Quotas and limits

This document lists the quotas and system limits that apply to Media CDN. Quotas specify the amount of a countable, shared resource that you can use, and they are defined by Google Cloud services such as Media CDN. System limits are fixed values that cannot be changed.

Google Cloud uses quotas to help ensure fairness and reduce spikes in resource use and availability. A quota restricts how much of a Google Cloud resource your Google Cloud project can use. Quotas apply to a range of resource types, including hardware, software, and network components. For example, quotas can restrict the number of API calls to a service, the number of load balancers used concurrently by your project, or the number of projects that you can create. Quotas protect the community of Google Cloud users by preventing the overloading of services. Quotas also help you to manage your own Google Cloud resources.

The Cloud Quotas system does the following:

Monitors your consumption of Google Cloud products and services
Restricts your consumption of those resources
Provides a way to request changes to the quota value

In most cases, when you attempt to consume more of a resource than its quota allows, the system blocks access to the resource, and the task that you're trying to perform fails.

Quotas generally apply at the Google Cloud project level. Your use of a resource in one project doesn't affect your available quota in another project. Within a Google Cloud project, quotas are shared across all applications and IP addresses.

There are also system limits on Media CDN resources. System limits can't be changed.

Limits

The following limits apply to Media CDN.

Configuration

Item	Limits	Notes
Maximum number of `EdgeCacheService`	20 per project	Contact your Google Cloud sales team if you need to increase this limit.
Maximum number of `EdgeCacheOrigin`	30 per project	Contact your Google Cloud sales team if you need to increase this limit.
Maximum number of `EdgeCacheKeyset`	10 per project	Contact your Google Cloud sales team if you need to increase this limit.
Maximum number of `RouteRules` per `EdgeCacheService`	2000	Each `EdgeCacheService` can define up to 10 `PathMatchers`, and each `PathMatcher` can define up to 200 `RouteRules`. This limit cannot be increased.
Maximum SSL certificates per Service	5	This limit cannot be increased. Also refer to the per project quota for SSL certificates.
Maximum number of public keys per `EdgeCacheKeyset`	3	This limit cannot be increased. Multiple keys in a Keyset are designed to enable key rotation: you should remove older and unused keys over time.
Maximum number of validation shared keys per `EdgeCacheKeyset`	3	This limit cannot be increased. Multiple keys in a Keyset are designed to enable key rotation: you should remove older and unused keys over time.

HTTP headers, requests, and responses

Item	Limits	Notes
Maximum request header size	Approx. 11 KiB	This limit cannot be increased. The combined size of the request URL and request header is limited to 15 KiB. Requests are rejected with a HTTP 431 response for HTTP/1.1 connections. HTTP/2 connections are closed without a response code being written. These requests are logged with a `statusDetails` of `headers_too_long`, if logging is enabled.
Maximum request body size	16 KiB	Requests with a body over this limit are rejected with an HTTP `413 Content Too Large` status code.
Maximum response header size	Approx. 128 KiB	This limit cannot be increased. Origin responses with headers that exceed this limit result in an HTTP 502 being sent to the client. These are logged with a `statusDetails` of `backend_response_headers_too_long`, if logging is enabled.
Maximum cacheable object size	100 GiB	This limit cannot be increased. This is the maximum size of objects at the origin that Media CDN can cache. Larger objects are treated as uncacheable.
Maximum uncacheable response size	500 MiB	This limit cannot be increased. This is the maximum number of bytes in a response body that Media CDN proxies when an object is uncacheable. Uncacheable responses are truncated after they hit the limit.
Lowercase conversion for headers	Always, for Media CDN	Media CDN follows HTTP/2 conventions for letter case of request and response headers. Regardless of the protocol used, all headers are converted to lower-case. For example, `Host` becomes `host`, and `Keep-Alive` becomes `keep-alive`. The cases of header values are not changed.

API request rate limits

If you need a higher rate limit for API requests, you can review the current use and request an increase.

Item	Limits
Invalidations	10 per minute per `EdgeCacheService`
All of the calls that aren't in the `networkservices` namespace	1200 calls per minute per project
*Read-only: `GetEdgeCache`, `ListEdgeCache`*	100 per minute per project
Read/write: everything in the `networkservices` namespace not marked as read-only	100 per minute per project

Client timeouts

Timeout	Maximum duration	Response code	Description
Maximum request duration	5 minutes	HTTP 408 (Request Timeout)	The maximum duration of a single request-response.
Header timeout	10 seconds	HTTP 408 (Request Timeout)	How long the client has to send the full set of request headers.

Origin timeouts

connectTimeout and maxAttemptsTimeout limit how long Media CDN takes to find a usable response.

