Back to Learn Center

What should I understand about overcoming AWS and Azure networking limits?

Overcoming VPN Connection Limits

Cloud

Network Resource

Default Limit

Hard Limit

AWS

VPN Connections Per Region

50

50

AWS

VPN Connections per VPC

10

10

Azure

User Defined Route Tables

200

200

Azure

User Defined Routes per Route Tables

400

400

Aviatrix Site2Cloud feature is an easy, manageable way to overcome these provider limits on VPN connectivity. It also has advanced features like handling overlapping IP addresses. More about this here: How can cloud app providers use Aviatrix to connect with their customers?

Overcoming Peering and Route Table Limits

Cloud

Network Resource

Default Limit

Hard Limit

AWS

VPC Peering Connections per VPC

50

125

AWS

Static Routes per Route Table

50

100

AWS

BGP advertised routes per route table

100

100

Cloud providers’ peering limits can be further complicated by legacy protocols like BGP. Aviatrix AVX Gateways offer encrypted, high performance peering without filling up the Cloud Route Tables. More about this here: How does Aviatrix help overcome the 100 routes limit for AWS routing tables?

Overcoming Security groups and Network ACL Limits

Cloud

Network Resource

Default Limit

Hard Limit

AWS

Security Groups per VPC

500

500

AWS

Inbound or Outbound rules per Security Group

60

SG rules per interface

cannot exceed 300.

AWS

Security Groups per Network Interface

5

26

AWS

Network ACLs per VPC

200

200

AWS

Rules per Network ACL

20

40

Aviatrix can operate as a light-weight stateful firewall (layer 4) to avoid cumbersome host level security configurations: https://docs.aviatrix.com/Solutions/build_zerotrust_cloud_network.html

Enterprises also run into these security rule limitations because there is a requirement to whitelist approved domain names. Aviatrix has an AWS recommended solution for whitelisting Domain Name (FQDN filtering): How can I create Internet ingress and egress security patterns for AWS?

Understanding Limits for Peering, Route Table Entries, Direct Connect and Express Route

Cloud

Network Resource

Default Limit

Hard Limit

AWS

Virtual Interfaces per AWS Direct Connect

50

50

AWS

Active Direct Connects per region

10

10

AWS

Routes per BGP Session on a Private VIF

100

100

AWS

Routes per BGP Session on a Public VIF

1000

1000

Azure

ExpressRoute ExpressRoute circuits per subscription

10

10

Azure

ExpressRoute circuits per region per subscription

10

10

Building a next-gen transit network can overcome these limitations. Aviatrix transit is a software defined, low TCO solution so you can practice network-as-code and scale beyond provider limits.

These provider limits were referenced from:

Become the cloud networking hero of your business.

See how Aviatrix can increase security and resiliency while minimizing cost, skills gap, and deployment time.

Cta pattren Image
Cta pattren Image