This topic describes the limits of Network Load Balancer (NLB), including resource quotas.
Resource quotas
Item | Default value | Increase Quota |
NLB instance | ||
Maximum number of NLB instances that each Alibaba Cloud account can have in a region | 60 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of elastic container instances that can be specified as backend servers for each NLB instance | 1,600 | Cannot be upgraded |
Maximum number of Elastic Compute Service (ECS) instances, elastic network interfaces (ENIs), or IP addresses that can be specified as backend servers for each NLB instance | 400 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of listeners that can be added to each NLB instance | 50 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of additional certificates that can be added to each NLB instance, excluding the default certificate | 25 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Server group | ||
Maximum number of NLB server groups that each Alibaba Cloud account can have in a region | 3,000 | Cannot upgrade |
Maximum number elastic container instances that can be added to each server group | 1,600 | Unable to upgrade |
Maximum number of ECS instances, ENIs, or IP addresses that can be added to each server group | 400 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of times that a backend server (including a backend server of the IP type) can be added to a server group | 200 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of times that each NLB server group can be associated with a listener | 50 | You can request a quota increase using one of the following methods:
For more information, see Request a quota increase. |
Security policy | ||
Maximum number of custom security policies that each Alibaba Cloud account can have in a region | 50 | Upgrade failed |
Security group | ||
Maximum number of security groups to which each NLB instance can be added | The number of security groups to which an NLB instance can be added and the number of security group rules that can be associated with an NLB instance are subject to the quotas of ECS security groups:
|
Other limits
When the number of backend server groups is low and a single client accesses the domain name of an NLB instance with client IP address preservation enabled, or accesses both the virtual IP addresses or EIPs of the NLB instance and a Classic Load Balancer (CLB) instance sharing the same backend servers, conflicts may occur in source IP addresses, source ports, destination IP addresses, destination ports, and transmission protocols.
The private virtual IP addresses to which the NLB domain name is resolved support probes. However, you need to enable ICMP when configuring Cloud Firewall or access control lists. Otherwise, the NLB domain name may fail to resolve to the virtual IP addresses because of probe failures.
If a UDP listener is associated with a server group that uses ID hashing algorithms other than QUIC, such as round robin and weighted round robin, the backend servers must not use stateful UDP services, such as QUIC. If the backend servers need to use stateful UDP services, we recommend using server groups with QUIC-based ID hashing.
If Client IP Reservation is disabled for a server group, the NLB node in each zone supports up to 60,000 concurrent connections to a single backend server (or IP address). If the number of concurrent connections exceeds this limit, NLB automatically scales its local IP addresses to prevent connection failures. The NLB node in each zone can use up to eight local IP addresses. When this limit is reached, the NLB node in each zone supports up to 250,000 concurrent connections to each backend server (or IP address). Ensure the vSwitch to which NLB is connected has sufficient available IP addresses for NLB auto-scaling.
NoteYou can enable Client IP Reservation to avoid these circumstances. Alternatively, you can add more backend servers (or IP addresses) to the server group to distribute connections.