Quotas and limits in Virtual Private Cloud
Yandex Virtual Private Cloud
Yandex Virtual Private Cloud has the following limits:
- Quotas are organizational constraints that our support team can change upon request.
- Limits are technical constraints of the Yandex Cloud architecture. You cannot change the limits.
If you need more resources, you can increase your quotas in one of the following ways:
- Make a request to increase your quotas.
- Contact support, detailing which quotas you want increased and by how much.
To have your request processed, you must have the quota-manager.requestOperator role or higher, e.g.,editor or admin.
You can manage quotas using Cloud Quota Manager.
Quotas
| Type of limit | Value |
|---|---|
| Number of cloud networks per cloud | 2 |
| Number of subnets per cloud | 6 |
| Number of all public IP addresses per cloud | 8 |
| Number of static public IP addresses per cloud | 2 |
| Number of routing tables per cloud | 8 |
| Number of static routes per cloud | 256 |
| Maximum number of security groups | 10 |
| Maximum number of security groups per interface | 5 |
Limits
| Type of limit | Value |
|---|---|
| Minimum CIDR size for a subnet | /28 |
| Maximum CIDR size for a subnet | /16 |
| Maximum number of VM connections when using custom security groups1 2 | 350,000 |
| Supported network and transport layer protocols | IP, ICMP, TCP, UDP, GRE, ESP, AH |
| Maximum number of rules per security group | 50 |
| Maximum number of CIDRs per rule | 50 |
| Size of the DNS server IP address list | 100 characters |
| Maximum number of DNS requests to a DNS server (second address in a subnet) | 1,000 requests per second |
| Maximum number of NAT gateways | 20 |
1 All TCP and UDP connections opened and half-opened within 180 seconds are taken into account. If there are no data or keep-alive packets in the connection during this time, it is forcibly closed.
2 The old network diagram had a limit of 50,000 connections.
Outgoing traffic filtering
Yandex Cloud automatically blocks traffic sent from Virtual Private Cloud public IP addresses to TCP port 25 of any servers on the internet and Yandex Compute Cloud VMs. The only exception is the traffic sent to Yandex Mail email servers, which is allowed and not blocked.
Yandex Cloud can provide a special public IP address with TCP port 25 opened upon request to the support team if you follow the Acceptable Use Policy. In case you violate the Policy, Yandex Cloud may block outgoing traffic on TCP port 25 again.
For public IP addresses that are already in use, port 25 cannot be opened.