Document Center

All Products

Document Center

Virtual Private Cloud:Limits and quotas

Last Updated:Nov 06, 2023

Before you get started with Virtual Private Cloud (VPC), we recommend that you understand the limits and learn how to increase quotas.

Limits and quotas on VPCs and vSwitches

Item	Limit	Adjustable
Maximum number of VPCs that can be created in each region	10	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
Maximum number of vSwitches that can be created in each VPC	150	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
Available CIDR block for each VPC	We recommend that you use 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or one of their subnets. You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets.	N/A
Maximum number of secondary IPv4 CIDR blocks that can be created in each VPC	5	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
Maximum number of secondary IPv6 CIDR blocks that can be created in each VPC	3	N/A
Maximum number of customer CIDR blocks that can be created in each VPC	3
Maximum number of private IP addresses that can be used by cloud resources in each VPC	60,000 Note If an Elastic Compute Service (ECS) instance has only one private IP address, the ECS instance uses only one network address. If an ECS instance is associated with multiple elastic network interfaces (ENIs), or multiple IP addresses are assigned to an ENI, the number of network addresses used by the ECS instance equals the total number of the IP addresses assigned to the ENIs that are associated with the ECS instance.
Maximum number of tags that can be added to each VPC	20
Maximum number of tags that can be added to each vSwitch	20

Limits and quotas on vRouters and route tables

Item	Limit	Adjustable
Maximum number of vRouters that can be created in each VPC	1	N/A
Maximum number of custom route tables that can be created in each VPC	9	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
Maximum number of custom routes that can be created in each route table	200
Maximum number of custom routes that point to an HAVIP	5
VPCs that do not support custom route tables	If a VPC contains an ECS instance that belongs to one of the following instance families, the VPC does not support custom route tables: ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. For more information, see Advanced VPC features.	If your Elastic Compute Service (ECS) instance does not support advanced virtual private cloud (VPC) features, upgrade or release the ECS instance. For more information about how to upgrade an ECS instance, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance. For more information about how to release an ECS instance, see Release an instance.
Maximum number of tags that can be added to each route table	20

Limits and quotas on Dynamic Host Configuration Protocol (DHCP) options sets

Item	Limit	Adjustable
Maximum number of DHCP options sets that can be created with each Alibaba Cloud account	10	N/A
Maximum number of VPCs that can be associated with each DHCP options set	10
Maximum number of DHCP options sets that can be associated with each VPC	1
Maximum number of domain names that can be specified in each DHCP options set	1
Maximum number of DNS server IP addresses that can be specified in each DHCP options set	4
VPCs that cannot be associated with DHCP options sets	If a VPC contains an ECS instance that belongs to one of the following instance families, the VPC does not support DHCP options sets: ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. For more information, see Advanced VPC features.	If your Elastic Compute Service (ECS) instance does not support advanced virtual private cloud (VPC) features, upgrade or release the ECS instance. For more information about how to upgrade an ECS instance, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance. For more information about how to release an ECS instance, see Release an instance.

Limits and quotas on shared VPCs

Item	Limit	Adjustable
Maximum number of principals supported by each VPC	50	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
Maximum number of principals supported by each vSwitch in a VPC	50
Maximum number of vSwitches that can be shared with each principal	30
Maximum number of IP addresses that each VPC can use	Maximum number of IP addresses that the resource owner and principals can use in each VPC	N/A
Types of cloud resources that can be created in a shared vSwitch	ECS instance SLB instance ApsaraDB RDS instance Terway component ApsaraDB for MongoDB instance ApsaraDB for Redis instance ApsaraMQ for Kafka instance Elasticsearch Container Registry instance PolarDB for MySQL cluster ApsaraMQ for RocketMQ instance Microservices Engine	N/A
Limits on security groups in a shared VPC	A resource principal cannot create resources in security groups that belong to other resource principals or the resource owner. The security groups include the default security group. The resource owner cannot create resources in security groups that belong to resource principals.
Types of vSwitches that can be shared	Non-default vSwitches

Limits and quotas on flow logs

Item	Limit	Adjustable
Maximum number of flow logs that can be created in each region	10	N/A
ECS instance families that do not support flow logs	When you enable flow logs for a VPC or a vSwitch, ECS instances in the VPC or vSwitch do not support flow logs if they belong to the following instance families. Other ECS instances that meet the requirements support flow logs: ENIs that are associated with ECS instances of the following instance families do not support flow logs: ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.	Upgrade the ECS instances that do not support flow logs. For more information, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance.

Limits and quotas on network access control lists (ACLs)

Item	Limit	Adjustable
Maximum number of network ACLs that can be created in each VPC	20	N/A
Maximum number of rules that can be added to a network ACL	Inbound rules: 20 Outbound rules: 20	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
VPCs that do not support network ACLs	If a VPC contains an ECS instance of the following instance families, the VPC does not support network ACLs: ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. For more information, see Advanced VPC features.	If your Elastic Compute Service (ECS) instance does not support advanced virtual private cloud (VPC) features, upgrade or release the ECS instance. For more information about how to upgrade an ECS instance, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance. For more information about how to release an ECS instance, see Release an instance. Note If a VPC contains an ECS instance of the specified instance families and the network ACL feature is enabled, you must upgrade or release the ECS instance for the network ACL to work as expected.

