All Products
Search
Document Center

Server Load Balancer:Best practices for manually migrating Layer 7 listeners from CLB to ALB

Last Updated:Nov 08, 2023

Application Load Balancer (ALB) provides higher Layer 7 load balancing capabilities and more advanced routing features than Classic Load Balancer (CLB). ALB can balance large volumes of network traffic at the application layer and is interfaced with Web Application Firewall (WAF). Traffic forwarding and protection are decoupled for ALB. ALB supports more advanced features which improve user experience. This topic describes how to manually migrate Layer 7 listeners from CLB to ALB.

Sample scenarios

The following figure shows a scenario that is used as an example in this topic. An enterprise purchased an Internet-facing CLB instance in the China (Hangzhou) region. The CLB instance is configured with a redirect rule, a domain name-based forwarding rule, and a URL-based forwarding rule. The CLB instance provides Internet-facing services by using a domain name. When clients access the domain name www.example.net, traffic is routed to the CLB instance based on an A record. The CLB instance forwards the traffic to ECS01 and ECS02 based on the forwarding rules.迁移前

Due to business development, the enterprise wants to migrate services from the CLB instance to an ALB instance. To ensure service stability, the enterprise does not want to change the domain name that is used to provide services or the IP addresses of the backend servers. To address this requirement, the enterprise can purchase an ALB instance in the China (Hangzhou) region and configure ALB forwarding rules that forward traffic in the same manner as the forwarding rules of the CLB instance. Then, the enterprise can configure DNS records with different weights to migrate traffic from CLB to ALB.迁移后

Precautions

  • CLB and ALB use the pay-as-you-go billing method. The billable items and pricing of CLB and ALB are different. After you migrate services from CLB to ALB, the fees that you are charged may change. For more information, see the following topics:

  • The ALB instance and the CLB instance must use the same backend servers, which must be deployed in the same virtual private cloud (VPC).

  • You cannot migrate services from a TCP or UDP listener of a CLB instance to an ALB instance. You can migrate the services only of an HTTP or HTTPS listener.

  • You can migrate services from an IPv4 CLB instance to an IPv4 or dual-stack ALB instance. You can migrate services from an IPv6 CLB instance only to a dual-stack ALB instance.

Prerequisites

  • Listeners and backend servers are configured for the CLB instance from which you want to migrate services. An A record is configured for the CLB instance to allow the CLB instance to provide services by using a domain name. For more information, see Overview.

  • ECS01 and ECS02 are added as backend servers to the CLB instance, and the Elastic Compute Service (ECS) instances are created in VPC1.

  • A redirect rule and forwarding rules are configured for the CLB instance. For more information, see Redirect HTTP requests to HTTPS and Forward requests based on domain names or URLs.

  • ECS03 and ECS04 are created in VPC1, and dig is installed on ECS04. ECS03 is used to test network traffic before the migration. ECS04 is used to check how traffic is distributed during the migration.

Click to view the parameters of CLB and ALB in this example.

Parameter

CLB

ALB

Network type

Internet-facing

Service address: 47.XX.XX.144

Internet-facing

Domain name: alb-a8mmh2qez5jo******.cn-hangzhou.alb.aliyuncs.com

Domain name used to provide services

www.example.net

www.example.net

Listener protocol

HTTP (port 80)

HTTP (port 80)

Backend servers

ECS01 and ECS02

ECS01 and ECS02

Redirection

The CLB instance is configured with a redirect rule that redirects HTTP requests from port 80 to port 443 of an HTTPS listener.

You must configure a redirect rule for the HTTP listener of the ALB instance. Configure a redirect rule based on the following information:

  • Match condition: Set the path to /*.

  • Forwarding action: Forward requests to port 443 of the HTTPS listener.

Forwarding rules

Domain name-based and URL-based forwarding rules are configured for the HTTPS listener of the CLB instance.

  • Domain name: www.example.net

  • URL: /home

  • vServer group: The backend servers of the vServer group are ECS01 and ECS02.

You must configure domain name-based and URL-based forwarding rules for the HTTPS listener of the ALB instance. Configure the forwarding rules based on the following information:

  • Domain name: www.example.net

  • URL: /home*

  • Destination server group: the server group to which ECS01 and ECS02 belong.

Procedure

迁移步骤

Step 1: Create an ALB instance

  1. Log on to the ALB console.
  2. On the Instances page, click Create ALB.

  3. On the Application Load Balancer page, set the following parameters.

    Parameter

    Description

    Region

    Select the region where you want to create the ALB instance. The region must be the same as the region where the CLB instance resides. In this example, China (Hangzhou) is selected.

