A service quota is the maximum number of cloud resources that you can use or operations that you can perform for an Alibaba Cloud account. This topic describes the resource quotas for virtual private clouds (VPCs), including their names, default values, and whether they can be modified, along with other VPC-related limits.
Alibaba Cloud service quotas are typically applied on a per-account or per-region basis. They are categorized into the following types:
General quota: The maximum number of cloud resources that an Alibaba Cloud account can use.
API rate limit: The maximum frequency at which an Alibaba Cloud account can call the API operations of an Alibaba Cloud service. This is also known as a queries per second (QPS) limit.
Privilege quota: The permissions that are granted to an Alibaba Cloud account, such as the permission to use specific features.
You can log on to the Alibaba Cloud Quota Center console or the VPC console to view quotas or request quota increases. For more information, see Manage VPC quotas.
After a general quota is modified, the new quota takes effect for both new and existing resources.
General quotas
The following tables list the general quotas of VPC.
Limits and quotas of VPCs and vSwitches
Quota name | Description | Default limit | Increase quota |
vpc_quota_instances_num vpc_quota_instances_num_${RegionId} is higher than that of vpc_quota_instances_num | The number of VPCs that can be created in a region. | 10 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_instances_num_${RegionId} ${RegionId} is a variable that specifies a region. The quota name varies based on the region. | The number of VPCs that can be created in a specific region. | 10 | |
vpc_quota_vswitches_num | The number of vSwitches that can be created in a VPC. | 150 | |
vpc_quota_secondary_cidr_num | The number of secondary IPv4 CIDR blocks that can be created for a VPC. | 5 | |
None | The number of secondary IPv6 CIDR blocks that can be created for a VPC. | 5 | Cannot be increased. |
The number of reserved IPv4 CIDR blocks that can be created for a VPC. | 100 | ||
The number of reserved IPv6 CIDR blocks that can be created for a VPC. | 100 | ||
The number of user CIDR blocks that can be created in a VPC. | 3 | ||
The number of private IP addresses that can be used by cloud resources in a VPC. | 300,000 1. If an ECS instance has only one private IP address, the ECS instance uses only one network address. 2. If an ECS instance is associated with multiple ENIs or multiple IP addresses are configured for the ENIs, the number of network addresses used by the ECS instance is the sum of the IP addresses that are assigned to the ENIs associated with the ECS instance. | ||
The number of tags that can be added to a VPC. | 20 | ||
The number of tags that can be added to a vSwitch. | 20 |
Limits and quotas of vRouters and route tables
Quota name | Description | Default limit | Increase quota |
vpc_quota_route_tables_num | The number of custom route tables that can be created in a VPC. | 9 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_route_entrys_num | The maximum number of custom route entries per route table (excluding dynamically propagated route entries) | 200 | |
vpc_quota_dynamic_route_entrys_num | The number of routes that are dynamically propagated to a route table. | 500 | |
vpc_quota_havip_custom_route_entry | The maximum number of custom routes that can point to an HaVip instance. | 5 | |
vpc_quota_vpn_custom_route_entry | The maximum number of custom routes that can point to a VPN gateway in a VPC. | 50 | |
None | The number of tags that can be added to a route table. | 20 | Cannot be increased. |
The number of vRouters that can be created in a VPC. | 1 | ||
The maximum number of routes that can point to a transit router (TR) connection in a VPC. | 600 |
Limits and quotas of DHCP options sets
Quota name | Description | Default limit | Increase quota |
None | The number of DHCP options sets that can be created by an account. | 10 | Cannot be increased. |
The number of VPCs that can be associated with a DHCP options set. | 10 | ||
The number of DHCP options sets that can be associated with a VPC. | 1 | ||
The number of domain names that can be configured in a DHCP options set. | 1 | ||
The number of DNS server IP addresses that can be configured in a DHCP options set. | 4 |
