Concept, billing, security, and limits of ECS instance network bandwidth - Elastic Compute Service

Network bandwidth is the maximum amount of data that can be transferred over a network in a specific period of time. In most cases, the period of time is 1 second. Higher network bandwidth allows the transfer of a larger amount of data in the same period of time. Network bandwidth is classified into public bandwidth and internal bandwidth.

Public bandwidth

Public bandwidth is used to transfer data between Elastic Compute Service (ECS) instances and the Internet. Public bandwidth is classified into outbound public bandwidth and inbound public bandwidth. Outbound public bandwidth is used for traffic from ECS instances to the Internet. Inbound public bandwidth is used for traffic from the Internet to ECS instances. You are charged for outbound public bandwidth. The maximum inbound public bandwidth varies based on the outbound public bandwidth: If the outbound public bandwidth is less than or equal to 10 Mbit/s, the inbound public bandwidth is capped at 10 Mbit/s. If the outbound public bandwidth is greater than 10 Mbit/s, the inbound public bandwidth is equal to the outbound public bandwidth. If the outbound public bandwidth is greater than 1 Gbit/s, distributed throttling is automatically enabled. The maximum bandwidth value that you specify is evenly allocated to multiple ECS instances. For each ECS instance, public bandwidth for single-flow traffic is limited to the specified maximum bandwidth value divided by the number of instances, and public bandwidth for multi-flow traffic is limited to the specified maximum bandwidth value.

You can enable public bandwidth for an ECS instance by assigning a public IP address to the instance when you create the instance. For more information, see Best practices for configuring public bandwidth. Alternatively, you can enable public bandwidth for an ECS instance by associating an elastic IP address (EIP) with the instance after you create the instance. For more information, see Associate an EIP with an instance. You can use Anycast EIPs to improve Internet access based on the stable Border Gateway Protocol (BGP) lines and the global transmission network of Alibaba Cloud. For information about Anycast EIPs, see What is Anycast EIP? You can assign an IPv6 address to an ECS instance and enable IPv6 public bandwidth for the instance. For more information, see Step 3: Enable IPv6 public bandwidth for a Windows instance or Step 3: Enable IPv6 public bandwidth for a Linux instance.

Bandwidth billing

Public bandwidth supports the pay-by-bandwidth and pay-by-traffic metering methods. For more information, see Public bandwidth. To share and reuse network bandwidth within a region, create an Internet Shared Bandwidth instance in the region. For information about Internet Shared Bandwidth, see What is an Internet Shared Bandwidth? You can associate EIPs with an Internet Shared Bandwidth instance that resides in the same region as the EIPs. This way, you can reuse network bandwidth in the Internet Shared Bandwidth instance and reduce costs. You can apply data transfer plans to the IPv4 data transfer of eligible resources to reduce the costs of your public bandwidth usage. Eligible resources include public IP addresses, EIPs, Classic Load Balancer (CLB) instances, and Internet Shared Bandwidth instances that use the pay-by-traffic (also known as pay-by-data-transfer) metering method. You cannot apply data transfer plans to EIPs of BGP (Multi-ISP) Pro. For more information about data transfer plans, see What is a data transfer plan?

Bandwidth security

By default, Alibaba Cloud Security Center provides a DDoS mitigation capacity for each ECS instance free of charge. The mitigation capacity varies based on the instance type and can be up to 5 Gbit/s. For more information, see View the thresholds that trigger blackhole filtering in Anti-DDoS Origin Basic.
After you activate Anti-DDoS Origin Basic, Alibaba Cloud Security Center monitors inbound traffic to ECS instances in real time. When an ultra-large amount of traffic or suspicious traffic such as DDoS attack traffic is detected, Security Center redirects traffic from the intended paths to a scrubbing device. The scrubbing device identifies and removes malicious traffic, and then returns legitimate traffic. Then, the legitimate traffic is forwarded to ECS instances by using the intended paths. For more information, see What is Anti-DDoS Origin?
When an ECS instance is under a DDoS attack, you can defend against the attack at the earliest opportunity based on the pushed event. For more information, see Instance security events.

Limits

Starting November 27, 2020, the maximum bandwidth value that is available for new ECS instances or updated ECS instances vary based on the throttling policies of your account. To apply for an increase in bandwidth quotas, submit a ticket.

