ALB Edition Quota Tiers and Forwarding Limits Explained - Application Load Balancer

This topic explains the quotas and limits for Application Load Balancer (ALB) and how to manage them.

Limitations

The following limits are fixed and cannot be increased.

Listener limits

Resource	Edition	Default limit
Number of Access Control Lists (ACLs) per listener	Basic/Standard/WAF-Enabled	3
Number of ACL entries per listener	Basic	300
Number of ACL entries per listener	Standard/WAF-Enabled	500

Forwarding rule limits

Resource	Edition	Default limit
Number of actions per forwarding rule	Basic	3
Number of actions per forwarding rule	Standard/WAF-enabled	5
Number of match conditions per forwarding rule	Basic	5
Number of match conditions per forwarding rule	Standard/WAF-enabled	10
Number of wildcard entries per forwarding rule	Basic	5
Number of wildcard entries per forwarding rule	Standard/WAF-enabled	10

Server group limits

Resource	Edition	Default limit
Number of backend servers (IP addresses and ports) per server group	Basic/Standard/WAF-enabled	1,000

ACL and security policy limits

Resource	Edition	Default limit
Number of associated listeners per ACL	Basic/Standard/WAF-enabled	50
Number of ACL entries per ACL	Basic/Standard/WAF-enabled	500
Number of associated listeners per custom security policy	Basic/Standard/WAF-enabled	10
Number of ACL entries per ALB instance	Basic/Standard/WAF-enabled	800

Regional limits

Resource	Edition	Default limit
Number of custom security policies per region	Basic/Standard/WAF-enabled	50
Number of health check templates per region	Basic/Standard/WAF-enabled	50
Number of ACLs per region	Basic/Standard/WAF-enabled	1,000
Number of server groups per region	Basic/Standard/WAF-enabled	3,000

Other limits

The following limits apply only to upgraded ALB Instances. Pre-upgrade ALB Instances are not affected.

Within a single Availability Zone, an ALB Instance supports a maximum of 250,000 Concurrent Connections to a single Backend Server or IP address. If this limit is exceeded, Port allocation may fail, affecting new connections.

To ensure this elastic capability:
- Reserve at least 8 IP addresses in each vSwitch where the ALB instance is located, and allow the CIDR blocks of these vSwitches in advance.
- Ensure that the Security Group rule Quota for your ECS Instances or Elastic Network Interfaces (ENIs) is sufficient to accommodate the rules required by the ALB-managed Security Group.
  
  The ALB-managed Security Group automatically allows traffic from local IP addresses by using rules with a priority of 1. The total number of rules must not exceed the Quota: Number of ALB-managed Security Group rules + Number of custom Security Group rules associated with the ALB instance ≤ Security Group rule quota for an ECS Instance or ENI. For more information, see ALB Security Group limits.
To avoid exceeding the Concurrent Connection limit, add more Backend Servers or IP addresses to the Server Group. Adding more servers distributes connection requests and reduces the load on any single server.

General quotas

If a resource is associated multiple times within the same scope, its quota usage is calculated cumulatively. For example, if the same Backend Server is associated with multiple Listeners and Forwarding Rules of an ALB Instance, it counts multiple times toward the quota for the number of Backend Servers per ALB Instance.
The default quota values in this topic are for reference only. For actual values, refer to the Console.

Instance quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_loadbalancers_num	Number of ALB Instances per Alibaba Cloud Account per Region.	60	150	Yes

Basic edition ALB Instance quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_loadbalancer_certificates_num_basic_edition	Number of Additional Certificates per ALB Instance (not including the default Certificate).	10	150	Yes
alb_quota_loadbalancer_rules_num_basic_edition	Number of Forwarding Rules per ALB Instance (not including the default rule).	40	100	Yes
alb_quota_loadbalancer_servers_num_basic_edition	Number of Backend Servers per ALB Instance.	200	400	Yes
alb_quota_loadbalancer_listeners_num_basic_edition	Number of Listeners per ALB Instance.	50	80	Yes