    Network Type

    Select the network type of the ALB instance. The system allocates a public or private IP address to the ALB instance based on the network type. The network type of the ALB instance must be the same as the network type of the CLB instance. In this example, Internet is selected.

    • Intranet: The ALB instance has only private IP addresses and can be accessed only by resources in the VPC where the ALB instance is deployed.

    • Internet: The ALB instance has public and private IP addresses. By default, Internet-facing ALB instances use EIPs to provide services over the Internet. If you select Internet, you are charged instance fees and data transfer fees for the EIPs.

      • Public IP address: EIPs are used to provide services over the Internet and expose ALB instances to the Internet.

      • Private IP address: allows resources in VPCs to access ALB instances.

    You can change the network type of an ALB instance. For more information, see Change the network type of an ALB instance.

    Note

    If an ALB instance is assigned both an IPv4 address and an IPv6 address, the IPv4 address is used to provide services over the Internet. If you need to use the IPv6 address to provide services over the Internet, you must change the network type of the ALB instance. In this case, you are charged IPv6 gateway fees. For more information, see Billing rules.

    VPC

    Select the VPC where the backend servers of the CLB instance are deployed. In this example, VPC1 is selected.

    vSwitch Available Zone

    Select zones and vSwitches.

    1. ALB supports multi-zone deployment. If the current region has two or more zones, you must select at least two zones to ensure high availability. ALB does not charge additional fees.

    2. You must select a vSwitch for each zone of the ALB instance. If no vSwitch is available, create one as prompted.

    3. Optional: Select an EIP in each of the selected zones.

      • If no EIP is available, use the default option Automatically assign EIP. Then, a pay-as-you-go EIP that uses BGP multi-line bandwidth and the default security protection mode is automatically created and associated with the ALB instance.

      • Alternatively, you can associate an existing EIP with the ALB instance.

        Note
        • You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not added to Internet Shared Bandwidth instances with an ALB instance.

        • The EIPs that you specify for different zones of the same ALB instance must be of the same type.

    IP Mode

    Select an IP mode for the ALB instance.

    • Static IP: Only one IP address is available in each zone. The IP address cannot be changed. An ALB instance that uses a static IP address supports at most 100,000 queries per second (QPS).

    • Dynamic IP: One or more IP addresses are available in each zone. The number of IP addresses that the ALB instance uses increases with the loads. This mode supports up to one million QPS.

    IP Version

    Select an IP version. You can migrate services from an IPv4 CLB instance to an IPv4 or dual-stack ALB instance. You can migrate services from an IPv6 CLB instance only to a dual-stack ALB instance. Select an IP version based on your business requirements.

    • IPv4: If you select this option, the ALB instance can be accessed only by IPv4 clients.

    • Dual-stack: If you select this option, the ALB instance can be accessed by IPv4 and IPv6 clients. For more information about the limits on dual-stack ALB instances, see IP versions.

    Edition

    Select the edition of the ALB instance.

    • Basic: Basic ALB instances support basic routing features such as request forwarding based on domain names, URLs, and HTTP headers.

    • Standard: Standard ALB instances support basic and advanced routing features, such as custom TLS security policies, redirects, and rewrites.

    • WAF Enabled: As an upgrade from standard ALB instances, WAF-enabled ALB instances are integrated with Web Application Firewall (WAF) 3.0 to protect web applications. Network traffic is filtered by WAF before the traffic is routed to ALB listeners. For more information about the limits on WAF-enabled ALB instances, see Limits on WAF-enabled ALB instances.

    For more information about the differences among basic ALB instances, standard ALB instances, and WAF-enabled ALB instances, see Functions and features.

    Associate with an Internet Shared Bandwidth instance

    If an ALB instance is deployed in two zones and is not associated with an Internet Shared Bandwidth instance, the default maximum Internet bandwidth of the ALB instance is 400 Mbit/s.

    If you require a larger bandwidth, associate an Internet Shared Bandwidth instance with your ALB instance. If you select Associate with EIP Bandwidth Plan, you must select an Internet Shared Bandwidth instance. If no Internet Shared Bandwidth instance is available, click Purchase EIP Bandwidth Plan and purchase an Internet Shared Bandwidth instance. Then, return to the ALB buy page and click 刷新 to select the Internet Shared Bandwidth instance that you purchased.

