Quotas and limits in Virtual Private Cloud
Yandex Virtual Private Cloud
Yandex Virtual Private Cloud has the following limits:
- Quotas are organizational restrictions that can be changed by technical support.
- Limits are technical limitations due to Yandex Cloud architectural features. You cannot change the limits.
If you need more resources, you can increase quotas in one of the following ways:
- Generate a request for a quota increase. You must have the
quota-manager.requestOperatorrole or higher, such aseditororadmin. - Contact technical support and tell us which quotas you want increased and by how much.
Quotas
| Type of limit | Value |
|---|---|
| Number of cloud networks per cloud | 2 |
| Number of subnets per cloud | 6 |
| Number of all public IP addresses per cloud | 8 |
| Number of static public IP addresses per cloud | 2 |
| Number of routing tables per cloud | 8 |
| Number of static routes per cloud | 256 |
| Maximum number of security groups | 10 |
| Maximum number of security groups per interface | 5 |
Limits
| Type of limit | Value |
|---|---|
| Minimum CIDR size for a subnet | /28 |
| Maximum CIDR size for a subnet | /16 |
| Maximum number of VM connections when using custom security groups1 2 | 350,000 |
| Supported network and transport layer protocols | IP, ICMP, TCP, UDP, GRE, ESP, AH |
| Maximum number of rules per security group | 50 |
| Maximum number of CIDRs per rule | 50 |
| Size of the DNS server IP address list | 100 characters |
| Maximum number of DNS requests to a DNS server (second address in a subnet) | 1,000 requests per second |
| Maximum number of NAT gateways | 20 |
1 All TCP and UDP connections opened and half-opened within 180 seconds are taken into account. If there are no data or keep-alive packets in the connection during this time, it is forcibly closed.
2 The old network diagram had a limit of 50,000 connections.
Outgoing traffic filtering
Yandex Cloud automatically blocks traffic sent from Virtual Private Cloud public IPs to TCP port 25 of any servers on the internet and Yandex Compute Cloud VMs. The only exception is the traffic sent to Yandex Mail email servers, which is allowed and not blocked.
Yandex Cloud can provide a special public IP address with TCP port 25 opened upon request to the support team if you follow the Acceptable Use Policy. In case you violate the Policy, Yandex Cloud can block outgoing traffic on TCP port 25 again.
For public IPs that are already in use, port 25 cannot be opened.