This topic describes the limits on the usage and performance of IPsec-VPN connections. This topic also describes how to request a quota increase.
Limits on VPN gateways
Item | Default value | Adjustable |
Maximum number of VPN gateways that you can create with each Alibaba Cloud account | 30 Note
| You can use one of the following methods to increase the quota:
|
Maximum bandwidth supported by a VPN gateway | 1000 Mbps Note The maximum bandwidth supported by VPN gateways in some regions is 500 Mbit/s. For more information about the regions, see the Limits section of the "Create and manage a VPN gateway" topic. | No You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
Total number of inbound and outbound packets that can be transmitted by a VPN gateway per second | 120,000 (256 bytes per packet) Note If a VPN gateway has multiple IPsec-VPN connections, the sum of inbound and outbound packets transmitted through these connections per second must not exceed 120,000. Each packet is 256 bytes in size. | No |
Maximum number of connections supported by a VPN gateway | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols. | No |
Maximum number of routes that can be learned by the BGP route table of a VPN gateway from a peer device | 50 | Submit a ticket or contact your account manager. The maximum quota is 200. |
Maximum number of policy-based routes supported by each VPN gateway | 20 | You can use one of the following methods to increase the quota:
|
Maximum number of destination-based routes supported by each VPN gateway | 30 |
Limits on customer gateways
Item | Default value | Adjustable |
Maximum number of customer gateways that you can create in each region | 150 | No |
Limits on IPsec-VPN connections
Item | Default value | Adjustable |
Maximum number of IPsec-VPN connections that you can create on each VPN gateway | 10 | You can use one of the following methods to increase the quota:
|
Maximum number of local CIDR blocks that can be added to each IPsec-VPN connection | 5 | No |
Maximum number of peer CIDR blocks that can be added to each IPsec-VPN connection | 5 | |
Maximum number of transit routers that can be associated with an IPsec-VPN connection | 1 | |
Maximum number of IPsec-VPN connections for equal-cost multi-path (ECMP) routing supported by a transit router | 16 | |
Maximum number of routes that can be learned by the BGP route table from a peer device after an IPsec-VPN connection is associated with a transit router |
|
|
The bandwidth supported by an IPsec-VPN connection after the IPsec-VPN connection is associated with a transfer router |
| No You can increase the bandwidth of an IPsec-VPN connection by using other methods. For more information, see the How do I increase the maximum bandwidth of IPsec-VPN connections? section of the "FAQ about VPN gateways" topic. |
Total number of inbound and outbound packets that can be transmitted per second through an IPsec-VPN connection after the IPsec-VPN connection is associated with a transit router |
| No |
Maximum number of connections supported by an IPsec-VPN after the IPsec-VPN connection is associated with a transit router | 200,000 Note A network 5-tuple uniquely identifies a connection. A 5-tuple consists of a source IP address, a destination IP address, a source port number, a destination port number, and the protocol in use. The connections can be established by using the TCP, UDP, and Internet Control Message Protocol (ICMP) protocols. | No |
Ports that are not supported by IPsec-VPN connections | 2222 Note Port 2222 is used only within a VPN gateway. Requests destined for port 2222 of an IPsec-VPN connection are dropped. | No |