    We recommend that you purchase a pay-as-you-go Internet Shared Bandwidth instance. For more information about how to purchase an Internet Shared Bandwidth instance, see Create an Internet Shared Bandwidth instance.

    Note

    This parameter is available only when Network Type is set to Internet.

    Billing Method

    By default, Pay-by-Data-Transfer is selected. The maximum bandwidth is used for reference only. It indicates the upper limit of the bandwidth. When resource contention occurs, the bandwidth allocated to each ALB instance may be less than the maximum bandwidth value. For more information about the billing of EIPs, see EIP billing.

    Note

    This parameter is available only if Network Type is set to Internet and Associate with EIP Bandwidth Plan is not selected.

    Instance Name

    Enter a name for the ALB instance.

    Resource Group

    Select the resource group to which the ALB instance belongs.

    Notes on Creating Service Linked Roles

    The first time you create an ALB instance, click Create to create a service-linked role. The service-linked role allows ALB to access cloud services and resources, such as elastic network interfaces (ENIs), security groups, EIPs, and Internet Shared bandwidth instances. For more information, see Service-linked roles for ALB.

    Note

    This parameter is displayed only the first time that you create an ALB instance.

  4. Click Buy Now and complete the payment.

Step 2: Create a server group for the ALB instance

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance resides. China (Hangzhou) is selected in this example.

  3. In the left-side navigation pane, choose ALB > Server Groups.

  4. On the Server Groups page, click Create Server Group.

  5. In the Create Server Group dialog box, configure the following parameters and click Create.

    Parameter

    Description

    Server Group Type

    Select a server group type. In this example, Server is selected.

    Server Group Name

    Enter a name for the server group. In this example, RS1 is used.

    VPC

    Select a VPC from the VPC drop-down list. Only servers in the VPC can be added to the server group. In this example, VPC1 is selected. The backend servers of the CLB instance are deployed in VPC1.

    Backend Server Protocol

    Select a backend protocol. HTTP is selected in this example.

    Scheduling Algorithm

    Select a scheduling algorithm. In this example, Weighted Round-robin is selected.

    Resource Group

    Select the resource group to which the ALB instance belongs.

    IPv6 Support

    Specify whether to enable IPv6. In this example, the default setting is used. IPv6 is disabled.

    Session Persistence

    Specify whether to enable session persistence. In this example, the default setting is used. Session persistence is disabled.

    Persistent Connection

    Specify whether to enable the persistent TCP connection feature. In this example, the feature is disabled.

    Configure Health Check

    Specify whether to enable or disable health checks. In this example, the health check feature is enabled, which is the default setting.

    Advanced Settings

    In this example, the default settings are used.

  6. In the dialog box that appears, click Add Backend Server. On the Backend Servers tab, click Add Backend Server.

  7. In the Add Backend Server panel, select the backend servers of the CLB instance and click Next.

    In this example, ECS01 and ECS02 are selected.

  8. In the Ports/Weights step, set the ports and weights of the ECS instances and click OK.

    In this example, the port is set to 80 and the default weight 100 is used.

    Note

    ALB instances in dynamic IP mode support one million QPS. Standard ALB instances support up to 1,000 backend servers. To withstand traffic spikes in specific time periods, you can use a scaling group to scale an ALB instance to reduce costs.

Step 3: Configure listeners for the ALB instance

This example describes how to configure a redirect rule, a domain name-based forwarding rule, and a URL-based forwarding rule for the ALB instance.

Note
  • If a redirect rule is configured for the CLB instance, you must also configure a redirect rule for the HTTP listener of the ALB instance.

  • If a domain name-based forwarding rule and a URL-based forwarding rule are configured for the CLB instance, you must also configure domain name-based and URL-based forwarding rules that take effect in the same manner as those of the CLB instance for the ALB instance.

Add an HTTP listener and an HTTPS listener

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance resides. China (Hangzhou) is selected in this example.

  3. Use one of the following methods to open the listener configuration wizard:

    • On the Instances page, find the ALB instance that you want to manage and click Create Listener in the Actions column.

    • On the Instances page, click the ID of the ALB instance that you want to manage. On the Listener tab, click Create Listener.

  4. In the Configure Listener step, set the following parameters and click Next.

    Parameter

    Description

    Listener Protocol

    Select a listener protocol.

    HTTP is selected in this example.

    Listener Port

    Specify the port on which the ALB instance listens. The ALB instance listens for requests on the specified port and then forwards the requests to backend servers. Valid values: 1 to 65535. In most cases, port 80 is used for HTTP and port 443 is used for HTTPS.

