You can purchase an extra bandwidth package for your Web Application Firewall (WAF) instance to increase the service bandwidth protected by WAF. If you do not purchase an extra bandwidth package, your WAF instance can protect only the default service bandwidth. We recommend that you estimate the amount of service traffic that your websites usually receive. Then, select an edition and extra bandwidth package for your WAF instance based on the estimated service traffic. This topic describes service bandwidth, how to estimate and view service bandwidth, and what to do if the service traffic exceeds the service bandwidth.

Service bandwidth

The service bandwidth refers to the peak bandwidth of normal service traffic that is supported by a WAF instance. The bandwidth is measured in Mbit/s. A service bandwidth of 100 Mbit/s allows for approximately 4,000 queries per second (QPS).

If you add multiple websites to a WAF instance, take note of the total peak bandwidth of normal service traffic of all of the websites. Make sure that the total peak bandwidth is less than the limit of the service bandwidth of the WAF instance. If the total peak bandwidth exceeds the limit of the service bandwidth of the WAF instance, access to the websites is affected. For more information, see Impacts that are generated when the limit of the service bandwidth is exceeded.

The service bandwidth of a WAF instance consists of the default service bandwidth and the extra bandwidth that you purchase.

The following table describes the default service bandwidth and peak QPS for each edition of WAF.
WAF edition Default service bandwidth (The origin servers are deployed on Alibaba Cloud. For example, the origin servers are Elastic Compute Service [ECS] instances or are added to Server Load Balancer [SLB] instances.) Default service bandwidth (The origin servers are not deployed on Alibaba Cloud. For example, the origin servers are deployed on a third-party cloud platform or in data centers.) Peak QPS
Pro 50 Mbit/s 10 Mbit/s 2,000 QPS
Business 100 Mbit/s 30 Mbit/s 5,000 QPS
Enterprise 200 Mbit/s 50 Mbit/s 10,000 QPS

If the default service bandwidth of a WAF instance cannot meet your website protection requirements, you must purchase extra bandwidth to increase the service bandwidth. For more information about how to purchase extra bandwidth, see Purchase an extra bandwidth package.

Estimate the required service bandwidth

The service bandwidth of a WAF instance must be greater than the total peak bandwidth of the normal service traffic of the websites that you want to add to the WAF instance.
Note You can estimate the normal service traffic of your websites based on the monitoring data of your ECS instance or by using the monitoring tools that are installed on your origin servers. For more information, see View the monitoring information of an instance.

If WAF protects websites that are deployed on multiple ECS instances, you must estimate the total peak bandwidth of all the ECS instances. Assume that three websites are deployed on Alibaba Cloud and need to be protected by WAF. The peak bandwidth of each website is slightly less than 30 Mbit/s, and the total peak bandwidth is slightly less than 90 Mbit/s. In this case, you can purchase a WAF instance of the Business edition that provides the default service bandwidth of 100 Mbit/s to meet your business requirements. If you purchase a WAF instance of the Pro edition that provides the default service bandwidth of 50 Mbit/s, you must also purchase extra bandwidth.

Impacts that are generated when the limit of the service bandwidth is exceeded

If the normal service traffic of the websites exceeds the limit of the service bandwidth that is provided by the WAF instance, WAF lowers the priorities based on which network and computing resources are allocated to specific services. Issues such as throttling or packet loss may occur. As a result, your websites become slow or unavailable for a period of time and the service-level agreement (SLA) of WAF cannot be fulfilled.

To resolve the issues, you must upgrade the WAF instance or purchase extra bandwidth. For more information, see Purchase an extra bandwidth package.

Method to check whether the limit of the service bandwidth is exceeded

If the normal service traffic of the websites exceeds the limit of the service bandwidth that is provided by the WAF instance, a message is displayed at the top of the Web Application Firewall console. The service bandwidth or QPS threshold value is exceeded.

You can perform the following operations to solve the problem:

  • Click View Details to open the Details dialog box.
  • You can also click Upgrade Now to go to the Upgrade/Downgrade page. On the Upgrade/Downgrade page, you can upgrade the WAF instance or purchase extra bandwidth to increase the service bandwidth of the WAF instance.
    Note The normal service traffic supported by a WAF instance is independent of the bandwidth or traffic limits on other Alibaba Cloud services, such as Alibaba Cloud CDN, SLB, and ECS.

Purchase an extra bandwidth package

You can purchase an extra bandwidth package when you upgrade a WAF instance. For more information, see Upgrade.

Extra Bandwidth Package: You can specify this parameter to increase or decrease service bandwidth in increments of 50 Mbit/s. You can specify a value from 0 to 5,000 Mbit/s.