This topic describes the limits on Network Load Balancer (NLB), including resource quotas.
Resource quotas
Item | Default value | Adjustable |
NLB instance | ||
Maximum number of NLB instances that each Alibaba Cloud account can have in a region | 60 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of elastic container instances that can be specified as backend servers for each NLB instance | 1,600 | No |
Maximum number of Elastic Compute Service (ECS) instances, elastic network interfaces (ENIs), or IP addresses that can be specified as backend servers for each NLB instance | 400 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of listeners that can be added to each NLB instance | 50 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of additional certificates that can be added to each NLB instance, excluding the default certificate | 25 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Server group | ||
Maximum number of NLB server groups that each Alibaba Cloud account can have in a region | 3,000 | No |
Maximum number elastic container instances that can be added to each server group | 1,600 | No |
Maximum number of ECS instances, ENIs, or IP addresses that can be added to each server group | 400 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of times that a backend server (including a backend server of the IP type) can be added to a server group | 200 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Maximum number of times that each NLB server group can be associated with a listener | 50 | You can request a quota increase by using one of the following methods:
For more information, see Request a quota increase. |
Security policy | ||
Maximum number of custom security policies that each Alibaba Cloud account can have in a region | 50 | No |
Security group | ||
Maximum number of security groups to which each NLB instance can be added | 4 | No |
Other limits
If the number of backend server groups drops to a low number, and a single client visits the domain name of the NLB instance whose backend servers have client IP address preservation enabled, or accesses the virtual IP addresses or elastic IP addresses (EIPs) of both the NLB instance and a Classic Load Balancer (CLB) instance that share the same backend servers, conflicts may arise in source IP addresses, source ports, destination IP addresses, destination ports, and transmission protocols.
The private virtual IP addresses to which the domain name of an NLB instance is resolved support probes. However, you need to enable ICMP when you configure Cloud Firewall or access control lists. Otherwise, the NLB domain name may fail to be resolved to the virtual IP addresses due to probe failures.
If a UDP listener is associated with a server group that uses ID hashing algorithms other than QUIC, such as round robin and weighted round robin, the backend servers must not use stateful UDP services, such as QUIC. If the backend servers need to use stateful UDP services, we recommend that the server groups use QUIC-based ID hashing.
If client IP preservation is disabled for an NLB server group, each NLB instance and a backend server (IP address) in a zone support at most 60,000 concurrent connections. Concurrent connections that exceed this upper limit cause port assignment failures, which result in new connection failures. To prevent such issues, we recommend that you enable client IP preservation for your NLB server groups or add more backend servers (IP addresses) to server groups to distribute connections.