This document lists the quotas and system limits that apply to Media CDN. Quotas specify the amount of a countable, shared resource that you can use, and they are defined by Google Cloud services such as Media CDN. System limits are fixed values that cannot be changed.
Google Cloud uses quotas to help ensure fairness and reduce spikes in resource use and availability. A quota restricts how much of a Google Cloud resource your Google Cloud project can use. Quotas apply to a range of resource types, including hardware, software, and network components. For example, quotas can restrict the number of API calls to a service, the number of load balancers used concurrently by your project, or the number of projects that you can create. Quotas protect the community of Google Cloud users by preventing the overloading of services. Quotas also help you to manage your own Google Cloud resources.
The Cloud Quotas system does the following:
- Monitors your consumption of Google Cloud products and services
- Restricts your consumption of those resources
- Provides a way to request changes to the quota value
In most cases, when you attempt to consume more of a resource than its quota allows, the system blocks access to the resource, and the task that you're trying to perform fails.
Quotas generally apply at the Google Cloud project level. Your use of a resource in one project doesn't affect your available quota in another project. Within a Google Cloud project, quotas are shared across all applications and IP addresses.
There are also system limits on Media CDN resources. System limits can't be changed.
Limits
The following limits apply to Media CDN.
Configuration
Item | Limits | Notes |
---|---|---|
Maximum number of EdgeCacheService |
20 per project | Contact your Google Cloud sales team if you need to increase this limit. |
Maximum number of EdgeCacheOrigin |
30 per project | Contact your Google Cloud sales team if you need to increase this limit. |
Maximum number of EdgeCacheKeyset |
10 per project | Contact your Google Cloud sales team if you need to increase this limit. |
Maximum number of RouteRules per
EdgeCacheService |
2000 | Each This limit cannot be increased. |
Maximum SSL certificates per Service | 5 | This limit cannot be increased. Also refer to the per project quota for SSL certificates. |
Maximum number of public keys per
EdgeCacheKeyset |
3 | This limit cannot be increased. Multiple keys in a Keyset are designed to enable key rotation: you should remove older and unused keys over time. |
Maximum number of validation shared keys per
EdgeCacheKeyset |
3 | This limit cannot be increased. Multiple keys in a Keyset are designed to enable key rotation: you should remove older and unused keys over time. |
HTTP headers, requests, and responses
Item | Limits | Notes |
---|---|---|
Maximum request header size | Approx. 11 KiB | This limit cannot be increased.
The combined size of the request URL and request header is limited to 15 KiB. Requests are rejected with a HTTP 431 response for HTTP/1.1 connections. HTTP/2 connections are closed without a response code being written.
These requests are logged with a |
Maximum request body size | 16 KiB | Requests with a body over this limit are rejected with an HTTP
413 Content Too Large status code.
|
Maximum response header size | Approx. 128 KiB | This limit cannot be increased.
Origin responses with headers that exceed this limit result in an HTTP
502 being sent to the client. These are logged with a |
Maximum cacheable object size | 100 GiB | This limit cannot be increased.
This is the maximum size of objects at the origin that Media CDN can cache. Larger objects are treated as uncacheable. |
Maximum uncacheable response size | 500 MiB | This limit cannot be increased.
This is the maximum number of bytes in a response body that Media CDN proxies when an object is uncacheable. Uncacheable responses are truncated after they hit the limit. |
Lowercase conversion for headers | Always, for Media CDN | Media CDN follows HTTP/2 conventions for letter
case of request and response headers.
Regardless of the protocol used, all headers are converted to lower-case.
For example, The cases of header values are not changed. |
API request rate limits
If you need a higher rate limit for API requests, you can review the current use and request an increase.
Item | Limits |
---|---|
Invalidations | 10 per minute per EdgeCacheService |
All of the calls that aren't in the
networkservices namespace |
1200 calls per minute per project |
Read-only: GetEdgeCache* ,
ListEdgeCache* |
100 per minute per project |
Read/write: everything in the networkservices
namespace not marked as read-only |
100 per minute per project |
Client timeouts
Timeout | Maximum duration | Response code | Description |
---|---|---|---|
Maximum request duration | 5 minutes | HTTP 408 (Request Timeout) | The maximum duration of a single request-response. |
Header timeout | 10 seconds | HTTP 408 (Request Timeout) | How long the client has to send the full set of request headers. |
Origin timeouts
connectTimeout
andmaxAttemptsTimeout
limit how long Media CDN takes to find a usable response.Both timeouts include the time that the origin takes to return headers and to determine whether to use a failover or redirect.