Limits and quotas on HAVIPs

Item	Limit	Adjustable
Network types that support HAVIPs	VPC	N/A
Maximum number of HAVIPs that can be associated with each ECS instance	5
Maximum number of EIPs that can be associated with each HAVIP	1
Maximum number of ECS instances or ENIs that can be associated with each HAVIP	10 Note You can associate each HAVIP with at most 10 ECS instances or 10 ENIs. However, you cannot associate an HAVIP with an ECS instance and an ENI at the same time. HAVIPs can be associated with ECS instances or ENIs that belong to the same vSwitch.
Whether HAVIPs support broadcasting or multicasting	Not supported Note HAVIPs support only unicast. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode in the configuration file to unicast.
Maximum number of HAVIPs that can be created with each Alibaba Cloud account	50
Maximum number of HAVIPs that can be created in each VPC	50
Maximum number of route entries that point to an HAVIP in each VPC	5	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.

Limits and quotas on traffic mirroring

Item	Limit	Adjustable
Maximum number of traffic mirror sources that can be specified in each traffic mirror session	10	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
Maximum number of traffic mirror sessions that you can create in each region with each Alibaba Cloud account	20,000	N/A
Maximum number of traffic mirror sessions supported by each traffic mirror source	3
Maximum number of traffic mirror destinations that can be specified by each Alibaba Cloud account	Unlimited
Maximum number of traffic mirror sources that can use each traffic mirror destination	If the traffic mirror destination is an internal-facing Classic Load Balancer (CLB) instance, it can be used by at most 200 traffic mirror sources. If the traffic mirror destination is an ENI and the ENI is associated with an ECS instance of the following instance families, it can be used by at most 100 traffic mirror sources. If the associated ECS instance does not belong to the following instance families, the traffic mirror destination can be used by at most 10 traffic mirror sources. Instance family ecs.ebmc7.32xlarge, ecs.ebmg7.32xlarge, ecs.ebmr7.32xlarge, ecs.ebmhfg7.48xlarge, ecs.ebmhfc7.48xlarge, ecs.ebmhfr7.48xlarge, ecs.ebmc7a.64xlarge, ecs.ebmg7a.64xlarge, ecs.ebmg7se.32xlarge, ecs.ebmg6a.64xlarge, ecs.ebmg6e.26xlarge, ecs.ebmc6a.64xlarge, ecs.ebmc6e.26xlarge, ecs.ebmr7a.64xlarge, ecs.ebmr6a.64xlarge, ecs.ebmr6e.26xlarge, ecs.c8i.48xlarge, ecs.g8i.48xlarge, ecs.c7nex.32xlarge, ecs.g7ne.24xlarge, ecs.c7.32xlarge, ecs.g7.32xlarge, ecs.r7.32xlarge, ecs.g7t.32xlarge, ecs.g6t.26xlarge, ecs.g6e.26xlarge, ecs.c7t.32xlarge, ecs.c6t.26xlarge, ecs.c6e.26xlarge, ecs.g5ne.18xlarge, and ecs.r7t.32xlarge
Maximum number of rules that can be specified in each filter	10
Maximum number of traffic mirror sessions that can be associated with each filter	2,000
ECS instance families that do not support traffic mirroring	ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.c1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.se1ne, ecs.se1nec, ecs.sn1, ecs.sn1ne, ecs.sn1nec, ecs.sn2, ecs.sn2ne, ecs.sn2nec, ecs.t1, and ecs.xn4	N/A

Limits and quotas on VPC peering connections

Item	Default quota	Adjustable
The maximum number of VPC peering connections supported by each VPC	10	You can request a quota increase by using one of the following methods: Go to the Quota Management page to request a quota increase. For more information, see Manage VPC quotas. Log on to the Quota Center console to request a quota increase. For more information, see Request a quota increase.
The maximum number of VPC peering connections supported by each Alibaba Cloud account in each region	20
The maximum bandwidth supported by cross-border connections	1024 Mbps
The maximum bandwidth supported by inter-region connections	1024 Mbps
The default maximum bandwidth for intra-region connections	-1 Mbit/s, which indicates unlimited bandwidth

Limits and quotas on IPv4 gateways

Item	Limit	Adjustable
Maximum number of IPv4 gateways that can be created in each VPC	1	N/A
Maximum number of gateway route tables that can be associated with each IPv4 gateway	1	N/A

Limits and quotas on prefix lists

Item	Limit	Adjustable
Maximum number of entries supported by each prefix list	50	You can request a quota increase by using one of the following methods: Go to the Quota Management page and request a quota increase. For more information, see Manage VPC quotas. Go to the Quota Center page and request a quota increase. For more information, see Manage VPC quotas.
Maximum number of prefix lists that can be shared with each principal	10
Maximum number of principals with which each prefix list can be shared	10
Maximum number of prefix lists that a user can create in each region	10
Maximum number of times that each prefix list can be associated	Unlimited	N/A