Limits and quotas of shared VPCs
Quota name | Description | Default limit | Increase quota |
vpc_quota_sharedvpc_share_user_num_per_vpc | The number of vSwitch principals to which a VPC can be shared. | 50 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_sharedvpc_share_user_num_per_vswitch | The number of vSwitch principals to which a vSwitch in a VPC can be shared. | 50 | |
vpc_quota_sharedvpc_accept_shared_vswitch_num | The number of shared vSwitches that a vSwitch principal can accept. | 30 |
Limits and quotas of flow logs
Quota name | Description | Default limit | Increase quota |
vpc_quota_flowlog_inst_nums_per_user | The number of flow log instances that can be created by a user. | 10 | Go to the Quota Management page or Quota Center to request a quota increase. |
Limits and quotas of network ACLs
Quota name | Description | Default limit | Increase quota |
vpc_quota_nacl_ingress_entry | The number of inbound rules that can be created for a network ACL. If IPv6 is enabled for the VPC to which the network ACL belongs, the default number of IPv4 and IPv6 inbound rules that can be created is 20. | 20 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_nacl_egress_entry | The number of outbound rules that can be created for a network ACL. If IPv6 is enabled for the VPC to which the network ACL belongs, the default number of IPv4 and IPv6 inbound rules that can be created is 20. | 20 | |
nacl_quota_vpc_create_count | The number of network ACLs that can be created in a VPC. | 20 |
Limits and quotas of high-availability virtual IP addresses
Quota name | Description | Default limit | Increase quota |
None | The network type that supports high-availability virtual IP addresses (HaVips). | VPC | Cannot be increased. |
The number of HaVips that can be associated with an ECS instance at the same time. | 5 | ||
The number of EIPs that can be associated with an HaVip at the same time. | 1 | ||
The number of ECS instances or ENIs that can be associated with an HaVip at the same time. | 10 1. An HaVip can be associated with 10 ECS instances or 10 ENIs at the same time. However, an HaVip cannot be associated with ECS instances and ENIs at the same time. 2. An HaVip has the subnet property. It can be associated only with ECS instances or ENIs that are in the same vSwitch. | ||
Whether HaVips support broadcast and multicast communication. | No HaVips support only unicast communication. If you use third-party software such as Keepalived to implement high availability, you must change the communication mode to unicast in the configuration file. | ||
The number of HaVips that can be created by an account. | 50 | ||
The number of HaVips that can be created in a VPC. | 50 | ||
vpc_quota_havip_custom_route_entry | The number of route entries whose destination is an HaVip in a route table. | 5 | Go to the Quota Management page or Quota Center to request a quota increase. |
Limits and quotas of traffic mirroring
Quota name | Description | Default limit | Increase quota |
trafficmirror_quota_source_num_per_session | The number of traffic mirror sources that can be added to a traffic mirror session. | 10 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_traffic_mirror_source_num_per_large_ecs_target | The number of traffic mirror sources supported by a single traffic mirror destination when the destination is an ENI and the ENI is attached to an ECS instance of one of the following instance types. | 200 | |
vpc_quota_traffic_mirror_source_num_per_small_ecs_target | The number of traffic mirror sources supported by a single traffic mirror destination when the destination is an ENI and the ENI is not attached to an ECS instance of one of the following instance types. | 20 | |
vpc_quota_traffic_mirror_rules_num_per_filter | The number of filter rules supported by a single filter. | 20 | |
None | The maximum number of traffic mirror sessions that can be created by an account in a region. | 20,000 | Cannot be increased. |
The maximum number of traffic mirror sessions that can be created for a traffic mirror source. | 3 | ||
The number of traffic mirror sources supported by a single traffic mirror destination when the destination is a private Classic Load Balancer (CLB) instance. | 500 | ||
