All Products
Search

This Product

    Server Load Balancer:ALB load balancing for IPv6 services

    Document Center

    Server Load Balancer:ALB load balancing for IPv6 services

    Last Updated:Mar 26, 2026

    Application Load Balancer (ALB) can forward IPv6 network requests. This topic describes how to enable IPv6 support for a server group that is associated with a dual-stack ALB instance. This enables the ALB instance to use both IPv4 and IPv6 ECS instances as backend servers. Clients on IPv6 networks can then use the ALB instance to access IPv4 and IPv6 services on the backend servers.

    Scenario

    This topic uses the following scenario as an example. A company wants to use an ALB instance to forward requests from IPv6 clients. This enables clients on the Internet to access the IPv4 and IPv6 services deployed in a VPC. This requires creating ECS instances with IPv4 and IPv6 addresses, a dual-stack ALB instance in the VPC, and a server group with IPv6 support enabled. Once configured, the ALB instance routes requests from IPv6 clients to the IPv4 and IPv6 services on the backend ECS instances.

    image

    Limits

    • For information about the regions that support dual-stack ALB instances, see Regions that support dual-stack ALB instances.

    • To use the dual-stack feature, you must enable IPv6 for the vSwitches in the zones used by the VPC.

    • A dual-stack ALB instance can forward requests from both IPv4 and IPv6 clients to IPv4 and IPv6 backend services. For more information, see ALB instance overview.

    • You cannot upgrade an existing IPv4 instance to a dual-stack instance. You can only create new dual-stack instances.

    • A server group with IPv6 support can only be used with listeners or forwarding rules of a dual-stack ALB instance.

    Prerequisites

    • You have created VPC1 in the China (Shanghai) region, and created vSwitch VSW1 in Zone E and vSwitch VSW2 in Zone G. You have also enabled an IPv6 CIDR block for VPC1, and enabled IPv6 for both VSW1 and VSW2. After you enable an IPv6 CIDR block for a VPC, the system automatically creates an IPv6 gateway for you.

      If you plan to deploy an upgraded ALB instance in VSW1 and VSW2, take note of the following: An upgraded ALB instance reserves three IP addresses from each specified vSwitch. One IP address serves as a virtual IP (VIP) to provide services, and the other two serve as local IP addresses to communicate with backend servers. If a vSwitch lacks sufficient available IP addresses, instance creation fails. Make sure that VSW1 and VSW2 have sufficient IP addresses. This limitation does not apply to non-upgraded ALB instances.

      Note

      • To ensure the elasticity of an upgraded ALB instance, reserve at least eight available IP addresses in each vSwitch it uses.

      • If you use access control policies (such as iptables) on backend servers, add rules to allow traffic from the CIDR blocks of the vSwitches that the ALB instance uses.

    • You have registered a domain name and completed ICP filing for it.

    Step 1: Create and configure ECS instances

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click vSwitch.

    3. In the top navigation bar, select the region where your vSwitch is deployed. This topic uses China (Shanghai) as an example.

    4. On the vSwitch page, find the target vSwitch, and choose Add Cloud Service > ECS Instance in the Actions column.

    5. On the Custom Launch tab of the ECS page, create two ECS instances. Name the IPv4 instance ECS01 and the IPv6 instance ECS02. The security group associated with both instances must allow traffic on port 80. For more information, see Create an instance by using the wizard.

      ECS instance configurations

      ECS instance name

      Region

      VPC name

      vSwitch

      IP version

      Image

      ECS01

      China (Shanghai)

      VPC1

      VSW1 in Zone E

      IPv4

      Alibaba Cloud Linux 3.2104 LTS 64-bit

      ECS02

      China (Shanghai)

      VPC1

      VSW2 in Zone G

      IPv6

      Note

      When you create an instance with an IPv6 address, select Assign IPv6 Address Free of Charge in the IPv6 section.

      Alibaba Cloud Linux 3.2104 LTS 64-bit

    6. Remotely connect to the ECS01 and ECS02 instances. For more information, see Connection methods.

    7. Run the following commands on ECS01 to deploy an NGINX service:

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! this is ipv4 rs." > index.html

    8. Run the following commands on ECS02 to deploy an NGINX service:

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! this is ipv6 rs." > index.html

    9. Configure an IPv6 address for the ECS02 instance. For more information, see IPv6 communication.

      Note

      You can skip this step if your ECS02 instance uses the Alibaba Cloud Linux 3.2104 LTS 64-bit image and you selected Assign IPv6 Address Free of Charge in the IPv6 section when you created the instance.

      1. Remotely connect to the ECS02 instance in the VPC.

      2. Configure the IPv6 address.

        Run the ip addr | grep inet6 or ifconfig | grep inet6 command.

        If the output resembles the following figure, an IPv6 address is already configured, and you can skip the following steps.

        image

        1. If the output does not contain information about inet6, the IPv6 service is not enabled for the instance. You must first enable the IPv6 service.

