An ALB instance receives requests from clients and forwards them to backend servers based on listener forwarding rules.
DNS name
Starting from 00:00:00 on November 15, 2024 (UTC+8), new ALB instances use upgraded domain names by default: xxx.alb.aliyuncsslb.com for instances in the Chinese mainland and xxx.alb.aliyuncsslbintl.com for instances outside the Chinese mainland.
You cannot access new ALB instances directly by their DNS names. You must use CNAME resolution to map your custom domain name to the instance's DNS name. This allows you to access the instance through your custom domain name.
Instance network type
You can change the network type of an ALB instance to switch between Internet-facing and internal types.
Instance type | Internet-facing instance | Internal instance |
Use case | Provides access to backend services from the public network. | Provides access to backend services only from within a VPC. |
IP address allocation | Assigns an EIP and a private IP address. You can associate an Anycast EIP with an ALB instance to provide low-latency access for multi-region services. | Assigns only a private IP address. |
Access method | Accessible from the public network and private networks. | Accessible only from private networks. |
Diagram |  |  |
Billing | Incurs an instance fee, an LCU fee, and public network data transfer fees (charged by the EIP). | Incurs only an instance fee and an LCU fee. |
IP version
IP version | Default service IP per AZ | Description |
IPv4 |
|
|
Dual-stack |
|
|
The dual-stack feature is available only in specific regions.
The network type of a dual-stack ALB instance is determined by its IPv4 address. An instance with a public IPv4 address is an Internet-facing instance, and an instance with a private IPv4 address is an internal instance.
You can create new dual-stack instances, but you cannot upgrade existing IPv4 instances to dual-stack instances.
Entries in an access control list (ACL) support only IPv4 addresses.
An upgraded ALB instance allocates a private IPv4 address and an IPv6 address from each specified vSwitch to function as service IP addresses.
WAF integration
Alibaba Cloud recommends enabling Web Application Firewall (WAF) 3.0 protection for an ALB instance by using service-based integration. This method uses WAF-enhanced ALB instances.
Supported regions:
Area
Region
China
China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), and China (Hong Kong)
Asia Pacific
Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Singapore, Thailand (Bangkok), and South Korea (Seoul)
Europe and Americas
Germany (Frankfurt), US (Virginia), US (Silicon Valley), and Mexico
Middle East
SAU (Riyadh - Partner Region), UAE (Dubai)
WAF version: You must use WAF 3.0. If you have a WAF 2.0 instance in your account, you must first release the WAF 2.0 instance or migrate it to WAF 3.0.
By default, ALB does not enable the
X-Forwarded-Protoheader in requests forwarded to the backend server group. After you terminate a WAF 2.0 instance, accessing the ALB directly may cause service exceptions, such as infinite loop redirection, because the backend service cannot properly identify the protocol (HTTP/HTTPS). To prevent this issue, you must manually enable theX-Forwarded-Protorequest header in the ALB listener configuration.Feature availability: WAF for ALB instances does not support the following features: the data leakage prevention module and the automatic Web SDK integration feature for anti-crawler rules for websites in the bot management module.
If you need to use an existing WAF 2.0 instance, you can use transparent integration for Internet-facing Basic and Standard ALB instances in the following regions: China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou). internal ALB instances do not support integration with WAF 2.0.
Cross-zone load balancing
By default, cross-zone load balancing is enabled for ALB instances. Incoming requests are distributed to backend services deployed in all selected zones within the specified region. If you disable this feature for a server group, loads are balanced across each single zone.
Instance status
Status | Description | Lock type | Deletion allowed | Modification allowed |
Running | The instance is running as expected. | Not applicable |
|
|
Creating | The instance is being created. | No | No | |
Updating Configuration | The instance configuration is being updated. | No | ||
Creation Failed | The instance failed to be created. | Yes | ||
Stopped | An instance enters the Stopped state when it is locked for a specific reason, rendering the service unavailable. | Locked (Overdue Payment): The instance is locked due to an overdue payment. Renew the instance to unlock it and restore service. | No | |
Locked (Associated Resource Locked): An associated EIP or Internet Shared Bandwidth instance is locked due to an overdue payment. Renew the associated resource to unlock the ALB instance. | No | |||
Locked (Associated Resource Released): An associated EIP or Internet Shared Bandwidth instance has been released due to an overdue payment. The ALB instance is unavailable and must be released. | Yes | |||
Locked (Security Risks): The instance is locked due to security risks. Go to the Security Management console to request to unblock the instance. | No |