Server Load Balancer:Use an ALB instance to provide IPv4 services

Prerequisites

• A virtual private cloud (VPC) is created. For more information, see Create a VPC with an IPv4 CIDR block and Create a VPC with an IPv6 CIDR block.

• The service-linked role AliyunServiceRoleForAlb is attached to your Alibaba Cloud account. The service-linked role is created the first time you create an ALB instance. The service-linked role allows the ALB instance to access cloud services and resources, such as elastic network interfaces (ENIs), security groups, elastic IP addresses (EIPs), and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.

Procedure

1. Preparations

   Before you use the ALB service, you must select a region to deploy an ALB instance, and create a VPC and Elastic Compute Service (ECS) instances.

2. Step 1: Create an ALB instance

   To use the ALB service, you must first create an ALB instance. An ALB instance is an entity that provides load balancing services.

3. Step 2: Create a server group

   You must create a server group and add backend servers to the server group to receive client requests that are forwarded by ALB.

4. Step 3: Configure a listener

   Configure a listener to listen for connection requests and forward the requests to backend servers based on a specified scheduling algorithm.

5. (Optional) Step 4: Create a CNAME record

   ALB allows you to map common domain names to the public domain name of the ALB instance by using CNAME records. This facilitates access to network resources.

Preparations

Before you use the ALB service, you must select a region in which you want to deploy an ALB instance, and create a VPC and one or more ECS instances.

• Select a region to deploy your ALB instance. Make sure that the ALB instance and the ECS instances that you want to add to the ALB instance are deployed in the same region and in the same VPC. We recommend that you deploy ECS instances across different zones to improve service availability.

• Create a VPC. For more information, see Create and manage a VPC.

• Create ECS instances based on your business requirements. For more information, see Create an instance by using the wizard.

