All Products
Search
Document Center

Server Load Balancer:Network traffic flow

Last Updated:Jan 26, 2024

Classic Load Balancer (CLB) uses CLB clusters to forward client requests to backend servers. CLB receives responses from backend servers over the internal network.

Inbound traffic flow

CLB distributes inbound traffic based on the forwarding rules that you configure in the CLB console or by using API operations. The following figure shows the inbound traffic flow.

Figure 1. Inbound traffic flow

image
  1. Inbound traffic that uses TCP, UDP, HTTP, or HTTPS must be forwarded through the Layer 4 cluster.

  2. The large amount of inbound traffic is distributed evenly among all nodes in the Layer 4 cluster, and the nodes synchronize sessions to ensure high availability.

    • If Layer 4 listeners based on UDP or TCP are used by the CLB instance, the nodes in the Layer 4 cluster distribute requests directly to backend Elastic Compute Service (ECS) instances based on forwarding rules configured for the CLB instance.

    • If Layer 7 listeners based on HTTP are used by the CLB instance, the nodes in the Layer 4 cluster first distribute requests to the Layer 7 cluster. Then, the nodes in the Layer 7 cluster distribute the requests to backend ECS instances based on the forwarding rules configured for the CLB instance.

    • If Layer 7 listeners based on HTTPS are used by the CLB instance, requests are distributed in a similar way to how requests are distributed by a CLB instance that uses listeners based on HTTP. The difference is that the system calls the Key Server to validate certificates and decrypt data packets before requests are distributed to backend ECS instances.

Outbound traffic flow

CLB and backend ECS instances communicate over the internal network.

  • If backend ECS instances handle only the traffic distributed from CLB, you do not need to purchase Internet bandwidth resources, such as public IP addresses, elastic IP addresses (EIPs), Anycast EIPs, or NAT gateways, for the ECS instances.

    Note

    Previously created ECS instances are directly assigned public IP addresses. You can view the public IP addresses by running the ipconfig command. If the ECS instances provide external services only through CLB, no traffic fees are generated for Internet traffic even if traffic statistics are read at the elastic network interfaces (ENIs).

  • If you want your backend ECS instances to directly provide external services or access the Internet, you must configure or purchase public IP addresses, EIPs, Anycast EIPs, or NAT gateways for the instances.

The following figure shows the outbound traffic flow.

Figure 2. Outbound traffic flow

image

A general principle for how outbound traffic flows is that traffic goes out from where it comes in.

  • Traffic that flows through a CLB instance is throttled or billed on the CLB instance. You are not charged for the internal communication between a CLB instance and backend ECS instances

  • You are charged for traffic from EIPs or NAT gateways. You can throttle traffic speed on EIPs or NAT gateways. If public bandwidth resources are configured for ECS instances, you are charged for traffic from the ECS instances, and you can throttle traffic speed on the ECS instances.

  • CLB supports responsive access to the Internet. Backend ECS instances can access the Internet only if they need to respond to requests from the Internet. The requests are forwarded to the backend ECS instances by CLB instances. If your backend ECS instances need to proactively access the Internet, you must associate EIPs or use NAT gateways with the ECS instances.

  • The public bandwidth resources configured for ECS instances, EIPs, Anycast EIPs, and NAT gateways allow ECS instances to access the Internet or be accessed from the Internet, but the preceding resources cannot distribute traffic or balance traffic loads.