Network bandwidth - Elastic Compute Service - Alibaba Cloud Documentation Center

Network bandwidth is the maximum amount of data that can be transferred over a network in a specific period of time, in most cases, 1 second. A higher network bandwidth allows the transfer of a larger amount of data in the same period of time. Network bandwidth is classified into public bandwidth and internal bandwidth.

Public bandwidth

Public bandwidth is used to transfer data between Elastic Compute Service (ECS) instances and the Internet. Public bandwidth is classified into outbound public bandwidth and inbound public bandwidth. Outbound public bandwidth is used for traffic from ECS instances to the Internet. Inbound public bandwidth is used for traffic from the Internet to ECS instances. You are charged for outbound public bandwidth. The maximum inbound public bandwidth varies based on the outbound public bandwidth: If the outbound public bandwidth is less than or equal to 10 Mbit/s, the inbound public bandwidth is capped at 10 Mbit/s. If the outbound public bandwidth is greater than 10 Mbit/s, the inbound public bandwidth is equal to the outbound public bandwidth. If the outbound public bandwidth is greater than 1 Gbit/s, distributed throttling is automatically enabled. The maximum bandwidth value that you specify is evenly allocated to multiple ECS instances. For each instance, public bandwidth for single-flow traffic is limited to the specified maximum bandwidth value divided by the number of instances, and public bandwidth for multi-flow traffic is limited to the specified maximum bandwidth value.

You can allocate public bandwidth to an ECS instance when you create the instance. For more information, see Best practices for configuring public bandwidth. You can also associate an elastic IP address (EIP) with the ECS instance after you create the instance to allocate public bandwidth to the instance. For more information, see Associate an EIP with an instance. You can use Anycast EIPs to improve Internet access quality based on the stable Border Gateway Protocol (BGP) lines and the global transmission network of Alibaba Cloud. For information about Anycast EIPs, see What is Anycast EIP? You can assign an IPv6 address to an ECS instance and enable IPv6 public bandwidth for the instance. For more information, see Step 3: Enable IPv6 public bandwidth for a Windows instance or Step 3: Enable IPv6 public bandwidth for a Linux instance.

Public bandwidth supports the pay-by-bandwidth and pay-by-traffic metering methods. For more information, see Public bandwidth. To share and reuse bandwidth within a region, create an EIP bandwidth plan in the region. For information about EIP bandwidth plans, see What is an EIP bandwidth plan? You can associate EIPs in the same region with the EIP bandwidth plan. This way, you can reuse the bandwidth in the EIP bandwidth plan and reduce costs. You can apply data transfer plans to IPv4 data transfer of eligible resources to save money on your public bandwidth usage. The eligible resources include the public IP addresses, EIPs, Classic Load Balancer (CLB) instances, and EIP bandwidth plans that use the pay-by-traffic (also known as pay-by-data-transfer) metering method. You cannot apply data transfer plans to EIPs of BGP (Multi-ISP) Pro. For more information about data transfer plans, see What is a data transfer plan?

By default, Alibaba Cloud Security Center provides a DDoS mitigation capacity for each ECS instance free of charge. The mitigation capacity varies based on the instance type and can be up to 5 Gbit/s. For more information, see View the thresholds that trigger blackhole filtering in Anti-DDoS Origin Basic. After you activate Anti-DDoS Origin Basic, Alibaba Cloud Security Center monitors inbound traffic to ECS instances in real time. When a large amount of traffic or suspicious traffic such as DDoS attack traffic is detected, Security Center redirects traffic from the intended paths to a scrubbing device. The scrubbing device identifies and removes malicious traffic and then returns legitimate traffic. Then, the legitimate traffic is forwarded to ECS instances along the intended paths. For more information, see What is Anti-DDoS Origin? When an ECS instance is under DDoS attack, you can defend against the attack at the earliest opportunity based on the pushed event. For more information, see the "Instance security events" section of Summary.

Starting November 27, 2020, the maximum bandwidth value that is available to create ECS instances or change the configurations of ECS instances is subject to the throttling policy of your account. To apply for an increase in bandwidth quotas, submit a ticket. The throttling policy imposes the following limits:

In a single region, the total maximum bandwidth of all instances that use the pay-by-traffic metering method cannot exceed 5 Gbit/s.
In a single region, the total maximum bandwidth of all instances that use the pay-by-bandwidth metering method cannot exceed 50 Gbit/s.

For more information, see the "Public bandwidth limits" section of Limits.

Internal bandwidth

Internal bandwidth is used to transfer data between ECS instances over the internal network in the same virtual private cloud (VPC) and region. ECS instances can be connected to ApsaraDB RDS instances, Server Load Balancer (SLB) instances, and Object Storage Service (OSS) buckets over the internal network. In-region data transfer over the internal network is free of charge. Internal bandwidth values vary based on the instance type. For information about the internal bandwidth value supported by each instance type, see Overview of instance families. Internal bandwidth is allocated per instance. The sum of all traffic across all network interfaces that are bound to an instance cannot exceed the internal bandwidth of the instance.

Cross-zone internal bandwidth varies based on the bandwidth specifications of instance types. Network latency increases with distance between zones.

Internal bandwidth within a deployment set or across deployment sets also varies based on the bandwidth specifications of instance types.

Instances can share physical network bandwidth. Internal bandwidth available to an instance may vary with the network bandwidth available to other instances. In most cases, the internal bandwidth available to an instance can reach the maximum bandwidth value that is supported by the instance type. For information about how to test network performance, see Best practices for testing network performance.

Instances have a baseline bandwidth based on their instance types. To meet occasional demand that exceeds baseline bandwidths, create instances of instance types that support burst bandwidth. Each instance of an instance type that supports burst bandwidth earns network I/O credits when the instance uses an internal bandwidth that is less than the baseline bandwidth. When physical network bandwidth is available, the instance can use the network I/O credits to burst beyond the baseline bandwidth for a limited period of time. In most cases, the time is in minutes. For information about the maximum burst bandwidth value supported by each instance type, see Overview of instance families.

If you want a 100 Gbit/s or higher internal bandwidth per instance, select an instance type that supports network cards and specify network card indexes to attach elastic network interfaces to different network cards at the underlying layer. This maximizes your bandwidth utilization. For information about network cards, see Overview.

Monitor network bandwidth

You can use CloudMonitor to monitor network bandwidth.