Step 1: Create an ALB instance

1. Log on to the ALB console.

2. On the Instances page, click Create ALB.

3. On the Application Load Balancer buy page, configure the parameters that are described in the following table.

   Parameter	Description
   Region	Select the region in which you want to create the ALB instance.
   Network Type	Select a network type for the ALB instance. The system assigns a public or private IP address to the ALB instance based on the selected network type. In this example, Internet is selected. Intranet: The ALB instance has only private IP addresses and can be accessed only by resources in the VPC where the ALB instance is deployed. Internet: The ALB instance has public and private IP addresses. By default, Internet-facing ALB instances use EIPs to provide services over the Internet. If you select Internet, you are charged instance fees and data transfer fees for the EIPs. Public IP address: EIPs are used to provide services over the Internet and expose ALB instances to the Internet. Private IP address: allows resources in VPCs to access ALB instances. Note If an ALB instance is assigned an IPv4 address and an IPv6 address, the IPv4 address is used to provide services over the Internet. If you need to use the IPv6 address to provide services over the Internet, you must change the network type of the ALB instance. In this case, you are charged IPv6 gateway fees. For more information, see Billing rules.
   VPC	Select the VPC in which you want to deploy the ALB instance.
   Zone	Select zones and vSwitches. ALB supports multi-zone deployment. If the selected region supports two or more zones, you must select at least two zones to ensure high availability. You are not charged additional fees by ALB. Select a vSwitch in each zone that you selected. If no vSwitches are available, create one as prompted. Optional. Select an EIP in each zone that you selected. If no EIP is available in a zone, you can click Automatically assign EIP. The system automatically creates a pay-as-you-go (pay-by-data-transfer) EIP and associates the EIP with the ALB instance. The EIP uses BGP (Multi-ISP) lines and is protected by Anti-DDoS Origin Basic. Alternatively, you can associate an existing EIP with the ALB instance. Important You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances with an ALB instance. The EIPs allocated to different zones of the same ALB instance must be of the same type.
   IP Mode	Select an IP mode for the ALB instance. Static IP: Only one IP address is available in each zone. The IP address cannot be changed. An ALB instance that uses a static IP address supports at most 100,000 queries per second (QPS). Dynamic IP: One or more IP addresses are available in each zone. The number of IP addresses that the ALB instance uses is based on your workload. This mode supports up to one million QPS.
   IP Version	Select an IP version for the ALB instance. In this example, IPv4 is selected. IPv4: If you select this option, the ALB instance can be accessed only by IPv4 clients. Dual-stack: If you select this option, the ALB instance can be accessed by both IPv4 and IPv6 clients. Note For more information about the regions that support dual-stack ALB instances, see Overview of ALB instances. If you want to enable the dual-stack feature, you must enable IPv6 for the vSwitches in the zones of the VPC. Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to IPv4 and IPv6 backend services. Dual-stack ALB instances can forward requests from IPv6 clients to IPv4 backend services deployed on the following types of backend servers: ECS instances, ENIs, elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported. Dual-stack ALB instances can forward requests from IPv6 clients to IPv6 backend services deployed on the following types of backend servers: ECS instances. ENIs, and elastic container instances. Backend servers of the IP address or Function Compute type are not supported. IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed. Access control lists (ACLs) support only IPv4 addresses.
   Edition	Select the edition of the ALB instance. Basic: Basic ALB instances support basic routing features, such as request forwarding based on domain names, URLs, and HTTP headers. Standard: Standard ALB instances support basic and advanced routing features, such as custom TLS security policies, redirects, and rewrites. WAF Enabled: As an upgrade from standard ALB instances, WAF-enabled ALB instances are integrated with Web Application Firewall (WAF) 3.0 to protect web applications. Network traffic is filtered by WAF before traffic is routed to ALB listeners. Note Limits on WAF-enabled ALB instances: Before you purchase WAF-enabled ALB instances, you must complete real-name verification. For more information about the regions in which WAF-enabled ALB instances are supported, see Limits on WAF-enabled ALB instances. Make sure that WAF is not activated within your Alibaba Cloud account, or WAF 3.0 is activated in your Alibaba Cloud account. If WAF is not activated in your Alibaba Cloud account, a pay-as-you-go WAF 3.0 instance is created after you create a WAF-enabled ALB instance. If you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0. For more information about how to release a WAF 2.0 instance, see Terminate the WAF service. For more information about how to migrate to WAF 3.0, see Migrate a WAF 2.0 instance to WAF 3.0. You can upgrade only basic and standard ALB instances that are in the Running state to WAF-enabled ALB instances. For more information about the differences among basic ALB instances, standard ALB instances, and WAF-enabled ALB instances, see Functions and features.
   Associate with EIP Bandwidth Plan	If an ALB instance is deployed in two zones and is not associated with an Internet Shared Bandwidth instance, the default maximum Internet bandwidth of the ALB instance is 400 Mbit/s. If you require a larger bandwidth, associate an Internet Shared Bandwidth instance with your ALB instance. If you select Associate with EIP Bandwidth Plan, you must select an Internet Shared Bandwidth instance. If no Internet Shared Bandwidth instance is available, click Buy Shared Bandwidth Package and purchase an Internet Shared Bandwidth instance. Then, return to the ALB buy page and click the icon to select the Internet Shared Bandwidth instance that you purchased. We recommend that you purchase a pay-as-you-go Internet Shared Bandwidth instance. For more information, see Create an Internet Shared Bandwidth. Note This parameter is available only if you set the Network Type parameter to Internet.
   Billing Method	By default, Pay-by-Data-Transfer is selected. The maximum bandwidth value is not a guaranteed value. It indicates the upper limit of bandwidth and is for reference only. In case of resource contention, the bandwidth allocated to each ALB instance may be less than the maximum bandwidth value. For more information about the billing of EIPs, see Pay-as-you-go. Note This parameter is available only if you set the Network Type parameter to Internet and do not select Associate with EIP Bandwidth Plan.
   Instance Name	Enter a name for the ALB instance.
   Resource Group	Select the resource group to which the NLB instance belongs.
   Notes on Creating Service Linked Roles	A service-linked role is required the first time you create an ALB instance. The service-linked role allows the ALB instance to access cloud services and resources, such as ENIs, security groups, EIPs, and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.

4. Click Buy Now and complete the payment.

5. Return to the Instances page and select the region where the ALB instance is deployed to view the ALB instance.

Step 2: Create a server group

1. In the left-side navigation pane, choose ALB > Server Groups.

2. On the Server Groups page, click Create Server Group.

3. In the Create Server Group dialog box, configure the parameters that are described in the following table and click Create.