The number of traffic mirror sources supported by a single traffic mirror destination when the destination is a Gateway Load Balancer endpoint (GWLBe). | 500 | ||
The maximum number of filters that can be created by an account in a region. | 100 | ||
The number of traffic mirror sessions that can be associated with a single filter. | 2,000 |
Limits and quotas of VPC peering connections
Quota name | Description | Default limit | Increase quota |
vpc_quota_cross_region_peer_num_per_vpc | The number of cross-region VPC peering connections supported by a VPC. | 20 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_intra_region_peer_num_per_vpc | The number of intra-region VPC peering connections supported by a VPC. | 10 | |
vpc_quota_peer_num | The number of VPC peering connections supported by an Alibaba Cloud account in a region. | 20 | |
vpc_quota_peer_cross_border_bandwidth | The maximum cross-border bandwidth. | 1,024 Mbps | |
vpc_quota_peer_cross_region_bandwidth | The maximum cross-region bandwidth. | 1,024 Mbps |
Limits and quotas of IPv4 gateways
Quota name | Description | Default limit | Increase quota |
None | The number of IPv4 gateways supported by a VPC. | 1 | Cannot be increased. |
The number of gateway route tables supported by an IPv4 gateway. | 1 |
Limits and quotas of prefix lists
Quota name | Description | Default limit | Increase quota |
vpc_quota_prefixlist_num | The number of prefix lists that can be created by an Alibaba Cloud account. | 10 | Go to the Quota Management page or Quota Center to request a quota increase. |
vpc_quota_prefixlist_cidr_num_per_prefixlist | The number of CIDR entries supported by a prefix list. | 50 | |
vpc_quota_prefixlist_accept_shared_prefixlist_num | The number of shared prefix lists that a principal can accept. | 100 | |
vpc_quota_prefixlist_share_user_num_per_prefixlist | The number of principals to which a prefix list can be shared. | 10 |
Limits and quotas of IP Address Manager (IPAM)
Quota name | Description | Default limit | Increase quota |
ipam_quota_per_region | The number of IPAMs that can be created by each user in each region. | 1 | Cannot be increased. |
ipam_scope_quota_per_ipam | The number of IPAM scopes that can be created in each IPAM. | 5 | |
ipam_pool_quota_depth | The maximum depth of each IPAM pool. | 10 | |
ipam_cidr_quota_per_ipam_pool | The number of CIDRs that can be provisioned in each IPAM pool. | 50 | |
ipam_sub_pool_quota_per_ipam_pool | The number of sub-pools that can be created in each IPAM pool. | 50 | |
ipam_pool_quota_per_scope | The number of IPAM pools that can be created in each private IPAM scope. | 500 | |
ipam_resource_discovery_quota_per_region | The number of resource discoveries that can be created by an account in a region. | 1 | |
resource_share_quota_per_ipam_resource_discovery | The number of shared resources supported for creation by each resource discovery. | 100 | |
shared_ipam_resource_discovery_quota_per_user | The number of shared resource discoveries allowed for each user. | 100 | |
resource_share_quota_per_ipam_pool | The number of resource shares that can be created for each IPAM pool. | 100 | |
shared_ipam_pool_quota_per_user | The number of shared IPAM pools that each user can have. | 100 | |
ipam_public_ipv6_top_pool_quota_per_region_isp | The number of public top-level IPAM IPv6 pools each user can create for each ISP type in each region. | 1 | |
ipam_cidr_quota_per_public_ipv6_top_pool | The number of CIDRs each user can provision for public top-level IPAM IPv6 pools in each region. | 1 |
API rate limits
Limitations | Limit | Increase quota |
API rate limit | View the API rate limits in one of the following ways:
| Go to the Quota Management page or Quota Center to request a quota increase. |
Privilege quotas
The default value for a VPC privilege quota is 0. This means the feature is unavailable by default. You can use the feature only after you are granted the required permissions by Alibaba Cloud. The following table lists the privilege quotas for VPC.
Quota name | Description | Increase quota |
Havip_privilege_whitelist | Used to control the whitelist for a newly launched feature (HaVip) during the internal test phase where customers are invited to use the feature. | Go to the Quota Management page or Quota Center to request a quota increase. |