All Products
Search

This Product

    Server Load Balancer:Create and manage ALB instances

    Document Center

    Server Load Balancer:Create and manage ALB instances

    Last Updated:Jan 07, 2026

    Application Load Balancer (ALB) is a load balancing service that works at Layer 7. It provides powerful application-layer processing capabilities and a rich set of advanced forwarding rules. You can purchase an ALB instance to forward requests from clients to backend servers.

    Create an instance

    Planning and preparation

    • Account permissions: When you create an ALB instance for the first time, the system prompts you to create the AliyunServiceRoleForAlb service-linked role. This role is required to authorize ALB to access cloud resources such as elastic network interfaces (ENIs), security groups, elastic IP addresses (EIPs), and Internet Shared Bandwidth instances.

    • Network preparation:

      • You have created a Virtual Private Cloud (VPC) in the destination region.

      • To ensure high availability, deploy the ALB instance in at least two zones if the region supports multiple zones. Make sure that you create at least one vSwitch in each zone that you plan to use.

    • IP address planning:

      • An ALB instance is allocated three IP addresses from each specified vSwitch. This includes one virtual IP address (VIP) for external services and two local IP addresses for communication with backend servers.

      • To ensure the elastic capabilities of the ALB instance, reserve at least eight IP addresses in each vSwitch where the instance is deployed.

    • Security planning: To ensure proper connectivity between the ALB instance and backend services, if security policies exist in the access path, you must allow traffic from the vSwitch CIDR block of the ALB instance in advance. These policies can include Alibaba Cloud security groups and other third-party security policies.

    Console

    1. Go to the Instances page of the ALB console and click Create ALB.

    2. On the buy page, configure the following parameters and click Buy Now.

      • Region: Select the region that is closest to your clients to reduce latency.

        For more information, see Regions and zones that support ALB.

      • Instance Network Type:

        • Private: Assigns only a private IP address for access within the Alibaba Cloud private network.

        • Public: Assigns both a public and private IP address to support access from the Internet and the private network. By default, ALB uses an EIP to provide public network access.

        If you select Public, you are charged for the configuration and traffic of the EIP.
        By default, a dual-stack public instance uses an IPv4 address to provide public services and does not have public IPv6 capabilities. To enable public IPv6 capabilities, change the network type of the ALB instance. This action incurs IPv6 public network fees.

      • VPC: The instance and its server group must be in the same VPC.

      • Zone:

        • If the region supports multiple zones, select at least two zones and their corresponding vSwitches.

        • (Only when Instance Network Type is set to Public) You can attach an existing EIP or select Auto-assign Public IP. If you select the latter, the system creates a pay-by-traffic EIP and attaches it to the ALB instance.

          You can attach only purchased pay-by-traffic EIPs that are not added to a shared bandwidth instance. The EIP types attached to different zones of the same ALB instance must be the same.

      • Protocol Version: To support IPv6 access, select Dual-stack. Otherwise, select IPv4.

        Before you purchase a dual-stack ALB instance, you must enable IPv6 for the vSwitch where the instance is located.
        You can create only new dual-stack instances. You cannot upgrade an existing IPv4 instance to a dual-stack instance.

      • Edition (Instance Fee):

        • Basic: Provides basic ALB features. Supports routing based on domain names, URLs, and HTTP headers.

        • Standard: Includes all Basic features, plus custom TLS security policies, Tracing Analysis, and advanced routing features such as redirection and rewrite.

        • WAF-enabled: Includes all Standard features and integrates with Web Application Firewall (WAF) 3.0 to provide application-layer security for web services.

          If no WAF instance is activated for your account, a pay-as-you-go WAF 3.0 instance is automatically activated when you purchase a WAF-enabled ALB instance.
          If a subscription WAF 3.0 instance is already activated for your account, no additional WAF fees are incurred when you purchase a WAF-enabled ALB instance.
          If a WAF 2.0 instance is activated for your account, you must first release the WAF 2.0 instance or migrate to WAF 3.0.
          By default, ALB does not enable the X-Forwarded-Proto header. After you release a WAF 2.0 instance, accessing ALB directly may cause service exceptions, such as infinite redirection, because the backend service cannot correctly identify the protocol (HTTP or HTTPS). To avoid this issue, you must manually enable the X-Forwarded-Proto request header in the ALB listener configuration.

      • (Only when Instance Network Type is set to Public) Add to Shared Bandwidth: The default maximum public bandwidth for a dual-zone ALB instance is 400 Mbps. You can add the instance to a shared bandwidth instance to obtain a higher maximum bandwidth.

      • (Only when Instance Network Type is set to Public and Add to Shared Bandwidth is not selected) Public Network Billing Method: The default billing method is Pay-by-data-transfer and cannot be changed.

        In pay-by-data-transfer mode, the maximum bandwidth is not guaranteed by the Service Level Agreement (SLA). It is for reference only and represents an upper limit. If resource contention occurs, the maximum bandwidth may be limited.

      • Instance Name and Resource Group: We recommend that you configure these parameters for easier management. After you purchase an instance, you can modify the instance name and use tags to manage the instance on the Instances page.

    API

    Call the CreateLoadBalancer operation to create an ALB instance.

    What to do next

    Release an instance

    You are charged an instance fee from the time the instance is created until it is released, regardless of whether it is in use. To avoid unnecessary costs, release instances that you no longer need.

    When you release a public ALB instance, the EIP or Anycast EIP that was created and associated with it during instance creation, cloning, zone addition, or a network type change from private to public is automatically detached and released.
    Warning

    • Releasing an instance deletes all its configurations and is an irreversible action. Proceed with caution.

    • If the instance is managed by another Alibaba Cloud service, such as Container Service for Kubernetes (ACK), releasing the instance causes the associated service to become abnormal and unrecoverable.

    • Before you release the instance, make sure that the business domain name mapped to it is pointed to another address to avoid service interruptions.

    Before you release an instance, make sure that deletion protection is disabled.

    Console

    Go to the Instances page of the ALB console. In the Actions column of the target instance, choose 选择 > Release and Confirm the action.

    API

    Deletion protection and configuration read-only mode

    The deletion protection and configuration read-only mode features prevent instances from being accidentally deleted or modified.

    Console

    Go to the Instances page of the ALB console. Click the ID of the target instance to go to the Instance Details page. In the Instance Information section, you can enable or disable Deletion Protection and Configuration Read-only Mode.

    API

    Billing

    ALB supports the pay-as-you-go and resource plan billing methods. For more information about billable items, see Billing overview of ALB.

    Quotas

    For more information, see ALB quotas.