The following throttling policies apply:

In each region, the total maximum bandwidth of all ECS instances that use the pay-by-traffic metering method cannot exceed 5 Gbit/s.
In each region, the total maximum bandwidth of all ECS instances that use the pay-by-bandwidth metering method cannot exceed 50 Gbit/s.

For more information, see Public bandwidth limits.

Internal bandwidth

Internal bandwidth is used to transfer data between ECS instances over the internal network in the same virtual private cloud (VPC) and region. You can connect ECS instances to ApsaraDB RDS instances, Server Load Balancer (SLB) instances, and Object Storage Service (OSS) buckets over the internal network. You are not charged for in-region data transfer over the internal network. The internal bandwidth value varies based on the instance type. For information about the internal bandwidth value that is supported by each instance type, see Overview of instance families. Internal bandwidth is allocated to each ECS instance. If multiple network interfaces are bound to an ECS instance, the sum of the internal bandwidth that is used by the network interfaces cannot exceed the internal bandwidth of the instance.

Note

Cross-zone internal bandwidth varies based on the bandwidth specifications of instance types. Network latency increases with distance between zones.
Internal bandwidth in a deployment set or across deployment sets also varies based on the bandwidth specifications of instance types.

When you use internal bandwidth, take note of the following items:

Physical network bandwidth is shared across ECS instances. The internal bandwidth of an ECS instance may be affected by the internal bandwidth usage of other ECS instances. In most cases, an ECS instance can achieve the internal bandwidth provided by the instance type. For information about how to test internal bandwidth performance, see Best practices for testing network performance.
If your business intermittently requires a network bandwidth that exceeds the baseline bandwidth of ECS instances, you can select an instance type that supports burst bandwidth. An ECS instance of an instance type that supports burst bandwidth accrues credits when the instance uses network bandwidth that is lower than its baseline bandwidth. If physical network bandwidth is available, the ECS instance can consume credits to burst its network bandwidth beyond the baseline bandwidth for a limited period of time. For information about the maximum burst bandwidth supported by instance types, see Overview of instance families.
In scenarios such as high-performance computing, big data processing, and AI training, you can select an Elastic Remote Direct Memory Access (eRDMA)-capable instance type to provide low-latency, high-throughput network services. RDMA transfers data from user-mode programs to Host Channel Adapters (HCAs) for network transmission, without the need to go through the kernel stack. RDMA helps greatly reduce CPU load and latency.
If you want a 100 Gbit/s or higher internal bandwidth per instance, select an instance type that supports network card mappings and specify network card indexes to attach elastic network interfaces to different network cards at the underlying layer. This way, you can maximize bandwidth utilization. For information about network card mappings, see Basics.
If your business requires concurrent data transmission and reception, we recommend that you use seventh-generation or later instance types to achieve full-duplex transmit and receive bandwidth. The transmission and reception rates are separately calculated. Data can be transmitted and received at the full rate at the same time.

Burst bandwidth

Specific instance types in sixth-generation or later instance families support burst bandwidths. ECS instances of the instance types can burst their network bandwidths beyond the baseline bandwidths to meet additional bandwidth demand. For information about the instance types that support network burst bandwidth, see Overview of instance families.

