配額

以下各節說明 Cloud VPN 的配額與限制。 如要變更配額,只須透過 Cloud Console 申請更多配額即可。除非另有註明,否則「限制」通常無法提高。

配額

以下表格涵蓋每個專案的重要配額。其他配額請參閱主控台的「配額」頁面

每項專案

項目 配額 附註
VPN 閘道 配額 僅限高可用性 VPN
外部 VPN 閘道 配額 僅限高可用性 VPN
VPN 通道 配額 這個配額代表傳統版 VPN 通道數量和高可用性 VPN 通道數量的總數。
路由器 配額 這項配額是您可在專案中的任何網路和地區建立的 Cloud Router 雲端路由器數量。所有地區的網路也都有雲端路由器的數量限制。詳情請參閱 Cloud Router 的配額與限制

依照 Cloud Router 的配額與限制規定,雲端路由器的數量並不受通道連接的 Cloud VPN 閘道類型影響。閘道分為傳統版 VPN 和高可用性 VPN,但兩種類型適用的配額相同。
目標 VPN 閘道 配額 僅限傳統 VPN
轉送規則 配額 僅限傳統 VPN

限制

下列限制適用於 Cloud VPN。在這個表格中,「VPN 通道」代表傳統版 VPN 通道或高可用性 VPN 通道。除非另有註明,否則這些配額限制均無法提高。

項目 限制 附註
各個 VPN 通道的頻寬 最多 3 Gbps 的輸入量
最多 3 Gbps 的輸出量
要達到該頻寬上限的方法只有一種,就是使用 1,460 位元組的 MTU,以及每秒 250,000 個封包的封包傳送速率 (pps)。

Cloud VPN 只能限制輸出的 IPsec 流量,無法限制輸入的流量。

詳情請參閱網路頻寬一節。

已知問題

Cloud Asset Inventory 和 Cloud Security Command Center 中的 Google Cloud 資源清單

高可用性 VPN 專屬的 Google Cloud 資源 (包括 compute.vpnGatewayscompute.externalVpnGateways) 尚未顯示在 Cloud Asset InventoryCloud Security Command Center 中。

上述的兩個位置都會列出 compute.vpnTunnels 資源。這項資源是建立有效高可用性 VPN 連線的必要條件。

查看高可用性 VPN 的 Cloud Monitoring 指標

如要查看高可用性 VPN 的 Monitoring 指標,您必須使用 Metrics Explorer。請參閱查看記錄檔和指標頁面

設定連往 AWS 的 VPN 通道

設定連往 AWS 的 VPN 通道時,您必須使用 IKEv2 並設定較少的 IKE 轉換組合

Overview

Cloud VPN enforces quotas on resource usage for a variety of reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.

All projects start with the same quotas, which you can change by requesting additional quota. Some quotas may increase automatically based on your use of a product.

Permissions

To view quotas or request quota increases, Cloud Identity and Access Management (Cloud IAM) members need one of the following roles.

Task Required role
Check quotas for a project Project owner or editor or Quota Viewer
Modify quotas, request additional quota Project owner or editor, Quota Admin, or custom role with the serviceusage.quotas.update permission

Checking your quota

In the Cloud Console, go to the Quotas page.

Using the gcloud command-line tool, run the following command to check your quotas. Replace PROJECT_ID with your own project ID.

    gcloud compute project-info describe --project PROJECT_ID

To check your used quota in a region, run:

    gcloud compute regions describe example-region

Errors when exceeding your quota

If you exceed a quota with a gcloud command, gcloud outputs a quota exceeded error message and returns with the exit code 1.

If you exceed a quota with an API request, Google Cloud returns the following HTTP status code: HTTP 413 Request Entity Too Large.

Requesting additional quota

Request additional quota from the Quotas page in the Cloud Console. Quota requests take 24 to 48 hours to process.

  1. Go to the Quotas page.

    Go to the Quotas page

  2. On the Quotas page, select the quotas that you want to change.
  3. Click the Edit Quotas button at the top of the page.
  4. Fill out your name, email, and phone number, and then click Next.
  5. Fill in your quota request, and then click Next.
  6. Submit your request.

Resource availability

Each quota represents a maximum number for a particular type of resource that you can create, provided that resource is available. It's important to note that quotas do not guarantee resource availability. Even if you have available quota, you won't be able to create a new resource if it is not available. For example, you might have sufficient quota to create a new regional, external IP address in the us-central1 region, but that would not be possible if there were no available external IP addresses in that region. Zonal resource availability can also affect your ability to create a new resource.

Situations where resources are unavailable in an entire region are rare; however, resources within a zone can be depleted from time to time, typically without impact to the service level agreement (SLA) for the type of resource. For more information, review the relevant SLA for the resource.