        2. If the output contains inet6-related information, this indicates that the ECS02 instance has successfully enabled the IPv6 service and recognized an IPv6 address. Continue to configure the IPv6 address.

    Step 2: Configure the IPv6 security group rule

    Configure an IPv6 security group rule for the ECS02 instance to allow inbound requests from IPv6 clients.

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Security Groups.

    3. In the top navigation bar, select the region where the target security group is deployed. This topic uses China (Shanghai) as an example.

    4. On the Security Groups page, find the target security group and click Manage Rules in the Actions column.

    5. On the details page of the security group, on the Rules tab, click the Inbound tab.

    6. Click Add Rule, configure an IPv6 security group rule with the following settings, and then click Save.

      Parameter

      Description

      Action

      The rule's action. Select Allow.

      Priority

      The priority of the security group rule. A smaller value indicates a higher priority. Valid values: 1 to 100.

      This topic uses the default value 1.

      Protocol type

      The protocol type for which inbound traffic is allowed. This topic uses All ICMP - IPv6.

      Source

      The source IPv6 CIDR block.

      This topic uses ::/0, which allows access from all IPv6 addresses.

      Note

      This source is for demonstration purposes only. For security, we recommend that you allow traffic only from specific IPv6 CIDR blocks.

      Destination

      The range of destination ports to which inbound traffic is allowed.

      If you set Protocol Type to All ICMP - IPv6, the destination port range is automatically set to All/-1/-1 and cannot be modified.

      Description

      Enter a custom description for the rule.

    Step 3: Create an ALB instance

    1. Log on to the ALB console.

    2. On the Instances page, click Create ALB.

    3. On the buy page, configure the following parameters, click Buy Now, and complete the payment as prompted.

      This section describes only the required parameters. Use the default values for other parameters. For more information, see Create an ALB instance.

      Parameter

      Description

      Region

      The region where you want to create the ALB instance. This topic uses China (Shanghai) as an example.

      Network Type

      The network type of the instance. The system assigns a private or public IP address based on your selection. This topic uses Public.

      Note

      Selecting Public for Network Type applies only to IPv4. By default, the network type for IPv6 is private. This topic uses an Internet-facing IPv6 address. To change the network type for IPv6 to Internet-facing, perform Step 4.

      VPC

      The VPC where you want to deploy the instance.

      Note

      Make sure that IPv6 is enabled for the selected VPC.

      Zone ID

      1. Select at least two zones. This topic uses Shanghai Zone E and Shanghai Zone G.

      2. Select a vSwitch in each selected zone. This topic uses VSW1 in Zone E and VSW2 in Zone G.

      IP Version

      The IP version of the instance. This topic uses Dual-stack.

      Edition (Instance Fee)

      The edition of the instance. This topic uses Standard.

      Instance Name

      Enter a custom name for the instance.

      Service-linked Role

      When you create an ALB instance for the first time, click Create Service-linked Role to create a service-linked role named AliyunServiceRoleForAlb. This role is granted the AliyunServiceRolePolicyForAlb permissions to allow the ALB instance to access other cloud resources. For more information, see System policies for ALB.

    4. After you create a public dual-stack ALB instance, a public IPv6 address is required. Perform the following steps to change the IPv6 address of the ALB instance to a public address. For more information, see Protocol Version.

      1. Return to the Instances page, find the target ALB instance, and click the instance ID.

      2. On the Instance Details tab, in the Basic Information section, find Network. Then, click Change Network Type next to IPv6: Private.

      3. In the Change Network Type dialog box, click OK.

        After the change is complete, the network type for IPv6 changes to Internet.

    Step 4: Create a server group

    1. In the left-side navigation pane, choose ALB > Server Groups.

    2. On the Server Groups page, click Create Server Group.

    3. In the Create Server Group dialog box, configure the following parameters and click Create.

      This section describes only the required parameters. Use the default values for other parameters. For more information, see Create and manage a server group.

      Parameter

      Description

      Server Group Type

      The type of server group. This topic uses Server Type.

      Server Group Name

      Enter a custom name for the server group.

      VPC

      Select the VPC. Only servers in the selected VPC can be added to this server group.

      Note

      Make sure that you select the same VPC where the ALB instance was created, and ensure that IPv6 is enabled for the VPC.

      Backend Server Protocol

      The backend protocol. This topic uses HTTP.

      Scheduling Algorithm

      The scheduling algorithm. This topic uses Weighted Round-robin.

      IPv6

      Specifies whether to enable IPv6 support. For this tutorial, you must select Enable IPv6.

      Session Persistence

      Specifies whether to enable session persistence. This topic uses the default setting, which is disabled.

      Health Check

      Specifies whether to enable health checks. This topic uses the enabled state.

      Health Check Settings

      After you enable health checks, you can click Edit to configure additional settings.