    Note

    The ports on which an ALB instance listens must be unique.

    In this example, port 80 is specified.

    Listener Name

    Enter a name for the listener.

    Advanced Settings

    You can click Modify to configure advanced settings. In this example, the default settings are used.

  5. In the Select Server Group step, select a server group of the Server Type, view the backend servers, and then click Next.

    In this example, RS1 is selected.

  6. In the Configuration Review step, confirm the configurations and click Submit.

  7. Add an HTTPS listener based on the information in Add an HTTPS listener.

    The following section describes the parameters that are relevant to this topic.

    • Listener Protocol: HTTPS is selected.

    • Listener Port: 443 is used.

Configure a redirect rule

Configure a redirect rule for the HTTP listener of the ALB instance to redirect all HTTP requests destined for the ALB instance to HTTPS port 443.

  1. On the Listener tab, click the ID of the HTTP listener. On the listener details page, click the Forwarding Rules tab.

  2. On the Forwarding Rules tab, click Add New Rule.

  3. In the Add Forwarding Rule section, set the following parameters and click OK.

    重定向配置

    Parameter

    Description

    If (Matching All Conditions)

    Select Path and Exact & Wildcard Pattern Matching from the drop-down list. Then, enter /*.

    Action:

    Select Redirect from the drop-down list. The following table describes the parameters.

    • Protocol: HTTPS is selected in this example.

    • Domain Name: The default value ${host} is used in this example.

    • Port: Specify the port used by the HTTPS listener. In this example, the value is set to 443.

    • Path: The default value ${path} is used in this example.

    • Query: The default value ${query} is used in this example.

    • Status Code: 301 is used in this example.

Create a domain name-based forwarding rule and a URL-based forwarding rule

Create a domain name-based forwarding rule and a URL-based forwarding rule for the HTTPS listener of the ALB instance.

  1. Return to the Listener tab, and click the ID of the HTTPS listener that you created. On the listener details page, click the Forwarding Rules tab.

  2. On the Forwarding Rules tab, click Add New Rule.

  3. In the Add Forwarding Rule section, set the following parameters and click OK.

    域名转发规则配置

    Parameter

    Description

    If (Matching All Conditions)

    1. Select Domain Name and Exact & Wildcard Pattern Matching from the drop-down list. In this example, www.example.net is entered.

    2. Click Add Condition and select Path from the drop-down list. In this example, /home* is entered.

    Action:

    Select Forward and a select a server group of the Server Type from the drop-down list. In this example, RS1 is selected.

    Note

    The backend servers in the selected server group must be the same as the backend servers in the vServer group specified in the forwarding rule of the CLB instance.

Step 4: Perform traffic tests

Enable access logs

ALB and Simple Log Service provide the access log feature that allows you to monitor the loads of ALB instances and identify issues.

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance resides. China (Hangzhou) is selected in this example.

  3. On the Instances page, find the ALB instance that you want to manage and click its ID.

  4. On the instance details page, click the Access Logs tab. On the Access Logs tab, click Create Access Log.

  5. In the Create Access Log dialog box, configure the Project and Logstore parameters, and then click OK. In the message that appears, confirm the information and click OK.

    Parameter

    Description

    Project

    Simple Log Service projects are used to isolate and manage resources.

    • Select Project: Select a project from the drop-down list.

    • Create Project: Enter a project name in the field. Then, a project is automatically created.

    Logstore

    A Logstore in Simple Log Service is used to collect, store, and query logs.

    • Select Logstore: Select a Logstore from the drop-down list.

    • Create Logstore: Enter a Logstore name in the field. Then, a Logstore is automatically created. If you select Create Project, you must select Create Logstore.

    Notes on Creating Service-linked Role

    When you perform this operation, the system creates a service-linked role to grant the required permissions.

Test network traffic

  1. Log on to ECS03. For more information, see Connection method overview.

  2. Run the following command to modify the hosts file:

    sudo vi /etc/hosts

    Open the hosts file and add the IP address and domain name of the ALB instance to the file. Save the modifications and close the file.

    118.XX.XX.39 www.example.net
  3. Run the following command to check whether the redirect rule works as expected:

    curl -X GET -L -v   http://www.example.net

    The following figure shows the result.CLB迁移ALB流程测试

  4. Return to the ALB console, go to the Access Logs tab of the ALB instance, and click the link next to Storage Path to view the access log.