Concepts and mechanism of burst bandwidth

Credits
Credits determine how long an ECS instance can burst its network bandwidth beyond the baseline bandwidth. For example, an ECS instance of the ecs.g8i.large instance type supports up to 15 Gbit/s of burst bandwidth and can consume one credit to do the following:
- Use 15 Gbit/s of bandwidth for 1 second.
- Use 7.5 Gbit/s of bandwidth for 2 seconds.
- Use 5 Gbit/s of bandwidth for 3 seconds.
Other bandwidth amounts follow the same pattern.
Earn credits
An ECS instance earns credits when it is running. The speed at which an ECS instance earns credits varies based on the instance type, which is calculated by using the following formula: (Baseline bandwidth/Maximum burst bandwidth) × 60 seconds. For example, an ECS instance of the ecs.g8i.large instance type earns 10 credits per minute, which is calculated by using the following formula:
(2.5 Gbit/s/15 Gbit/s) × 60 seconds = 10.
Accrue credits
A running ECS instance can accrue credits when the instance uses network bandwidth that is lower than its baseline bandwidth. A limit is imposed on the number of credits that an ECS instance can accrue. The speed at which an ECS instance accrues credits varies based on the bandwidth usage of the instance. For example, an ECS instance of the ecs.g8i.large instance type has a baseline bandwidth of 2.5 Gbit/s and can burst its network bandwidth to up to 15 Gbit/s.
- Each minute the ECS instance uses a network bandwidth of 2.0 Gbit/s, the instance accrues 2 credits: (2.5 Gbit/s - 2.0 Gbit/s)/15 Gbit/s × 60 seconds = 2.
- Each minute the ECS instance uses a network bandwidth of 1.5 Gbit/s, the instance accrues 4 credits: (2.5 Gbit/s - 1.5 Gbit/s)/15 Gbit/s × 60 seconds = 4.
- Each minute the ECS instance uses a network bandwidth of 1.0 Gbit/s, the instance accrues 6 credits: (2.5 Gbit/s - 1.0 Gbit/s)/15 Gbit/s × 60 seconds = 6.
Other bandwidth amounts follow the same pattern.
Consume credits
An ECS instance consumes credits when the instance uses network bandwidth that is higher than its baseline bandwidth. When the ECS instance exhausts its credits, the network bandwidth of the instance is capped at the baseline bandwidth. For example, an ECS instance of the ecs.g8i.large instance type can burst its network bandwidth to up to 15 Gbit/s.
- Each minute the ECS instance uses a network bandwidth of 15 Gbit/s, the instance consumes 60 credits: 15 Gbit/s/15 Gbit/s × 60 seconds = 60.
- Each minute the ECS instance uses a network bandwidth of 10 Gbit/s, the instance consumes 40 credits: 10 Gbit/s/15 Gbit/s × 60 seconds = 40.
- Each minute the ECS instance uses a network bandwidth of 5 Gbit/s, the instance consumes 20 credits: 5 Gbit/s/15 Gbit/s × 60 seconds = 20.
Other bandwidth amounts follow the same pattern.
Maximum number of accrued credits
The maximum number of credits that an ECS instance can accrue varies based on the instance type. An ECS instance of a higher-specification instance type can accrue a larger maximum number of credits.
Launch credits
When you create and start an ECS instance, the instance receives the maximum number of credits as its launch credits.

Select instance types based on bandwidth usage

In this section, an ECS instance of the ecs.g8i.large instance type is used to describe how you can leverage the combination of baseline bandwidth and burst bandwidth to meet your business requirements. In the following figure, the blue line indicates the actual bandwidth usage, and the orange line indicates the credit balance. During a specific period, a traffic burst that resulted in a peak bandwidth usage of 10 Gbit/s occurred. For the rest of the time, the bandwidth usage is around 2 Gbit/s.

Most of the time, the business requires a bandwidth of approximately 2 Gbit/s, which can be covered by the baseline bandwidth (2.5 Gbit/s) provided by the ecs.g8i.large instance type. In this case, you do not need to use an instance type that has higher specifications, such as the ecs.g8i.xlarge instance type.
The actual peak bandwidth is 10 Gbit/s, which is lower than the 15 Gbit/s maximum burst bandwidth provided by the ecs.g8i.large instance type. In this case, you do not need to use an instance type that has higher specifications, such as the ecs.g8i.xlarge instance type.
At the 11th minute, the traffic burst starts and the bandwidth usage increased to 10 Gbit/s. As the traffic burst continues, credits are constantly consumed. After the credits are exhausted at the 21st minute, bandwidth is limited to 2.5 Gbit/s, which is the baseline bandwidth. If this performance limit is not acceptable, use an instance type that has higher specifications, such as the ecs.g8i.xlarge instance type.

Monitor network bandwidth

You can use CloudMonitor to monitor network bandwidth.

References

For information about how to change the metering method of public bandwidth, see Change the billing method for network usage.
For information about how to change the public bandwidth of an ECS instance, see Modify the bandwidth configurations of subscription instances and Modify the bandwidth configurations of pay-as-you-go instances.
For information about how to change the bandwidth and billing method of an EIP, see Modify the bandwidth of an EIP.