    4. On the Server Group page, find the target server group and click its ID.

    5. Click the Backend Servers tab and then click Add Backend Server.

    6. On the Add Backend Server panel, select the ECS01 and ECS02 instances that you created. In the IP Address column, select the IPv4 address for ECS01 and the IPv6 address for ECS02. Then, click Next.

    7. On the Ports/Weights step of the wizard, set the port and weight for the ECS01 and ECS02 instances, and then click OK.

      This topic sets the port to 80 and uses the default weight of 100 for both instances.

    Step 5: Configure a listener

    1. On the Instances page, find the target instance and click its ID.

    2. Click the Listener tab and then click Create Listener.

    3. In the Configure Listener wizard, configure the following parameters and click Next.

      This section describes only the required parameters. Use the default values for other parameters. For more information about how to configure a listener, see Add an HTTP listener.

      Parameter

      Description

      Select Listener Protocol

      The protocol for the listener. This topic uses HTTP.

      Listener Port

      The frontend port used to receive requests and forward them to backend servers. This topic uses port 80.

      Listener Name

      Enter a custom name for the listener.

      Advanced Settings

      This topic uses the default settings. You can click Modify to change them.

    4. In the Server Group configuration wizard, select a Server Type and the target server group under Server Type, view the backend server information, and then click Next.

    5. In the Confirm step, review the configurations and click Submit.

    6. Click OK to return to the Listener tab. Check the Health Check Status column for the listener. A status of Healthy indicates that the backend servers ECS01 and ECS02 can process requests from the ALB instance.

    Step 6: Configure domain resolution

    In a production environment, map your domain to the ALB instance's DNS name by creating a CNAME record.

    1. In the left-side navigation pane, choose ALB > Instances.

    2. On the Instances page, copy the domain name of the ALB instance.

    3. Perform the following steps to create a CNAME record:

      Note

      If your domain name is not registered by using Alibaba Cloud Domains, you must add your domain name to Alibaba Cloud DNS before you can configure a DNS record. For more information, see Manage domain names.

      1. Log on to the Alibaba Cloud DNS console.

      2. On the Authoritative DNS Resolution page, find your domain name and click Settings in the Operations column.

      3. On the Settings tab of the domain name details page, click Add Record.

      4. In the Add Record panel, configure the parameters and click OK. The following table describes the parameters.

        Parameter

        Description

        Record Type

        Select CNAME from the drop-down list.

        Hostname

        Enter the prefix of the domain name. In this example, @ is entered.

        Note

        If you use a root domain name, enter @.

        Query Source

        Select Default.

        Record Value

        Enter the CNAME, which is the domain name of the ALB instance.

        TTL

        Select a time-to-live (TTL) value for the CNAME record to be cached on the DNS server. In this example, the default value is used.

    Step 7: Test the connectivity

    Note

    Before testing connectivity, make sure your client supports IPv6. You can visit http://test-ipv6.com/ in your browser to check if your client has IPv6 support.

    Use a client that can access IPv6 networks to test the connectivity to the ECS01 and ECS02 servers.

    1. Open a command-line terminal on your client.

    2. Run the following command multiple times to confirm that the ALB instance is load balancing requests to the IPv4 and IPv6 ECS instances in a round-robin manner.

      curl -6 http://<your_domain_name> -v

      If you receive a response similar to the one shown below, it indicates that the IPv6 client can access the IPv4 ECS instance.

      image

      If you receive a response similar to the one shown below, it indicates that the IPv6 client can access the IPv6 ECS instance.image

    The results confirm that the ALB instance routes requests from an IPv6 client to the IPv4 and IPv6 services in the VPC in a round-robin manner.

    Release resources

    1. Release the ECS instances, security groups, and other resources.

      1. Delete the ECS01 instance and its security group:

        1. Log on to the ECS console. In the region list, select the region where the instance is located. Find the ECS01 instance, click the image.png icon in the Actions column, and select Release. Then, follow the on-screen instructions to release the instance.

        2. Log on to the ECS console and go to the Security Groups page. In the region list, select the region where the security group is located. Select the custom security group for ECS01 and click Delete.

      2. Follow the steps above to delete the ECS02 instance and its associated security group.

    2. Delete the DNS record:

      Delete the DNS record that you created. For more information, see Delete a DNS record.

    3. Release the ALB resources:

      1. Log on to the ALB console. In the region list, select the region where the instance is located. Find the target instance, click the image.png icon in the Actions column, and select Release.

      2. Remove the backend servers. For more information, see Create and manage a server group.

      3. Delete the server group. For more information, see Create and manage a server group.

    4. Release the VPC resources:

      1. Log on to the VPC console and select the region where the VPC is located.

      2. Click Delete in the Actions column of the target VPC. The system checks for any remaining resources. You must release all dependent resources before you can delete the VPC and its vSwitches.

    Related documents