what is intelligent load balancing, billing and enabling - Web Application Firewall

The proxy mode for Web Application Firewall (WAF) includes the Intelligent Load Balancing feature. This feature uses multi-node intelligent access technology to support automatic scheduling and disaster recovery across nodes and network paths, ensuring high availability for your services and delivering a faster user experience.

What is intelligent load balancing?

Intelligent Load Balancing assigns at least three protection nodes in different regions to your WAF instance. It uses monitoring nodes to detect network reachability with Ping probes, enabling automatic disaster recovery across different locations. Combined with intelligent DNS resolution and the least time origin-facing algorithm, this solution directs traffic along the shortest, lowest-latency path from the protection node to your origin server.

Note

When you enable intelligent load balancing for a WAF instance in the Chinese mainland, WAF allocates one protection node to the instance in each of the following regions for disaster recovery: China (Beijing), China (Hangzhou), and China (Shenzhen).
When you enable intelligent load balancing for a WAF instance outside the Chinese mainland, WAF allocates multiple protection nodes to the instance in major geographical areas, such as North America, Europe, and Southeast Asia, for disaster recovery.

Intelligent Load Balancing is available only in proxy mode. By default, this feature is disabled for WAF instances. After you enable Intelligent Load Balancing for a WAF instance, the instance gains the following capabilities.

Capability	Intelligent load balancing disabled	Intelligent load balancing enabled
Disaster recovery	Multi-node active-standby access protection Standard failover for disaster recovery	Multi-node load balancing access protection Automatic failover for network failures based on intelligent DNS
Access acceleration	—	Shortest path for proximity-based access and origin-facing routing

Important

If the client-facing IP enters the blackhole filtering status because of a DDoS attack, the client-facing IP in the blackhole filtering status is not automatically removed.
When you add a domain name to WAF in proxy mode, you must point the DNS record to the CNAME record provided by WAF, not to one or more client-facing IPs allocated after you enable intelligent load balancing. Otherwise, service interruptions may occur if the domain name's client-facing IP changes. For example, service interruptions may occur if you enable a dedicated IP address or disable intelligent load balancing.

Benefits of intelligent load balancing

Enabling intelligent load balancing provides the following benefits for various use cases.

Use case	Business feature	Benefit of enabling intelligent load balancing	Diagram
Geo-redundant active-active	Multi-node services are deployed in cloud or on-premises environments across regions. Nodes provide services concurrently and are configured for mutual disaster recovery. The service requires high reliability and low-latency access.	Provides robust, automatic recovery from network path failures. Uses distributed health checks to provide multi-line load balancing. Uses the enhanced least time origin-facing algorithm to ensure low-latency connections.
Single-region active-active	Multi-node services are deployed in cloud or on-premises environments within the same region. Nodes provide services concurrently and are configured for mutual disaster recovery. The service requires high reliability and low-latency access.	Provides robust, automatic recovery from network path failures. Uses distributed health checks to provide multi-line load balancing.
Single-region active-standby	A single-node service is deployed in a cloud or on-premises environment within the same region. The service requires high reliability and low-latency access. Note A single-region active-standby service lacks native disaster recovery. However, Intelligent Load Balancing provides high reliability with automatic network disaster recovery and accelerates the user experience by ensuring low latency.	Provides robust, automatic recovery from network path failures. Uses distributed health checks to provide multi-line load balancing.

Billing

Intelligent Load Balancing is a paid feature. It is billed on a per-WAF-instance basis.

In Proxy mode, enabling Intelligent Load Balancing for any domain on a WAF instance enables the feature for the entire instance. The feature is billed per instance, regardless of how many domains use it. For more billing information, see Billing.

Enable intelligent load balancing

You can enable intelligent load balancing only for domain names added to WAF in Proxy mode.

To enable Intelligent Load Balancing:

On the Onboarding page of the Web Application Firewall 3.0 console, click Add on the Proxy tab to open the Add Domain Name configuration wizard.
In the Configure Listener step, click More Settings, set Protection Resource to Shared Cluster-based Intelligent Load Balancing, and then click Next.
In the Configure Forwarding Rule step, set Load Balancing Algorithm to Least time.

For more information, see Website config.

After you complete these settings, your WAF instance automatically uses intelligent DNS resolution and the least time origin-facing algorithm to process requests for the domain, ensuring the shortest, lowest-latency path for traffic from the protection node to your origin server.