Performance metrics and limits - Server Load Balancer - Alibaba Cloud Documentation Center

This topic describes the performance metrics and limits of Network Load Balancer (NLB).

Instance performance metrics

Performance metrics per VIP	Maximum auto-scaling performance
New connection rate	200,000 per second
Maximum concurrent connections	5,000,000
Internal network throughput (inbound + outbound)	50 Gbps
Packet processing rate	8,000,000 pps

If an NLB instance is deployed across multiple zones, its performance metrics are calculated using the following formula: instance performance metrics = Number of zones × Performance metrics per VIP.

The performance per virtual IP address (VIP) of an NLB instance automatically scales within minutes as usage increases. If you require higher performance or faster scaling, contact your account manager.

An NLB instance provides public network access through an Elastic IP Address (EIP) by default. The performance of the public network connection is subject to the limits of EIPs.

NLB quota limits

Resource	Default limit	Increase quota
NLB instance
Number of NLB instances that an Alibaba Cloud account can create in each region	60	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_loadbalancers_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Number of backend servers of the ECI type that can be attached to each NLB instance	1,600	Cannot be increased
Number of backend servers of the ECS, ENI, or IP type that can be attached to each NLB instance	400	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_loadbalancer_noeci_servers_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Number of listeners that can be added to each NLB instance	50	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_loadbalancer_listeners_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Number of additional certificates that can be added to each NLB instance (excluding the default certificate)	25	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_loadbalancer_certificates_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Server group
Number of NLB server groups that an Alibaba Cloud account can create in each region	3,000	Cannot be increased
Number of servers of the ECI type that can be added to each server group	1,600	Cannot be increased
Number of servers of the ECS, ENI, or IP type that can be added to each server group	400	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_servergroup_noeci_servers_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Number of times that a backend server (including a backend server of the IP type) can be added to NLB server groups	200	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_server_added_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Number of listeners that can be associated with each NLB server group	50	You can increase the quota in one of the following ways: Go to the Quota Management page of Server Load Balancer, click the Network Load Balancer (NLB) tab, and then increase the nlb_quota_servergroup_attached_num quota. Go to Quota Center to increase the quota. For more information, see Increase a quota.
Security policy
Number of custom security policies for NLB that an Alibaba Cloud account can create in each region	50	Cannot be increased
Security group
Number of security groups to which an NLB instance can be added	The number of security groups that an NLB instance can be added to and the number of security group rules that can be associated with an NLB instance are subject to the quota limits of ECS security groups: Maximum number of security groups to which an NLB instance can be added = Quota for security groups of an ECS instance (or ENI) - 1 (One quota is consumed by the managed security group of the NLB instance.) Maximum number of security group rules that can be associated with an NLB instance = Quota for security group rules of an ECS instance (or ENI) - Number of rules in the managed security group of the NLB instance

Other limits

If a server group contains a small number of backend servers, 5-tuple conflicts may occur on the backend servers. This can happen if a single client accesses the domain name of an NLB instance that has client IP address persistence enabled for its server group. It can also happen if a client simultaneously accesses the virtual IP addresses (VIPs) or EIPs of both an NLB instance and a Classic Load Balancer (CLB) instance that are mounted with the same backend servers.
The domain name of an NLB instance has a built-in availability probing feature for its private VIPs. When you configure Cloud Firewall or a network ACL, allow traffic over the ICMP protocol. This prevents availability probing from failing, which would cause the VIP to be removed from the NLB domain name resolution.
If a UDP listener is associated with a server group that uses a scheduling algorithm other than QUIC ID hashing, such as round-robin or weighted round-robin, do not use stateful services such as QUIC on the backend UDP servers. To use stateful backend UDP services, use the QUIC ID hashing scheduling algorithm for the server group.
If client IP address persistence is disabled for a server group, an NLB node in a zone can handle up to 60,000 concurrent connections to a single backend server (or IP address). If this limit is exceeded, NLB automatically allocates a new local IP address to prevent port allocation failures. An NLB node in a zone can scale up to eight local IP addresses. At this point, the NLB node can handle up to 250,000 concurrent connections to a single backend server (or IP address). Ensure that the vSwitch has enough idle IP addresses to allow for this scaling.
Note
To avoid this, enable client IP address persistence, or add more backend servers (or IP addresses) to the server group to distribute the connections.