Alibaba Cloud sets default quotas on the cloud resources and API operations for each Alibaba Cloud account. You can apply for increases in some of the quotas based on your business requirements. This topic describes the quota items and their default values of VPN Gateway, as well as whether the quotas are adjustable.
Overview
Quotas are set on a per-region or per-account basis. Quotas are categorized into the following types:
General quotas: the limits on cloud resources that are available to an Alibaba Cloud account.
API rate limits: the limits on API calls that an Alibaba Cloud account can make in a specific period of time. API rate limits are also known as QPS limits.
Privileges: the permissions to use advanced features. Privileges are granted by Alibaba Cloud to an account.
VPN Gateway is subject to general quotas, API rate limits, and privileges. You can apply for increases on some of the quotas. You can log on to the Quota Center console or VPC console to view quotas or request a quota increase. For more information about how to manage VPN Gateway quotas, see Manage VPN Gateway quotas.
General quotas
The following table describes the general quotas of VPN Gateway.
The quotas listed in this topic are for reference only. The actual quotas in the console shall prevail.
VPN gateway
Name | Description | Limit | Adjustable |
vpn_quota_instances_num | Maximum number of VPN gateways that you can create with each Alibaba Cloud account | 30 Note This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or VPCs. For example, for each Alibaba Cloud account:
| |
N/A | Maximum bandwidth supported by a VPN gateway | 1000 Mbps Note The maximum bandwidth supported by VPN gateways in some regions is 200 Mbit/s. For more information about the regions, see Limits on VPN gateways. | N/A You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. . |
N/A | Maximum number of packets that each VPN gateway can transmit per second | 120,000 (256 bytes per packet) | N/A |
N/A | Maximum number of connections supported by a VPN gateway | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | N/A |
N/A | Maximum number of routes supported by the BGP route table of a VPN gateway | 50 | Submit a ticket or contact your account manager. The maximum quota is 200. |
vpn_pbr_route_entry_quota | Maximum number of policy-based routes supported by each VPN gateway | 20 | |
vpn_route_entry_quota | Maximum number of destination-based routes supported by each VPN gateway | 30 |
Customer gateway
Name | Description | Limit | Adjustable |
N/A | Maximum number of customer gateways that you can create in each region | 150 | N/A |
IPsec-VPN
Name | Description | Limit | Adjustable |
vpn_quota_ipsec_connetcions_num | Maximum number of IPsec-VPN connections that you can create on each VPN gateway | 10 | |
N/A | Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection | 5 | N/A |
N/A | Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection | 5 | |
N/A | Maximum number of transit routers that can be associated with an IPsec-VPN connection | 1 | |
N/A | The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router | 1 Gbps | N/A You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
N/A | Maximum number of packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router | 120,000 (256 bytes per packet) | N/A |
N/A | Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router | 200,000 null A network 5-tuple uniquely identifies a connection. A 5-tuple includes a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and ICMP protocols. | |
N/A | Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router | 16 |
SSL-VPN
Name | Description | Limit | Adjustable |
vpn_quota_ssl_cert_num | Maximum number of SSL client certificates that you can create with each Alibaba Cloud account | 50 | |
N/A | Maximum number of SSL servers that can be associated with each VPN gateway | 1 | N/A |
N/A | Maximum number of local CIDR blocks that can be added to each SSL server | 5 | |
N/A | Maximum number of peer CIDR blocks that can be added to each SSL server | 1 | |
N/A | Validity period of an SSL client certificate | Three years |
IPsec-VPN server
Name | Description | Limit | Adjustable |
N/A | Maximum number of IPsec servers that you can create on each VPN gateway | 1 | N/A |
N/A | Maximum number of clients supported by an IPsec server | 50 |
API rate limit
The following table describes the API rate limits of VPN Gateway.
API | Version | Default value | Description | Adjustable |
CreateSslVpnClientCert | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateSslVpnClientCert operation per minute | No |
CreateSslVpnServer | 2016-04-28 | 100/3600(s) | Maximum number of times that each Alibaba Cloud account can call the CreateSslVpnServer operation per hour | No |
CreateVpnConnection | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnConnection operation per minute | No |
CreateVpnGateway | 2016-04-28 | 60/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnGateway operation per minute | No |
CreateVpnPbrRouteEntry | 2016-04-28 | 20/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnPbrRouteEntry operation per minute | No |
CreateVpnRouteEntry | 2016-04-28 | 10/60(s) | Maximum number of times that each Alibaba Cloud account can call the CreateVpnRouteEntry operation per minute | No |
DescribeSslVpnClientCerts | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the DescribeSslVpnClientCerts operation per minute | No |
DescribeVpnGateways | 2016-04-28 | 120/60(s) | Maximum number of times that each Alibaba Cloud account can call the DescribeVpnGateways operation per minute | No |