   Parameter	Description
   Server Group Type	Select a server group type. Valid values: Server: allows you to add backend servers by specifying ECS instances, ENIs, or elastic container instances. IP: allows you to add backend servers by specifying IP addresses. Function Compute: allows you to add backend servers by specifying functions. In this example, Server is selected.
   Server Group Name	Enter a name for the server group.
   VPC	Select the VPC in which the ECS instances are deployed.
   Backend Server Protocol	Select a backend protocol. In this example, HTTP is selected.
   Scheduling Algorithm	Select a scheduling algorithm. In this example, Weighted Round-robin is selected.
   Resource Group	Select the resource group to which the server group belongs.
   Tag	Configure the Tag Key and Tag Value parameters. After you specify tags, you can filter server groups by tag on the Server Groups page.
   IPv6 Support	Specify whether to enable IPv6 support. In this example, IPv6 Support is turned off. If you enable IPv6, you can add IPv4 and IPv6 backend servers to the server group. You can set Server Group Type only to Server. If you disable IPv6, you can add only IPv4 backend servers to the server group. You can set Server Group Type to Server, IP, or Function Compute. Note If IPv6 is disabled for the VPC of the server group, you cannot enable IPv6. This parameter is unavailable for server groups of the IP and Function Compute types. When you create a listener for an IPv4 ALB instance, you cannot add server groups for which IPv6 is enabled.
   Session Persistence	After session persistence is enabled, ALB forwards requests from a client to the same backend server. In this example, Session Persistence is turned off.
   Persistent Connection	Specify whether to enable the persistent TCP connection feature. In this example, Persistent Connection is turned off. After the persistent TCP connection feature is enabled, a number of persistent TCP connections are maintained between the ALB instance and the backend servers. If the ALB instance receives a request and an idle persistent TCP connection exists, ALB preferentially uses the persistent TCP connection to forward the request to a backend server. This reduces the number of TCP handshakes and the workload on the backend servers.
   Health Check Settings	In this example, Health Check is turned on and the default health check settings are used. For more information, see Create and manage a server group.

4. In the The server group is created. message, click Add Backend Server.

5. On the Backend Servers tab of the page that appears, click Add Backend Server.

6. In the Add Backend Server panel, select one or more ECS instances that you have created and click Next.

7. Specify the ports and the weights of the backend servers and click OK.

8. Return to the Server Groups page to view the server group that you configured.

Step 3: Configure a listener

1. In the left-side navigation pane, choose ALB > Instances.

2. On the Instances page, find the ALB instance that you want to manage and click Create Listener in the Actions column.

3. In the Configure Listener step, configure the following parameters and click Next.

   • Listener Protocol: Select a listener protocol. In this example, HTTP is selected.

   • Listener Port: Select the listener port that is used to receive and forward requests to backend servers. Valid values: 1 to 65535. In this example, port 80 is used.

   • Listener Name: Enter a name for the listener.

   • Tag: Configure the Tag Key and Tag Value parameters. After you specify tags, you can filter listeners by tag on the Listeners tab.

   • Advanced Settings: In this example, the default advanced settings are used. You can also click Modify to modify the settings. For more information about the parameters, see Add an HTTP listener.

4. In the Select Server Group step, select a server group to receive requests forwarded by the ALB instance. Then, click Next.

5. In the Configuration Review step, confirm the configurations and click Submit.

6. On the Listener tab of the instance details page, you can view the listener that you created.

   You can add forwarding rules to the listener of the ALB instance to control how ALB forwards requests to backend servers. For more information, see Manage forwarding rules for a listener.

(Optional) Step 4: Create a CNAME record

ALB allows you to map common domain names to the public domain name of the ALB instance by using CNAME records. This facilitates access to network resources. For more information, see Configure a CNAME record.

1. In the left-side navigation pane, choose ALB > Instances.

2. On the Instances page, copy the domain name of the ALB instance.

3. To create a CNAME record, perform the following steps:

   1. Log on to the Alibaba Cloud DNS console.

   2. On the Domain Name Resolution page, click Add Domain Name.

   3. In the Add Domain Name dialog box, enter the domain name of your host and click OK.

      Important

      Before you create the CNAME record, you must use a TXT record to verify the ownership of the domain name.

   4. In the Actions column of the domain name that you want to manage, click DNS Settings.

   5. On the DNS Settings page, click Add DNS Record.

   6. In the Add DNS Record panel, set the following parameters and click OK.

      Parameter	Description
      Record Type	Select CNAME from the drop-down list.
      Hostname	Enter the prefix of your domain name.
      DNS Request Source	Select Default.
      Record Value	Enter the CNAME. The CNAME is the domain name of the ALB instance.
      TTL Period	Select the time-to-live (TTL) value of the record on the DNS server. In this example, the default value is used.

      Note

      • New CNAME records immediately take effect. The time that is required for a modified CNAME record to take effect is determined by the TTL value. The default TTL value is 10 minutes.

      • If the CNAME record that you want to create conflicts with an existing record, specify another domain name.

4. Check whether the CNAME record is valid.

   Visit the custom domain name in a browser. If you can access the application, the CNAME record is valid. For more information, see Check whether the DNS records take effect.

Release an ALB instance

After you release an ALB instance, you are no longer charged for the ALB instance. However, you are still charged for the backend servers.

You cannot release an ALB instance for which deletion protection is enabled. If you want to release the ALB instance, disable Deletion Protection on the details page of the ALB instance. Otherwise, an error message is returned.

1. In the left-side navigation pane, choose ALB > Instances.

2. Find the ALB instance that you want to release and choose > Release in the Actions column.

3. In the Release Instance message, click OK.

References