Web Application Firewall (WAF) 2.0 provides extra bandwidth packages that you can purchase to increase the clean bandwidth of your WAF instance. WAF 2.0 provides a default clean bandwidth. You must estimate the service traffic of a website that you want to add to WAF and select a WAF edition and extra bandwidth package based on the estimation results. This topic describes the concept of clean bandwidth, methods to estimate and view clean bandwidth, and impacts when clean bandwidth is exceeded.
Clean bandwidth
Clean bandwidth refers to the bandwidth of peak traffic that can be processed by a WAF 2.0 instance. The bandwidth is measured in Mbit/s. If the clean bandwidth of a WAF 2.0 instance is 100 Mbit/s, the instance can process approximately 4,000 queries per second (QPS).
If you add multiple websites to a WAF 2.0 instance, make sure that the sum of peak traffic of all websites does not exceed the clean bandwidth of the instance. Otherwise, access to your websites are affected. For more information, see Impacts when clean bandwidth is exceeded.
The actual clean bandwidth of a WAF 2.0 instance is equal to the default clean bandwidth plus the extra bandwidth that you purchase.
The following table describes the default clean bandwidth and supported peak QPS in each edition of WAF.
WAF 2.0 edition | Default clean bandwidth (origin server on Alibaba Cloud, such as ECS and SLB) | Default clean bandwidth (origin server outside Alibaba Cloud, such as servers on third-party cloud platforms or in data centers) | Peak QPS |
Pro | 50 Mbit/s | 10 Mbit/s | 2,000 QPS |
Business | 100 Mbit/s | 30 Mbit/s | 5,000 QPS |
Enterprise | 200 Mbit/s | 50 Mbit/s | 10,000 QPS |
If the default clean bandwidth of a WAF 2.0 instance cannot meet your website protection requirements, you can purchase extra bandwidth packages to increase the clean bandwidth. For more information, see Purchase an extra bandwidth package.
Estimate the required clean bandwidth
The clean bandwidth of a WAF 2.0 instance must be greater than the service traffic of the websites that you want to add to WAF.
You can estimate service traffic based on the monitoring data of your Elastic Compute Service (ECS) instances or by using the monitoring tools that are installed on your origin servers. In most cases, the service traffic of a website is the larger value between the inbound peak traffic and outbound peak traffic of the website. For more information, see View the monitoring information of an ECS instance.
If a website is hosted on multiple ECS instances, you must estimate the sum of peak traffic of all instances. For example, you want to add three websites whose origin servers are deployed on Alibaba Cloud to WAF. The outbound peak traffic of each website is approximately 30 Mbit/s, and the sum of peak traffic is approximately 90 Mbit/s. In this case, you can purchase a WAF 2.0 instance of the Business edition, which provides a default clean bandwidth of 100 Mbit/s. If you purchase a WAF instance of the Pro edition, you must also purchase extra bandwidth packages because the Pro edition provides a default clean bandwidth of only 50 Mbit/s.
Impacts when clean bandwidth is exceeded
If the service traffic of a website that is added to WAF exceeds the clean bandwidth of a WAF 2.0 instance, WAF lowers the priorities based on which network and compute resources are allocated to the excess traffic-related services. WAF also triggers other handling actions, such as throttling and random packet discarding. As a result, the website may become slow or even unavailable. The service-level agreement (SLA) of WAF cannot be guaranteed.
In this case, you can upgrade the WAF edition or purchase extra bandwidth packages to increase the clean bandwidth. For more information, see Purchase an extra bandwidth package.
Check whether clean bandwidth is exceeded
If the clean traffic of your WAF 2.0 instance is exceeded, an error message is displayed in the upper part of the WAF console. 
To fix the error, perform the following operations:
Click View Details to open the Details dialog box.
Click Upgrade Now to go to the Upgrade/Downgrade page. On the Upgrade/Downgrade page, you can upgrade the WAF edition or purchase extra bandwidth packages to increase the clean bandwidth.
NoteThe actual clean bandwidth of a WAF instance is independent of the bandwidth or traffic limits of other Alibaba Cloud services, such as Alibaba Cloud CDN, Server Load Balancer (SLB), and ECS.
Purchase an extra bandwidth package
You can upgrade a WAF 2.0 instance to purchase an extra bandwidth package. For more information, see Renew a WAF instance.
Extra Bandwidth Package: You can configure this parameter to increase or decrease clean bandwidth in increments of 50 Mbit/s. You can specify a value from 0 to 5,000 Mbit/s.