDB RDS instance Terway component ApsaraDB for MongoDB instance ApsaraDB for Redis instance Message Queue for Apache Kafka instance Elasticsearch Container Registry instance PolarDB for MySQL cluster ApsaraMQ for RocketMQ instance Microservices Engine	N/A
	Limits on security groups in a shared VPC	A principal cannot create resources in security groups that belong to other principals or the resource owner. The security groups include the default security group. The resource owner cannot create resources in security groups that belong to principals.
	Types of vSwitches that can be shared	Non-default vSwitches

Quotas of flow logs

Name/ID

Description

Default value

Adjustable

vpc_quota_flowlog_inst_nums_per_user

Maximum number of flow logs that can be created by each account

You can increase the quota by performing the following operations:

Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas.
Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.

N/A

ECS instance families that do not support flow logs

When you enable flow logs for a VPC or a vSwitch, ECS instances in the VPC or vSwitch do not support flow logs if they belong to the following instance families. Other ECS instances that meet the requirements support flow logs:
ENIs that are associated with ECS instances of the following instance families do not support flow logs:
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

Upgrade the ECS instances that do not support flow logs. For more information, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance.

Quotas of network ACLs

Name/ID	Description	Default value	Adjustable
vpc_quota_nacl_ingress_entry	Maximum number of rules that can be added to a network ACL	20	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
vpc_quota_nacl_egress_entry	Maximum number of rules that can be added to a network ACL	20
nacl_quota_vpc_create_count	Maximum number of network ACLs that can be created in each VPC	20	No

Quotas of HAVIPs

Name/ID	Description	Default value	Adjustable
N/A	Network types that support HAVIPs	VPC	No
	Maximum number of HAVIPs that can be associated with each ECS instance	5
	Maximum number of EIPs that can be associated with each HAVIP	1
	Maximum number of ECS instances or ENIs that can be associated with each HAVIP	10 Note You can associate each HAVIP with at most 10 ECS instances or 10 ENIs. However, you cannot associate an HAVIP with an ECS instance and an ENI at the same time. HAVIPs can be associated with ECS instances or ENIs that belong to the same vSwitch.
	Whether HAVIPs support broadcasting or multicasting	Not supported Note HAVIPs support only unicast. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode in the configuration file to unicast.
	Maximum number of HAVIPs that can be created with each Alibaba Cloud account	50
	Maximum number of HAVIPs that can be created in each VPC	50
vpc_quota_havip_custom_route_entry	Maximum number of route entries that point to an HAVIP in each VPC	5	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.

Quotas of traffic mirroring

Name/ID	Description	Default value	Adjustable
trafficmirror_quota_source_num_per_session	Maximum number of traffic mirror sources that can be specified in each traffic mirror session	10	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
N/A	Maximum number of traffic mirror sessions that you can create in each region with each Alibaba Cloud account	20,000	No
	Maximum number of traffic mirror sessions supported by each traffic mirror source	3
	Maximum number of traffic mirror destinations that can be specified by each Alibaba Cloud account	Unlimited
	Maximum number of traffic mirror sources that can use each traffic mirror destination	If the traffic mirror destination is an internal-facing Classic Load Balancer (CLB) instance, it can be used by at most 200 traffic mirror sources. If the traffic mirror destination is an ENI and the ENI is associated with an ECS instance of the following instance families, it can be used by at most 100 traffic mirror sources. If the associated ECS instance does not belong to the following instance families, the traffic mirror destination can be used by at most 10 traffic mirror sources. Instance family ecs.ebmc7.32xlarge, ecs.ebmg7.32xlarge, ecs.ebmr7.32xlarge, ecs.ebmhfg7.48xlarge, ecs.ebmhfc7.48xlarge, ecs.ebmhfr7.48xlarge, ecs.ebmc7a.64xlarge, ecs.ebmg7a.64xlarge, ecs.ebmg7se.32xlarge, ecs.ebmg6a.64xlarge, ecs.ebmg6e.26xlarge, ecs.ebmc6a.64xlarge, ecs.ebmc6e.26xlarge, ecs.ebmr7a.64xlarge, ecs.ebmr6a.64xlarge, ecs.ebmr6e.26xlarge, ecs.c8i.48xlarge, ecs.g8i.48xlarge, ecs.c7nex.32xlarge, ecs.g7ne.24xlarge, ecs.c7.32xlarge, ecs.g7.32xlarge, ecs.r7.32xlarge, ecs.g7t.32xlarge, ecs.g6t.26xlarge, ecs.g6e.26xlarge, ecs.c7t.32xlarge, ecs.c6t.26xlarge, ecs.c6e.26xlarge, ecs.g5ne.18xlarge, and ecs.r7t.32xlarge
	Maximum number of rules that can be specified in each filter	10
	Maximum number of traffic mirror sessions that can be associated with each filter	2,000
	ECS instance families that do not support traffic mirroring	ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.c1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.se1ne, ecs.se1nec, ecs.sn1, ecs.sn1ne, ecs.sn1nec, ecs.sn2, ecs.sn2ne, ecs.sn2nec, ecs.t1, and ecs.xn4	N/A