    访问日志In the Simple Log Service console, you can view the operation log of the domain name-based and URL-based forwarding rules of the ALB instance based on the request_uri, http_host, upstream_addr, and status fields.

Step 5: Migrate workloads from CLB to ALB

The following figure shows how CLB processes requests. A redirect rule is configured to redirect requests from HTTP port 80 to HTTPS port 443. HTTPS supports access to multiple domain names. In this example, the domain name example.net is used.CLB功能模块图

Warning
  • Before the migration, we recommend that you compare the forwarding rules of the CLB and ALB instances. Make sure that they are fully tested and forward network traffic in the same manner. Otherwise, your services may experience adverse impact.

  • We recommend that you perform the migration during the off-peak hours of the CLB instance.

Before the migration, you must add an A record to the CLB instance to map the domain names of your services to the IP address of the CLB instance.现状

After you complete canary release on the ALB instance, you can migrate workloads from the CLB instance to the ALB instance. In this example, Alibaba Cloud DNS is used to manage DNS records and perform canary release. The following procedure shows how to migrate workloads from CLB to ALB. For more information about Alibaba Cloud DNS, see Alibaba Cloud DNS.迁移步骤

Step 1. Configure a temporary domain name for the CLB instance

To meet the requirements for DNS record weights, we recommend that you add a CNAME record for the ALB instance. In the CNAME record, map the temporary domain name of the CLB instance to the IP address of the CLB instance.

Note

To specify weights for different DNS records of the same domain name, the DNS records must have the same type, hostname, and ISP line. A records, CNAME records, and AAAA records are supported.

  1. Log on to the Alibaba Cloud DNS console.

  2. On the Domain Name Resolution page, find and click the domain name www.example.net. The domain name points to the CLB instance.

  3. On the DNS Settings page, click Add DNS Record. In the Add DNS Record panel, set the following parameters and click OK.

    Parameter

    Description

    Record Type

    Select CNAME from the drop-down list.

    Hostname

    The prefix of your domain name. In this example, www is entered.

    DNS Request Source

    Select Default.

    Record Value

    Enter a temporary domain name. In this example, web0.example.net is entered.

    TTL

    Specify a time-to-live (TTL) value for the CNAME record. The TTL determines the time period that the record is cached on the DNS server. The TTL is set to 5 seconds in this example.

    In this example, Alibaba Cloud DNS Enterprise Ultimate Edition is used. The TTL value is for reference only. Specify a TTL value based on your business requirements. For more information, see Editions.

  4. On the DNS Settings page, find the A record that points to the IP address of the CLB instance and click Modify in the Actions column.

  5. In the Modify DNS Record panel, modify the Hostname parameter and click OK. In this example, the Hostname parameter is set to web0. The other parameters are not modified.

Step 2: Add a CNAME record for the ALB instance

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance resides. In this example, China (Hangzhou) is selected.

  3. Find the ALB instance that you want to manage and copy its domain name.

  4. To create a CNAME record, perform the following steps:

    1. Log on to the Alibaba Cloud DNS console.

    2. Find the domain name that you want to manage and click Configure in the Actions column. In this example, the domain name is the domain name of the CLB instance.

    3. On the DNS Settings page, click Add DNS Record.

    4. In the Add DNS Record panel, configure the following parameters and click OK.

      Parameter

      Description

      Record Type

      Select CNAME from the drop-down list.

      Hostname

      The prefix of your domain name. In this example, www is entered.

      DNS Request Source

      Select Default.

      Record Value

      Enter the CNAME. The CNAME is the domain name of the ALB instance.

      TTL

      Specify a TTL value for the CNAME record. The TTL determines the time period that the record is cached on the DNS server. The TTL is set to 5 seconds in this example.

      In this example, Alibaba Cloud DNS Enterprise Ultimate Edition is used. The TTL value is for reference only. Specify a TTL value based on your business requirements. For more information, see Editions.

      Note
      • New CNAME records immediately take effect. The time that is required for a modified CNAME record to take effect is determined by the TTL value of the CNAME record in the local DNS cache. The default TTL value is 10 minutes.

      • If the CNAME record that you want to create conflicts with an existing record, specify another domain name.

Step 3: Specify weights for the DNS records and perform a canary release

  1. On the Domain Name Resolution page, click the domain name that you want to manage. On the DNS Settings page, click Weight Settings in the left-side navigation pane.

