Performance and usage limits - Server Load Balancer - Alibaba Cloud Documentation Center

This topic describes the performance metrics and usage limits of Network Load Balancer (NLB).

Instance performance metrics

Per-VIP performance metric	Maximum auto-scaling performance
New connection rate	200,000/s
Maximum concurrent connections	5,000,000
Private network throughput (inbound + outbound)	50 Gbps
Packets per second (PPS)	8,000,000 pps

Instance performance = Number of zones × Per-VIP performance metric

NLB instance (VIP) performance scales automatically within minutes as traffic grows. If you require higher performance or faster scaling, contact your account manager.

Internet-facing NLB instances use Elastic IP Address (EIP) for Internet access by default. For Internet performance limits, see EIP performance limits.

NLB quota limits

Resource	Default limit	Quota increase
NLB instances
Number of NLB instances per region per Alibaba Cloud account	60	You can increase the quota by using either of the following methods: Go to the Server Load Balancer (SLB) console - Quota Center page, select the NLB tab, and increase the nlb_quota_loadbalancers_num quota. Go to Quota Center to request the quota increase. For more information, see Adjust quotas.
Number of backend servers per NLB instance (Elastic Container Instance type)	1,600	Cannot be requested
Number of backend servers per NLB instance (Elastic Compute Service (ECS)/Elastic Network Interface (ENI)/IP type)	400	You can increase the quota by using either of the following methods: Go to the SLB console - Quota Center page, select the NLB tab, and increase the nlb_quota_loadbalancer_noeci_servers_num quota. Go to Quota Center to request the quota increase. For more information, see Adjust quotas.
Number of listeners per NLB instance	50	You can increase the quota by using either of the following methods: Go to the SLB console - Quota Center page, select the NLB tab, and increase the nlb_quota_loadbalancer_listeners_num quota. Go to Quota Center to request the quota increase. For more information, see Adjust quotas.
Number of additional certificates per NLB instance (excluding the default certificate)	25	You can increase the quota by using either of the following methods: Go to the SLB console - Quota Center page, select the NLB tab, and increase the nlb_quota_loadbalancer_certificates_num quota. Go to Quota Center to request the quota increase. For more information, see Adjust quotas.
Server groups
Number of NLB server groups per region per Alibaba Cloud account	3,000	Cannot be requested
Number of backend servers per server group (Elastic Container Instance type)	1,600	Cannot be requested
Number of backend servers per server group (ECS/ENI/IP type)	400	You can increase the quota by using either of the following methods: Go to the SLB console - Quota Center page, select the NLB page, and increase the nlb_quota_servergroup_noeci_servers_num quota. Go to Quota Center to request the quota increase. For more information, Adjust quotas.
Number of times a backend server (including IP type) can be added to NLB server groups	200	You can increase the quota by using either of the following methods: Go to the SLB console - Quota Center page, select the NLB page, and increase the nlb_quota_server_added_num quota. Go to Quota Center to request the quota increase. For more information, see Adjust quotas.
Number of listener associations per NLB server group	50	You can increase the quota by using either of the following methods: Go to the SLB console - Quota Center page, select the NLB tab, and increase the nlb_quota_servergroup_attached_num quota. Go to Quota Center to request the quota increase. For more information, see Adjust quotas.
Security policies
Number of custom NLB security policies per region per Alibaba Cloud account	50	Cannot be requested
Security groups
Number of security groups that an NLB instance can be added to	The number of security groups an NLB instance can be added to and the number of associated security group rules are subject to the ECS security group quota limits: Number of security groups that can be associated with an NLB instance = Security group quota for an elastic network interface (ENI) of an ECS instance - 1 (taken by the managed security group) Number of security group rules that can be associated with an NLB instance = Security group rule quota for an ENI of an ECS instance - Number of security group rules in the managed security group rules

Other limits

When the number of backend servers is small and a single client accesses the NLB instance domain name (with client IP preservation enabled in the associated server group), or when a client simultaneously accesses the VIP or EIP of both NLB and CLB instances that use the same backend servers, 5-tuple conflicts may occur on the backend servers.
NLB instance domain names have built-in availability probes for private VIPs. When configuring cloud firewalls or network ACLs, allow ICMP traffic to prevent the VIP from being removed from DNS for the NLB domain name due to failed availability probes.
When a UDP listener uses a server group with a non-QUIC ID hash scheduling algorithm (such as round robin or weighted round robin), avoid using stateful protocols (such as QUIC) on backend UDP services. If your backend UDP services are stateful, use the QUIC ID hash scheduling algorithm for the server group.
When client IP preservation is disabled for a server group, each zone supports up to 60,000 concurrent connections between the NLB instance and a single backend server (including IP type). If this limit is exceeded, new local IPs are automatically allocated to avoid port exhaustion. Each zone supports up to 8 local IPs, which allows up to 250,000 concurrent connections between the NLB instance and a single backend server (including IP type) per zone. Make sure that the vSwitch has sufficient available IP addresses to support this scaling.
Note
To avoid this situation, we recommend that you enable client IP preservation or add more backend servers (including IP type) to the server group to distribute connections.