This topic describes the limits on the usage and performance of IPsec-VPN connections. This topic also describes how to request a quota increase.
Limits on VPN gateways
Item | Limit | Adjustable |
Maximum number of VPN gateways that you can create within each Alibaba Cloud account | 30 Note This quota is determined only by the number of Alibaba Cloud accounts and is irrelevant to regions or virtual private clouds (VPCs). For example, for each Alibaba Cloud account:
| You can use one of the following methods to increase the quota:
|
Maximum bandwidth supported by a VPN gateway | 1000 Mbit/s Note The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information about the regions, see the Limits section of the "Create and manage a VPN gateway" topic. | N/A. You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
Maximum number of packets that each VPN gateway can transmit per second | 120,000 (256 bytes per packet) | N/A |
Maximum number of connections supported by a VPN gateway | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols. | N/A |
Maximum number of routes supported by the BGP route table of a VPN gateway | 50 | Submit a ticket or contact your account manager. You can increase the quota up to 200. |
Maximum number of policy-based routes supported by each VPN gateway | 20 | You can use one of the following methods to increase the quota:
|
Maximum number of destination-based routes supported by each VPN gateway | 30 |
Limits on customer gateways
Item | Limit | Adjustable |
Maximum number of customer gateways that you can create in each region | 150 | N/A |
Limits on IPsec-VPN connections
Item | Limit | Adjustable |
Maximum number of IPsec-VPN connections that you can create on each VPN gateway | 10 | You can use one of the following methods to increase the quota:
|
Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection | 5 | N/A |
Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection | 5 | |
Maximum number of transit routers that can be associated with an IPsec-VPN connection | 1 | |
Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router | 16 | |
The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transfer router | 1000 Mbit/s | N/A. You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
Maximum number of packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router | 120,000 (256 bytes per packet) | N/A |
Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols. | N/A |
Ports that are not supported by IPsec-VPN connections | 2222 Note Port 2222 is used only within a VPN gateway. Requests destined for port 2222 of an IPsec-VPN connection are dropped. | N/A |