Both timeouts include the time that the origin takes to return headers and to determine whether to use a failover or redirect. connectTimeout applies independently for each origin attempt, while maxAttemptsTimeout includes the time required to connect across all origin attempts, including failovers and redirects. Following a redirect counts as an additional attempt to connect to the origin, and counts toward the maxAttempts set for the configured origin.

When Media CDN encounters a non-redirect response, such as from a redirect or failover origin, the readTimeout and responseTimeout values apply. Redirected origins use the connectTimeout, readTimeout, and responseTimeout values configured for the EdgeCacheOrigin that encountered the redirect.
responseTimeout and readTimeout control how long a streamed response can take. After Media CDN determines that it's going to use an upstream response, neither connectTimeout nor maxAttemptsTimeout matter. At this point, readTimeout and responseTimeout come into effect.

Media CDN makes at most four origin attempts across all origins, regardless of the maxAttempts set by each EdgeCacheOrigin. Media CDN uses the maxAttemptsTimeout value from the primary EdgeCacheOrigin. The per-attempt timeout values (connectTimeout, readTimeout, and responseTimeout) are configured for the EdgeCacheOrigin of each attempt.

The following table describes the timeout fields:

Field	Default	Description
connectTimeout	5 seconds	The maximum amount of time Media CDN can take from starting the request to the origin until Media CDN determines whether the response is usable. Practically, `connectTimeout` covers the time starting with creating the request, then doing DNS lookups, then doing TLS handshakes, TCP/QUIC connection establishment, through getting the response headers that contain the HTTP status code. The timeout must be a value between 1 second and 15 seconds.
maxAttemptsTimeout	15 seconds	The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. An HTTP 504 is returned if the timeout is reached before a response is returned. The timeout must be a value between 1 second and 30 seconds. This setting defines the total duration for all origin connection attempts, including failover origins, in order to cap the total time clients have to wait for content to start streaming. Only the first `maxAttemptsTimeout` value is used, where the first is defined by the origin configured for the given route.
readTimeout	15 seconds	The maximum duration to wait between reads of a single HTTP response. The `readTimeout` is capped by the `responseTimeout`. All reads of the HTTP response must be completed by the deadline set by the `responseTimeout`. The timeout must be a value between 1 second and 30 seconds. If this timeout is reached before the response is complete, the response is truncated and logged.
responseTimeout	30 seconds	The maximum duration to allow for a response to complete. The timeout must be a value between 1 second and 120 seconds. The duration is measured from the time that the first body bytes are received. If this timeout is reached before the response is complete, the response is truncated and logged.

Manage quotas

Media CDN enforces quotas on resource usage for various reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.

All projects start with the same quotas, which you can change by requesting additional quota. Some quotas might increase automatically based on your use of a product.

Permissions

To view quotas or request quota increases, Identity and Access Management (IAM) principals need one of the following roles.

Task	Required role
Check quotas for a project	One of the following: Project Owner (`roles/owner`) Project Editor (`roles/editor`) Quota Viewer (`roles/servicemanagement.quotaViewer`)
Modify quotas, request additional quota	One of the following: Project Owner (`roles/owner`) Project Editor (`roles/editor`) Quota Administrator (`roles/servicemanagement.quotaAdmin`) A custom role with the `serviceusage.quotas.update` permission

Check your quota

Console

In the Google Cloud console, go to the Quotas page.
Go to Quotas
To search for the quota that you want to update, use the Filter table. If you don't know the name of the quota, use the links on this page instead.

gcloud

Using the Google Cloud CLI, run the following command to check your quotas. Replace PROJECT_ID with your own project ID.

    gcloud compute project-info describe --project PROJECT_ID

To check your used quota in a region, run the following command:

    gcloud compute regions describe example-region

Errors when exceeding your quota

If you exceed a quota with a gcloud command, gcloud outputs a quota exceeded error message and returns with the exit code 1.

If you exceed a quota with an API request, Google Cloud returns the following HTTP status code: 413 Request Entity Too Large.

Request additional quota

To adjust most quotas, use the Google Cloud console. For more information, see Request a quota adjustment.

Console

In the Google Cloud console, go to the Quotas page.
Go to Quotas
On the Quotas page, select the quotas that you want to change.
At the top of the page, click Edit quotas.
For Name, enter your name.
Optional: For Phone, enter a phone number.
Submit your request. Quota requests take 24 to 48 hours to process.

Resource availability

Each quota represents a maximum number for a particular type of resource that you can create, if that resource is available. It's important to note that quotas don't guarantee resource availability. Even if you have available quota, you can't create a new resource if it is not available.

For example, you might have sufficient quota to create a new regional, external IP address in the us-central1 region. However, that is not possible if there are no available external IP addresses in that region. Zonal resource availability can also affect your ability to create a new resource.

Situations where resources are unavailable in an entire region are rare. However, resources within a zone can be depleted from time to time, typically without impact to the service level agreement (SLA) for the type of resource. For more information, review the relevant SLA for the resource.