connectTimeout
applies independently for each origin attempt, whilemaxAttemptsTimeout
includes the time required to connect across all origin attempts, including failovers and redirects. Following a redirect counts as an additional attempt to connect to the origin, and counts toward themaxAttempts
set for the configured origin.When Media CDN encounters a non-redirect response, such as from a redirect or failover origin, the
readTimeout
andresponseTimeout
values apply. Redirected origins use theconnectTimeout
,readTimeout
, andresponseTimeout
values configured for theEdgeCacheOrigin
that encountered the redirect.responseTimeout
andreadTimeout
control how long a streamed response can take. After Media CDN determines that it's going to use an upstream response, neitherconnectTimeout
normaxAttemptsTimeout
matter. At this point,readTimeout
andresponseTimeout
come into effect.
Media CDN makes at most four origin attempts across all origins,
regardless of the maxAttempts
set by each EdgeCacheOrigin
.
Media CDN uses the maxAttemptsTimeout
value from the primary
EdgeCacheOrigin
. The per-attempt timeout values (connectTimeout
,
readTimeout
, and responseTimeout
) are configured for the EdgeCacheOrigin
of each attempt.
The following table describes the timeout fields:
Field | Default | Description |
---|---|---|
connectTimeout | 5 seconds | The maximum amount of time Media CDN can take from
starting the request to the origin until Media CDN determines
whether the response is usable. Practically, The timeout must be a value between 1 second and 15 seconds. |
maxAttemptsTimeout | 15 seconds | The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. An HTTP 504 is returned if the timeout is reached before a response is returned. The timeout must be a value between 1 second and 30 seconds. This setting defines the total duration for all origin
connection attempts, including failover origins, in order to cap the
total time clients have to wait for content to start streaming. Only the first
|
readTimeout | 15 seconds | The maximum duration to wait between reads of a single HTTP response.
The |
responseTimeout | 30 seconds | The maximum duration to allow for a response to complete. The timeout must be a value between 1 second and 120 seconds. The duration is measured from the time that the first body bytes are received. If this timeout is reached before the response is complete, the response is truncated and logged. |
Manage quotas
Media CDN enforces quotas on resource usage for various reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.
All projects start with the same quotas, which you can change by requesting additional quota. Some quotas might increase automatically based on your use of a product.
Permissions
To view quotas or request quota increases, Identity and Access Management (IAM) principals need one of the following roles.
Task | Required role |
---|---|
Check quotas for a project | One of the following:
|
Modify quotas, request additional quota | One of the following:
|
Check your quota
Console
- In the Google Cloud console, go to the Quotas page.
- To search for the quota that you want to update, use the Filter table. If you don't know the name of the quota, use the links on this page instead.
gcloud
Using the Google Cloud CLI, run the following command to
check your quotas. Replace PROJECT_ID
with your own project ID.
gcloud compute project-info describe --project PROJECT_ID
To check your used quota in a region, run the following command:
gcloud compute regions describe example-region
Errors when exceeding your quota
If you exceed a quota with a gcloud
command,
gcloud
outputs a quota exceeded
error
message and returns with the exit code 1
.
If you exceed a quota with an API request, Google Cloud returns the
following HTTP status code: 413 Request Entity Too Large
.
Request additional quota
To adjust most quotas, use the Google Cloud console. For more information, see Request a quota adjustment.
Console
- In the Google Cloud console, go to the Quotas page.
- On the Quotas page, select the quotas that you want to change.
- At the top of the page, click Edit quotas.
- For Name, enter your name.
- Optional: For Phone, enter a phone number.
- Submit your request. Quota requests take 24 to 48 hours to process.
Resource availability
Each quota represents a maximum number for a particular type of resource that you can create, if that resource is available. It's important to note that quotas don't guarantee resource availability. Even if you have available quota, you can't create a new resource if it is not available.
For example, you might have sufficient quota to create a new regional, external IP address
in the us-central1
region. However, that is not possible if there are no
available external IP addresses in that region. Zonal resource
availability can also affect your ability to create a new resource.
Situations where resources are unavailable in an entire region are rare. However, resources within a zone can be depleted from time to time, typically without impact to the service level agreement (SLA) for the type of resource. For more information, review the relevant SLA for the resource.