Quotas of VPC peering connections

Name/ID	Description	Default value	Adjustable
vpc_quota_cross_region_peer_num_per_vpc	Maximum number of inter-region VPC peering connections supported by each VPC	20	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Request a quota increase.
vpc_quota_intra_region_peer_num_per_vpc	Maximum number of intra-region VPC peering connections supported by each VPC	10
vpc_quota_peer_num	Maximum number of VPC peering connections supported by each Alibaba Cloud account in each region	20
vpc_quota_peer_cross_border_bandwidth	Maximum bandwidth supported by cross-border connections	1024 Mbps
vpc_quota_peer_cross_region_bandwidth	Maximum bandwidth supported by inter-region connections	1024 Mbps
N/A	Default maximum bandwidth for intra-region connections	-1 Mbps	No

Quotas of IPv4 gateways

Name/ID	Description	Default value	Adjustable
N/A	Maximum number of IPv4 gateways that can be created in each VPC	1	No
N/A	Maximum number of gateway route tables that can be associated with each IPv4 gateway	1	No

Quotas of prefix lists

Name/ID	Description	Default value	Adjustable
vpc_quota_prefixlist_num	Maximum number of prefix lists that can be created by an Alibaba Cloud account	10	You can increase the quota by performing the following operations: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page to request a quota increase. For more information, see Manage VPC quotas.
vpc_quota_prefixlist_cidr_num_per_prefixlist	Maximum number of entries supported by each prefix list	50
vpc_quota_prefixlist_accept_shared_prefixlist_num	Maximum number of prefix lists that can be shared with each principal	10
vpc_quota_prefixlist_share_user_num_per_prefixlist	Maximum number of principals with which each prefix list can be shared	10
N/A	Maximum number of times that each prefix list can be associated	Unlimited	No

API rate limits

The following table describes the API rate limits of VPC.

Operation name	Version	Default value	Description	Adjustable
CreateRouteEntry	2016-04-28	600/60(s)	Maximum frequency that each Alibaba Cloud account can call the CreateRouteEntry operation	No
CreateVSwitch	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the CreateVSwitch operation	No
CreateVpc	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the CreateVpc operation	No
DeleteRouteEntry	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DeleteRouteEntry operation	No
DeleteVSwitch	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DeleteVSwitch operation	No
DeleteVpc	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DeleteVpc operation	No
DescribeIpv6Addresses	2016-04-28	600/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeIpv6Addresses operation	No
DescribeNatGateways	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeNatGateways operation	No
DescribeRouteEntryList	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeRouteEntryList operation	No
DescribeRouteTableList	2016-04-28	120/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeRouteTableList operation	No
DescribeVSwitchAttributes	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeVSwitchAttributes operation	No
DescribeVSwitches	2016-04-28	360/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeVSwitches operation	No
DescribeVpcAttribute	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeVpcAttribute operation	No
DescribeVpcs	2016-04-28	360/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeVpcs operation	No
ListTagResources	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ListTagResources operation	No
ModifyRouteEntry	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyRouteEntry operation	No
ModifyVSwitchAttribute	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyVSwitchAttribute operation	No
ModifyVpcAttribute	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyVpcAttribute operation	No
TagResources	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the TagResources operation	No
UnTagResources	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the UnTagResources operation	No
AllocateIpv6InternetBandwidth	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the AllocateIpv6 InternetBandwidth operation	No
AllocateVpcIpv6Cidr	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the AllocateVpcIpv6Cidr operation	No
CreateIpv6EgressOnlyRule	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the CreateIpv6EgressOnlyRule operation	No
CreateIpv6Gateway	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the CreateIpv6Gateway operation	No
DeleteIpv6EgressOnlyRule	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DeleteIpv6EgressOnlyRule operation	No
DeleteIpv6Gateway	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DeleteIpv6Gateway operation	No
DeleteIpv6InternetBandwidth	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DeleteIpv6 InternetBandwidth operation	No
DescribeIpv6EgressOnlyRules	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeIpv6 EgressOnlyRules operation	No
DescribeIpv6GatewayAttribute	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeIpv6 GatewayAttribute operation	No
DescribeIpv6Gateways	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeIpv6Gateways operation	No
DescribeRegions	2016-04-28	600/60(s)	Maximum frequency that each Alibaba Cloud account can call the DescribeRegions operation	No
ModifyIpv6AddressAttribute	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyIpv6 AddressAttribute operation	No
ModifyIpv6GatewayAttribute	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyIpv6 GatewayAttribute operation	No
ModifyIpv6GatewaySpec	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyIpv6GatewaySpec operation	No
ModifyIpv6InternetBandwidth	2016-04-28	300/60(s)	Maximum frequency that each Alibaba Cloud account can call the ModifyIpv6 InternetBandwidth operation	No

Privileges

When the default value of a privilege is 0, the corresponding advanced feature is unavailable. You must obtain the privilege from Alibaba Cloud before you can use the feature. The following table describes the privileges of VPC.

Name/ID

Description

Adjustable

havip privilege whitelist

Allows customers who participate in invitational preview to use the HAVIP feature.

You can increase the quota by performing the following operations:

Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas.
Go to the Quota Center page to request a quota increase. For more information, see Manage VPC quotas.