All Products
Search

This Product

    VPN Gateway:Quotas

    Document Center

    VPN Gateway:Quotas

    Last Updated:Nov 06, 2023

    Alibaba Cloud sets default quotas on the cloud resources and API operations for each Alibaba Cloud account. You can apply for increases in some of the quotas based on your business requirements. This topic describes the quota items and their default values of VPN Gateway, as well as whether the quotas are adjustable.

    Overview

    Quotas are set on a per-region or per-account basis. Quotas are categorized into the following types:

    • General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.

    • API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as QPS limits.

    • Privileges: the permissions to use advanced features. Privileges are granted by Alibaba Cloud to an account.

    VPN Gateway is subject to general quotas, API rate limits, and privileges. You can apply for increases on some of the quotas. You can log on to the Quota Center console or VPC console to view quotas or request a quota increase. For more information about how to manage VPN Gateway quotas, see Manage VPN Gateway quotas.

    General quotas

    The following table describes the general quotas of VPN Gateway.

    Note

    The quotas listed in this topic are for reference only. The actual quotas in the console shall prevail.

    VPN gateway

    Name

    Description

    Limit

    Adjustable

    vpn_quota_instances_num

    Maximum number of VPN gateways that you can create with each Alibaba Cloud account

    30

    Note

    This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs.

    For example, for each Alibaba Cloud account:

    • You can create at most 30 VPN gateways for one VPC in one region.

    • You can create at most 30 VPN gateways for multiple VPCs in multiple regions.

    Yes

    N/A

    Maximum bandwidth supported by a VPN gateway

    1000 Mbps

    Note

    The maximum bandwidth supported by VPN gateways in some regions is 200 Mbit/s. For more information about the regions, see Limits on VPN gateways.

    N/A

    You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. .

    N/A

    Maximum number of packets that each VPN gateway can transmit per second

    120,000 (256 bytes per packet)

    N/A

    N/A

    Maximum number of connections supported by a VPN gateway

    200,000

    Note

    A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols.

    N/A

    N/A

    Maximum number of routes supported by the BGP route table of a VPN gateway

    50

    Submit a ticket or contact your account manager.

    The maximum quota is 200.

    vpn_pbr_route_entry_quota

    Maximum number of policy-based routes supported by each VPN gateway

    20

    Yes

    vpn_route_entry_quota

    Maximum number of destination-based routes supported by each VPN gateway

    30

    Yes

    Customer gateway

    Name

    Description

    Limit

    Adjustable

    N/A

    Maximum number of customer gateways that you can create in each region

    150

    N/A

    IPsec-VPN

    Name

    Description

    Limit

    Adjustable

    vpn_quota_ipsec_connetcions_num

    Maximum number of IPsec-VPN connections that you can create on each VPN gateway

    10

    Yes

    N/A

    Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection

    5

    N/A

    N/A

    Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection

    5

    N/A

    Maximum number of transit routers that can be associated with an IPsec-VPN connection

    1

    N/A

    The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router

    1 Gbps

    N/A

    You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic.

    N/A

    Maximum number of packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router

    120,000 (256 bytes per packet)

    N/A

    N/A

    Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router

    200,000

    null

    A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols.

    N/A

    Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router

    16

    SSL-VPN

    Name

    Description

    Limit

    Adjustable

    vpn_quota_ssl_cert_num

    Maximum number of SSL client certificates that you can create with each Alibaba Cloud account

    50

    Yes

    N/A

    Maximum number of SSL servers that can be associated with each VPN gateway

    1

    N/A

    N/A

    Maximum number of local CIDR blocks that can be added to each SSL server

    5

    N/A

    Maximum number of peer CIDR blocks that can be added to each SSL server

    1

    N/A

    Validity period of an SSL client certificate

    Three years

    IPsec-VPN server

    Name

    Description

    Limit

    Adjustable

    N/A

    Maximum number of IPsec servers that you can create on each VPN gateway

    1

    N/A

    N/A

    Maximum number of clients supported by an IPsec server

    50

    API rate limit

    The following table describes the API rate limits of VPN Gateway.

    API

    Version

    Default value

    Description

    Adjustable

    CreateSslVpnClientCert

    2016-04-28

    120/60(s)

    Maximum number of times that each Alibaba Cloud account can call the CreateSslVpnClientCert operation per minute

    No

    CreateSslVpnServer

    2016-04-28

    100/3600(s)

    Maximum number of times that each Alibaba Cloud account can call the CreateSslVpnServer operation per hour

    No

    CreateVpnConnection

    2016-04-28

    120/60(s)

    Maximum number of times that each Alibaba Cloud account can call the CreateVpnConnection operation per minute

    No

    CreateVpnGateway

    2016-04-28

    60/60(s)

    Maximum number of times that each Alibaba Cloud account can call the CreateVpnGateway operation per minute

    No

    CreateVpnPbrRouteEntry

    2016-04-28

    20/60(s)

    Maximum number of times that each Alibaba Cloud account can call the CreateVpnPbrRouteEntry operation per minute

    No

    CreateVpnRouteEntry

    2016-04-28

    10/60(s)

    Maximum number of times that each Alibaba Cloud account can call the CreateVpnRouteEntry operation per minute

    No

    DescribeSslVpnClientCerts

    2016-04-28

    120/60(s)

    Maximum number of times that each Alibaba Cloud account can call the DescribeSslVpnClientCerts operation per minute

    No

    DescribeVpnGateways

    2016-04-28

    120/60(s)

    Maximum number of times that each Alibaba Cloud account can call the DescribeVpnGateways operation per minute

    No