All Products
Search
Document Center

VPN Gateway:Limits

Last Updated:Aug 06, 2024

This topic describes the limits on the usage and performance of IPsec-VPN connections. This topic also describes how to request a quota increase.

Limits on VPN gateways

Item

Limit

Adjustable

Maximum number of VPN gateways that you can create within each Alibaba Cloud account

30

Note

This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or virtual private clouds (VPCs).

For example, for each Alibaba Cloud account:

  • You can create up to 30 VPN gateways for one VPC in one region.

  • You can create a total of up to 30 VPN gateways for multiple VPCs in multiple regions.

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Increase quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Increase quotas section of the "Manage VPN Gateway quotas" topic.

Maximum bandwidth supported by a VPN gateway

1000 Mbit/s

Note

The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information about the regions, see the Limits section of the "Create and manage a VPN gateway" topic.

N/A.

You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic.

Maximum number of packets that each VPN gateway can transmit per second

120,000 (256 bytes per packet)

N/A

Maximum number of connections supported by a VPN gateway

200,000

Note

A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols.

N/A

Maximum number of routes supported by the BGP route table of a VPN gateway

50

Submit a ticket or contact your account manager.

You can increase the quota up to 200.

Maximum number of policy-based routes supported by each VPN gateway

20

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Increase quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Increase quotas section of the "Manage VPN Gateway quotas" topic.

Maximum number of destination-based routes supported by each VPN gateway

30

Limits on customer gateways

Item

Limit

Adjustable

Maximum number of customer gateways that you can create in each region

150

N/A

Limits on IPsec-VPN connections

Item

Limit

Adjustable

Maximum number of IPsec-VPN connections that you can create on each VPN gateway

10

You can use one of the following methods to increase the quota:

  • Go to the Quota Management page and request a quota increase. For more information, see the Increase quotas section of the "Manage VPN Gateway quotas" topic.

  • Go to the Quota Center console and request a quota increase. For more information, see the Increase quotas section of the "Manage VPN Gateway quotas" topic.

Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection

5

N/A

Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection

5

Maximum number of transit routers that can be associated with an IPsec-VPN connection

1

Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router

16

The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transfer router

1000 Mbit/s

N/A.

You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic.

Maximum number of packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router

120,000 (256 bytes per packet)

N/A

Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router

200,000

Note

A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols.

N/A

Ports that are not supported by IPsec-VPN connections

2222

Note

Port 2222 is used only within a VPN gateway. Requests destined for port 2222 of an IPsec-VPN connection are dropped.

N/A