  2. On the Weighted Round-robin page, click EnableWeight in the Actions column, and then click Set Weight.

    To specify weights for different DNS records of the same domain name, the DNS records must have the same type, hostname, and ISP line. A records, CNAME records, and AAAA records are supported.

  3. In the Set Weight panel, specify weights for the DNS records of the CLB and ALB instances. Set the weight of the DNS record for the CLB instance to 100. Set the weight of the DNS record for the ALB instance to 0.

    域名权重设置
  4. Gradually reduce the weight of the DNS record for the CLB instance and gradually increase the weight of the DNS record for the ALB instance. Make sure that your services are not affected.

  5. Log on to ECS04 and run the dig command multiple times to test network traffic after the migration.

    dig www.example.net

    The following figure shows the output. The results show that requests are distributed to ALB and CLB based on the weights of the DNS records.流量测试1流量测试2

Step 4: Migrate all workloads from CLB to ALB

Gradually reduce the weight of the DNS record for the CLB instance to 0, and gradually increase the weight of the DNS record for the ALB instance to 100. Make sure that your services are not affected. Then, all workloads are migrated from the CLB instance to the ALB instance. When all the persistent connections on the CLB instance are closed, and no request is sent to the CLB instance, you can release the CLB instance after a proper period of time. For more information about how to release a CLB instance, see Release a CLB instance.

The following figure shows how the ALB instance processes requests after the migration is complete.ALB功能模块图

If your DNS service provider does not allow you to specify a weight for CNAME records, click to view an alternative migration solution.

临时流量切换方案

Advanced features

ALB provides better load balancing capabilities at Layer 7 and more advanced features than CLB. The following topics help you better understand ALB:

The following table describes the differences in the advanced features between CLB and ALB.

Feature

CLB

ALB

Server group management

Default server groups, vServer groups, and primary/secondary server groups are supported.

Server groups are supported.

HTTP-to-HTTPS redirect

You can configure redirects when you create a listener. For more information, see Use CLB to redirect HTTP requests to HTTPS.

You can create forwarding rules for redirects. For more information, see Redirect HTTP requests to an HTTPS listener.

Multiple certificates for an HTTPS listener

For more information, see Configure a CLB instance to serve multiple domain names over HTTPS.

For more information, see Configure an ALB instance to serve multiple domain names over HTTPS.

HTTPS service that uses one-way authentication

Certificates issued by Alibaba Cloud and third-party certificates are supported. For more information, see Configure one-way authentication for HTTPS requests.

You can use Certificate Management Service to manage certificates. For more information, see Configure HTTPS to encrypt communication.

HTTPS service that uses two-way authentication

Certificates issued by Alibaba Cloud and third-party certificates are supported. For more information, see Configure mutual authentication on an HTTPS listener.

Certificates issued by Alibaba Cloud are supported. You can use Certificate Management Service to manage certificates. For more information, see Configure mutual authentication on an HTTPS listener.

WAF protection

The transparent proxy mode and the CNAME record mode are supported. For more information, see Add a Layer 7 CLB instance to WAF and Add a domain name to WAF.

The service integration mode, transparent proxy mode, and CNAME record mode are supported.

FAQ

  1. Which configurations of the CLB and ALB instances must remain unchanged before and after the migration?

    The region, network type, listener protocol, and backend servers must remain unchanged. The ALB instance must belong to the same VPC as the backend servers of the CLB instance. The ALB instance and the backend servers can belong to different zones.

  2. What are the differences between the certificates used by CLB and those used by ALB?

    CLB and ALB support encrypted transmission over HTTPS. CLB supports certificates issued by Alibaba Cloud and third-party certificates. The certificates used by ALB are managed by Certificate Management Service of Alibaba Cloud.

  3. What are the differences in access control between CLB and ALB?

    • CLB supports access control for listeners. You can configure different access control lists (ACLs) for different listeners. For more information, see Overview.

    • ALB provides IPv4 and dual-stack instances. IPv4 ALB instances allow you to configure different ACLs for different listeners. For more information, see ACLs. Dual-stack ALB instances do not support access control.

  4. What are the differences in domain name resolution between CLB and ALB?

    • CLB supports A records, which resolve custom domain names to the IP addresses of CLB instances.

    • For ALB instances:

      • We recommend that you use CNAME records to map custom domain names to the domain name of your ALB instance. This allows users to access your services in a more convenient manner.

      • If you want to resolve a custom domain name to a specific IP address, we recommend that you use an ALB instance with a specific IP address and use an A record to resolve the custom domain name to the IP address of the ALB instance.

References