The following sections describe quotas and limits for Cloud VPN. To change a quota, request additional quota by using the Google Cloud Console. Limits cannot generally be increased unless specifically noted.
Quotas
This table covers important quotas per project. For other quotas, see the Cloud Console Quotas page.
| Item | Quota | Notes |
|---|---|---|
| VPN gateways | Quota | For HA VPN only |
| External VPN gateways | Quota | For HA VPN only |
| VPN tunnels | Quota | This quota represents the combined total number of Classic VPN tunnels and HA VPN tunnels. |
| Routers | Quota |
This quota represents the number of Cloud Routers that you can create within your project, in any network and region. Networks also have a limit on the number of Cloud Routers in any given region. For more details, see Cloud Router quotas and limits. Subject to the Cloud Router quotas and limits, the number of Cloud Routers is independent of the type of Cloud VPN gateway, Classic VPN or HA VPN, that a tunnel is attached to. The quota is applied the same to either type of gateway. |
| Target VPN gateways | Quota | For Classic VPN only |
| Forwarding rules | Quota | For Classic VPN only |
Limits
The following limits apply to Cloud VPN. In this table, VPN tunnel means either a Classic VPN tunnel or an HA VPN tunnel. Unless otherwise stated, these limits cannot be increased.
| Item | Limit | Notes |
|---|---|---|
| Bandwidth per VPN tunnel | Up to 3 Gbps for the sum of ingress and egress |
This maximum bandwidth can only be achieved by using an MTU size of 1,460 bytes and a packet rate of 250,000 packets per second (pps). Cloud VPN only throttles egress IPsec traffic. It does not throttle ingress traffic. For more details, see Network bandwidth. |
Known issues
Be aware of the following issues:
Google Cloud resources specific to HA VPN are not yet displayed in Cloud Asset Inventory or Security Command Center. These resources include
compute.vpnGatewaysandcompute.externalVpnGateways. However, thecompute.vpnTunnelsresource is listed in both locations and is required for a working HA VPN connection.To view Cloud Monitoring metrics for HA VPN, use Metrics Explorer. For more information, see Viewing logs and metrics.
When setting up VPN tunnels to AWS, use IKEv2 and configure fewer IKE transform sets.
管理配額
由於各方面因素的考量,Cloud VPN 對資源用量實施配額限制。舉例來說,限制配額可以預防用量突然暴增的情況,進而保障 Google Cloud 使用者社群的權益。採用Google Cloud免費方案探索的使用者也能透過配額,確保不會超出試用範圍。
所有專案最初的配額均相同,您可以要求額外配額來變更配額數量。某些配額可能會依據您使用產品的狀況而自動增加。
權限
如要查看配額或要求增加配額,身分與存取權管理 (IAM) 成員需具有下列其中一種角色。
| 工作 | 必要角色 |
|---|---|
| 查看專案的配額 | 專案擁有者或編輯者「或」配額檢視者 |
| 修改配額,要求額外配額 | 專案擁有者或編輯者,配額管理員或具有 serviceusage.quotas.update 權限的自訂角色 |
查看配額
主控台
- 在 Cloud Console 中,前往「配額」頁面。
- 使用篩選表格搜尋要更新的配額。 如果不知道配額名稱,請改用本頁面上的連結。
gcloud
如果您使用 gcloud 指令列工具,請執行下列指令來查看配額。請將 PROJECT_ID 替換為您的專案 ID。
gcloud compute project-info describe --project PROJECT_ID
如要查看特定區域的配額用量,請執行下列指令:
gcloud compute regions describe example-region
超出配額時產生錯誤
一旦超出 gcloud 指令的配額上限,gcloud 就會輸出 quota exceeded 錯誤訊息並傳回結束代碼 1。
一旦超出 API 要求的配額上限,Google Cloud 就會傳回下列 HTTP 狀態碼:HTTP 413 Request Entity Too Large
申請更多配額
您可以透過 Cloud Console 中的「配額」頁面申請更多配額。處理配額要求需要花費 24 至 48 小時。
主控台
- 在 Cloud Console 中,前往「配額」頁面。
- 在「配額」頁面中,選擇您要變更的配額項目。
- 按一下頁面頂端的 [編輯配額]。
- 輸入您的姓名、電子郵件地址和電話號碼,然後按一下 [下一步]。
- 輸入您的配額要求,然後按一下 [完成]。
- 提交要求。
資源可用性
如果特定類型的資源可以使用,則每項配額代表您能針對該資源建立的最大數量。請特別留意,配額「並不」保證資源可用性。即使您有可用的配額,如果資源無法提供使用,您也無法建立新的資源。
舉例來說,您可能有足夠的配額在 us-central1 區域中建立全新地區性外部 IP 位址,但如果該區域中沒有可用的外部 IP 位址,則無法建立。區域的資源可用性也會影響您建立新資源的能力。
整個區域的資源皆無法提供使用的狀況很罕見。然而,可用區內的資源有時可能會耗盡,不過一般來說並不會對該資源類型的服務水準協議 (SLA) 造成影響。如需更多資訊,請參閱與該資源相關的 SLA。
What's next
- To find quotas and limits information for other Network Connectivity products, see Network Connectivity quotas and limits.