AWS Cloud WAN Quotas
Your AWS account has the quotas shown in the following table for AWS Cloud WAN.
The Service Quotas console also provides information about AWS Cloud WAN quotas. You can use the
Service Quotas console to view default quotas and request quota increases
General
The following AWS Cloud WAN general quotas apply.
Quota | Default | Adjustable |
---|---|---|
Global networks per AWS account |
5 |
Yes |
Core networks per global network |
1 |
No |
Edges per Region per core network | 1 | No |
Segments per core network | 40 | No |
Retention duration (in seconds) for core network policies with out-of-date change sets | 7776000 | Yes |
Number of policy versions per core network | 10,000 | Yes |
Size of a core network policy | 1 MB | No |
Number of policy versions | 10000 | Yes |
Number of attachments per core network | 5000 | Yes |
Number of core network Connect attachments | No limit, up to 5000 maximum attachments per core network | No |
Number of core network attachments per VPC | 5 | No |
Number of Connect peers per Connect attachment | 4 | No |
Number of Connect peers per Tunnel-less Connect attachment | 4 | No |
Number of devices per global network | 200 | Yes |
Number of sites per global network | 200 | Yes |
Number of links per global network | 200 | Yes |
Number of connections per global network | 500 | Yes |
Number of transit gateway peers | 50 | Yes |
Number of transit gateway routing tables | No limit |
Bandwidth
Your AWS account has the following bandwidth quotas for AWS Cloud WAN.
You can use equal-cost multipath routing (ECMP) to get higher VPN bandwidth by aggregating multiple VPN tunnels. To use ECMP, the VPN connection must be configured for dynamic routing. ECMP is not supported on VPN connections that use static routing.
You can create up to four Connect peers per Connect attachment (up to 20 Gbps in total bandwidth per Connect attachment). You can use ECMP to get higher bandwidth by scaling horizontally across multiple Connect peers of the same Connect attachment or across multiple Connect attachments. Core network cannot use ECMP between the BGP peerings of the same Connect peer.
Quota | Default | Adjustable |
---|---|---|
Bandwidth per VPC attachment per Availability Zone | Up to 100 Gbps | Contact your Solutions Architect (SA) or Technical Account Manager (TAM) for further assistance. |
Packets per second per core network VPC attachment per Availability Zone | Up to 7,500,000 | Contact your Solutions Architect (SA) or Technical Account Manager (TAM) for further assistance. |
Maximum bandwidth per VPN tunnel |
Up to 1.25 Gbps |
No |
Maximum bandwidth per Connect peer (GRE tunnel) per Connect attachment |
Up to 5 Gbps | No |
Maximum bandwidth per Connect peer (Tunnel-less) per Connect attachment | Up to 100 Gbps per availability zone | Contact your Solutions Architect (SA) or Technical Account Manager (TAM) for further assistance. |
Routing
Your AWS account has the following routing quotas for AWS Cloud WAN.
Quota | Default | Adjustable |
---|---|---|
Routes per core network, across all segments | 10,000 | No |
Routes advertised over VPN to core network | 1,000 | No |
Routes advertised from core network over VPN | 5,000 | No |
Routes advertised over Connect peer to core network | 1,000 | No |
Routes advertised from core network over Connect peer | 5,000 | No |
Maximum of Tunnel-less Connect routes | 5,000 outbound 1,000 inbound |
No |
Maximum transmission unit (MTU)
Your AWS account has the following MTU quotas for AWS Cloud WAN:
-
The MTU of a network connection is the size, in bytes, of the largest permissible packet that can be passed over the connection. The larger the MTU of a connection, the more data that can be passed in a single packet. A Cloud WAN core network supports an MTU of 8500 bytes for traffic between VPCs, including transit gateway peering and Tunnel-less Connect VPC attachments. Traffic over VPN connections can have an MTU of 1500 bytes.
-
Packets with a size larger than 8500 bytes that arrive at the core network are dropped.
-
The core network enforces Maximum Segment Size (MSS) clamping for all packets. For more information, see RFC879
. -
Cloud WAN supports Path MTU Discovery (PMTUD) for traffic ingressing on VPC attachments. Transit gateway generates the
FRAG_NEEDED
for ICMPv4 packets andPacket Too Big (PTB)
for ICMPv6 packets. Cloud WAN does not support PMTUD on Connect, Site-to-site VPN, Direct Connect and Peering attachments. For more information about Path MTU Discovery, see Path MTU Discovery in the Amazon VPC User Guide