Standard edition ALB Instance quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_loadbalancer_certificates_num_standard_edition	Number of Additional Certificates per ALB Instance (not including the default Certificate).	25	300	Yes
alb_quota_loadbalancer_rules_num_standard_edition	Number of Forwarding Rules per ALB Instance (not including the default rule).	100	200	Yes
alb_quota_loadbalancer_servers_num_standard_edition	Number of Backend Servers per ALB Instance.	1,000	1,500	Yes
alb_quota_loadbalancer_listeners_num_standard_edition	Number of Listeners per ALB Instance.	50	100	Yes

WAF-enabled ALB Instance quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_loadbalancer_certificates_num_standardwithwaf_edition	Number of Additional Certificates per ALB Instance (not including the default Certificate).	25	300	Yes
alb_quota_loadbalancer_rules_num_standardwithwaf_edition	Number of Forwarding Rules per ALB Instance (not including the default rule).	100	200	Yes
alb_quota_loadbalancer_servers_num_standardwithwaf_edition	Number of Backend Servers per ALB Instance.	1,000	1,500	Yes
alb_quota_loadbalancer_listeners_num_standardwithwaf_edition	Number of Listeners per ALB Instance.	50	100	Yes

Listener quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_max_request_timeout	Maximum request timeout for a Listener.	600 seconds	3,600 seconds	Yes
alb_quota_max_idle_timeout	Maximum idle timeout for a Listener.	600 seconds	3,600 seconds	Yes

Only instances upgraded as described in the Application Load Balancer (ALB) Instance Upgrade Announcement support increasing the alb_quota_max_request_timeout and alb_quota_max_idle_timeout quotas to a maximum of 3600 seconds. For non-upgraded instances, the maximum for these quotas is 900 seconds.

Server Group quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_server_added_num	The number of Server Groups that a single Backend Server (by IP address) can be added to.	200	300	Yes
alb_quota_servergroup_attached_num	Number of times a single Server Group can be associated with Listeners and Forwarding Rules.	50	100	Yes
alb_quota_server_groups_weight	Maximum weight for a single Server Group as a target of a Forwarding Rule.	100	10,000	Contact Sales

Reserved capacity quotas

Quota name	Description	Default	Adjustable up to	Adjustable
alb_quota_reserved_capacity_units_per_loadbalancer	Maximum reserved Load Balancer Capacity Units (LCUs) per ALB Instance.	5,000	-	Contact Sales
alb_quota_reserved_capacity_units_per_region	Maximum reserved LCUs per Region.	20,000	-	Contact Sales

API rate quotas

You can view the rate quotas for Application Load Balancer (ALB) in Quota Center.

Privilege quotas

Privilege quotas apply to features that require authorization from Alibaba Cloud. By default, these features are unavailable until access is granted.

Quota ID	Description	Application portal
slb_user_visible_gray_label/ip_target_cidr_not_limited	Unrestricted CIDR blocks for IP-based Server Groups	Apply
slb_user_visible_gray_label/alb_extensible_edition	Extended Edition for Application Load Balancer (ALB)	Apply
slb_user_visible_gray_label/alb_resource_reservation	Resource reservation for Application Load Balancer (ALB)	Apply
slb_user_visible_gray_label/support_sm_certificate	Support for SM certificates on Application Load Balancer (ALB)	Apply

Manage quotas

You can manage Application Load Balancer (ALB) quotas in one of the following ways:

Quota Center: Use this method if you need to manage quotas for multiple Alibaba Cloud services from a central location.
Quota Center page in the Load Balancer Console: Use this method if you only need to manage quotas for ALB.

View quotas

Quota Center

Log in to the Quota Center console. In the left-side navigation pane, click Product List and select a quota type: General Quotas, API Rate Limits, or Privileges.
On the Product List page, go to the Networking section and click Application Load Balancer (ALB) to view its quotas.

Load Balancer Console

Log in to the Quota Center page in the Load Balancer Console and select Application Load Balancer (ALB) as the product.
Select a quota type (General Quota, API Rate Limit, or Privilege) to view the quota information.

Increase quotas

Quota Center

Log in to the Quota Center console. In the left-side navigation pane, click Product List, select a quota type (General Quotas or Privileges), and then click Application Load Balancer (ALB) in the Networking section.
Find the quota that you want to increase and click Apply in the Actions column.
In the dialog box, enter the required information and click OK.

