Help Center/ Web Application Firewall/ User Guide/ Buying WAF/ Expansion Packages Available in Cloud WAF/ QPS Expansion Package
Updated on 2024-03-21 GMT+08:00
View PDF

QPS Expansion Package

A certain amount of bandwidth is provided when you buy a standard, professional, or platinum WAF instance billed on a yearly/monthly basis. If you need to protect a larger QPS, you can buy additional QPS expansion packages.

What Is the Service Bandwidth Limit?

  • The service bandwidth limit is the amount of normal traffic a WAF instance can protect. A QPS expansion package protects up to:
    • For web applications deployed on Huawei Cloud

      Service bandwidth: 50 Mbit/s

      QPS: 1,000 (Each HTTP GET request is a query.)

    • For web applications not deployed on Huawei Cloud

      Service bandwidth: 20 Mbit/s

      QPS: 1,000 (Each HTTP GET request is a query.)

    The bandwidth in WAF is calculated by WAF itself and is not associated with the bandwidth or traffic limit of other Huawei Cloud products (such as CDN, ELB, and ECS).

  • By default, a certain amount of bandwidth can be protected by the standard, professional, or platinum WAF instance billed in yearly/monthly mode. If your origin servers (such as ECSs or ELB load balancers) are on Huawei Cloud, more bandwidth can be protected. For example, if you use a platinum instance, it can protect up to 300 Mbit/s of bandwidth for origin servers on Huawei Cloud, or protect up to 100 Mbit/s of bandwidth for origin servers outside Huawei Cloud, such as in on-premises data centers.
    Figure 1 Service bandwidth

How Many QPS Expansion Packages Do I Need?

Before buying WAF, confirm the total inbound and outbound peak traffic of the websites to be protected by WAF. Ensure that the bandwidth of the WAF edition you select is greater than the total inbound peak traffic or the total outbound peak traffic, whichever is larger.

Generally, the outbound traffic is larger than the inbound traffic.

You can estimate the traffic by referring to the traffic statistics on the ECS console or using other monitoring tools.

Attack traffic must be removed in your estimations. For example, if your website is being accessed normally, WAF routes the traffic back to the origin ECS, but if your website is under attack, WAF blocks and filters out the illegitimate traffic, and routes only the legitimate traffic back to the origin ECS. The inbound and outbound traffic of the origin ECS you view on the ECS console is the normal traffic. If there are multiple ECSs, collect statistics on the normal traffic of all ECSs. For example, if you have six sites and the peak outbound traffic of each site does not exceed 2,000 QPS, then the total peak traffic volume does not exceed 12,000 QPS. In this case, you can buy the WAF platinum edition.

What Happens If Website Traffic Exceeds the Service Bandwidth or Request Limit?

If your website normal traffic exceeds the service bandwidth or request limit offered by the edition you select, forwarding website traffic may be affected.

For example, traffic limiting and random packet loss may occur. Your website services may be unavailable, frozen, or respond very slowly.

In this case, upgrade your edition or buy additional QPS expansion packages.

QPS Expansion Package

If your website service traffic is much more than what your WAF instance can protect, you can buy more QPS expansion packages.

For example, if your service traffic is 6,000 QPS and you have purchased the WAF professional edition, with a service request limit of 5,000 QPS, you can buy a QPS expansion package of 1,000 QPS to make up the difference. For details, see Changing the Edition and Specifications of a Cloud WAF Instance.