Prefix lists-Elastic Compute Service(ECS)-阿里云帮助中心

A prefix list is a collection of network prefixes (CIDR blocks), and a port list is a collection of ports. You can reference prefix lists and port lists when you configure network rules for other resources to avoid creating multiple rules for different CIDR blocks or ports, improving operational efficiency. Currently, you can reference prefix lists and port lists when you configure security group rules.

Key concepts

Term	Description
maximum number of entries	The maximum number of entries in a prefix list or a port list. For example, the CIDR blocks `10.0.0.0/8` and `172.16.0.0/12` count as 2 entries.
address family	The address family of the entries in a prefix list. Supported values are IPv4 and IPv6. All entries in a prefix list must belong to the same address family.
CIDR block	Classless Inter-Domain Routing (CIDR) is an IP addressing method that allocates IP addresses more efficiently than the traditional Class A, B, and C models. CIDR uses slash notation: IP address/number of bits in the network ID. Example 1: Convert a CIDR block to an IP address range Take `10.0.0.0/8` as an example. Its 32-bit binary representation is `00001010.00000000.00000000.00000000`. The `/8` indicates that the first 8 bits are the network part and the remaining 24 bits are the host part. This corresponds to a network range from `00001010.00000000.00000000.00000000` to `00001010.11111111.11111111.11111111`. In decimal notation, `10.0.0.0/8` represents the IP address range from 10.0.0.0 to 10.255.255.255 with a subnet mask of 255.0.0.0. Example 2: Convert an IP address range to a CIDR block Take the IP address range 192.168.0.0 to 192.168.31.255 as an example. The binary representation of the last two octets ranges from `00000000.00000000` to `00011111.11111111`. This shows that the first 19 bits (8*2 + 3) are fixed. Therefore, the CIDR block is `192.168.0.0/19`.
port range	The port range for an entry in a port list, which is used to match the destination port of traffic. You can specify a port range separated by a forward slash (`/`), such as `8000/9000`, or a single port, such as `22/22`.
associated resource	A resource that references a prefix list or port list.

Limitations

Item	Limit	Increase method
Maximum number of prefix lists per Alibaba Cloud account in a region	100	Not supported
Maximum number of entries per prefix list	200	Not supported
Maximum number of resources that can be associated with a prefix list	1,000	Not supported
Maximum number of port lists per Alibaba Cloud account in a region	1,000	Not supported
Maximum number of entries per port list	2,000	Not supported
Maximum number of resources that can be associated with a port list	1,000	Not supported