The Technical Support team for each cloud service reviews quota increase requests. Provide a reasonable value and a detailed justification for your request. You will be notified of the approval status by SMS and email.

Load Balancer Console

Log in to the Quota Center page in the Load Balancer Console and select Application Load Balancer (ALB) as the product.
Select a quota type (General Quota or Privilege), find the quota that you want to increase, and click Apply in the Actions column.
In the dialog box, enter the required information and click OK.

The Technical Support team for each cloud service reviews quota increase requests. Provide a reasonable value and a detailed justification for your request. You will be notified of the approval status by SMS and email.

Create quota alerts

You can create alerts for some General Quotas of Application Load Balancer (ALB). When your resource usage reaches a specified threshold, the system sends an alert. This lets you request a quota increase before you reach the limit.

ALB quotas that support alerts

Category	Quota parameter	Description
Additional certificates	alb_quota_loadbalancer_certificates_num_basic_edition	Number of additional certificates per Basic ALB instance (default certificate excluded).
	alb_quota_loadbalancer_certificates_num_standard_edition	Number of additional certificates per Standard ALB instance (default certificate excluded).
	alb_quota_loadbalancer_certificates_num_standardwithwaf_edition	Number of additional certificates per Web Application Firewall (WAF)-enhanced ALB instance (default certificate excluded).
Forwarding rules	alb_quota_loadbalancer_rules_num_basic_edition	Number of forwarding rules per Basic ALB instance (default rule excluded).
	alb_quota_loadbalancer_rules_num_standard_edition	Number of forwarding rules per Standard ALB instance (default rule excluded).
	alb_quota_loadbalancer_rules_num_standardwithwaf_edition	Number of forwarding rules per WAF-enhanced ALB instance (default rule excluded).
Number of backend servers	alb_quota_loadbalancer_servers_num_basic_edition	Number of servers that can be added to a Basic ALB instance.
	alb_quota_loadbalancer_servers_num_standard_edition	Number of servers that can be added to a Standard ALB instance.
	alb_quota_loadbalancer_servers_num_standardwithwaf_edition	Number of servers that can be added to a WAF-enhanced ALB instance.
Listeners	alb_quota_loadbalancer_listeners_num_basic_edition	Number of listeners per Basic ALB instance.
	alb_quota_loadbalancer_listeners_num_standard_edition	Number of listeners per Standard ALB instance.
	alb_quota_loadbalancer_listeners_num_standardwithwaf_edition	Number of listeners per WAF-enhanced ALB instance.
Server groups	alb_quota_servergroup_attached_num	Number of times a server group can be associated with ALB listeners or forwarding rules.
Backend server (IP)	alb_quota_server_added_num	Number of server groups to which a single backend server (by IP address) can be added.
Region	alb_quota_loadbalancers_num	Number of ALB instances per region.

Quota Center

Log in to the Quota Center console. In the left-side navigation pane, click Product List, select General Quotas, and then click Application Load Balancer (ALB) in the Networking section.
Find the quota and click Create Alarm Rule in the Actions column.
On the Create Alarm Rule page, configure the alert parameters and click Confirm. For more information, see Create a general quota alert.

Load Balancer Console

Log in to the Quota Center page in the Load Balancer Console and select Application Load Balancer (ALB) as the product.
Select General Quota as the quota type, find the quota, and click Create Alarm Rule in the Actions column.
On the Create Alarm Rule page, configure the alert parameters and click Confirm. For more information, see Create a general quota alert.

Create quota templates

Before you begin, make sure that:

You are logged in with a Management Account.
You have enabled Resource Directory and enabled quota templates.

Quota Center

Log in to the Quota Center console. In the left-side navigation pane, click Product List, select a quota type (General Quotas or Privileges), and then click Application Load Balancer (ALB) in the Networking section.
Find the quota and click Create Quota Template in the Actions column.
In the Create Quota Template dialog box, configure the settings and click OK.

Load Balancer Console

Log in to the Quota Center page in the Load Balancer Console and select Application Load Balancer (ALB) as the product.
Select a quota type (General Quota or Privilege), find the quota, and click Create Quota Template in the Actions column.
In the Create Quota Template dialog box, configure the settings and click OK.