All Products
Search

This Product

    Server Load Balancer:Add cross-region servers to an ALB instance

    Document Center

    Server Load Balancer:Add cross-region servers to an ALB instance

    Last Updated:Mar 23, 2026

    Application Load Balancer (ALB) supports cross-region mounting. This topic describes how to use ALB to mount servers in VPCs across different regions to achieve efficient traffic distribution and system optimization.

    Use case

    Under normal conditions, its servers in the China (Chengdu) region are sufficient to handle daily business traffic. However, during major promotional events, a surge in traffic can overwhelm the capacity of the servers in the China (Chengdu) region.

    To address this, the company can integrate servers from the China (Hangzhou) region into its existing network architecture. By using an Application Load Balancer (ALB) instance with an IP-based Server Group and Cloud Enterprise Network (CEN), the company can quickly scale its resources. CEN allows the VPCs in different regions to communicate over a private network. Using this private connection, ALB can add servers from the cross-region VPC to an IP-based Server Group. This setup lets ALB forward client requests to servers in both the China (Chengdu) and China (Hangzhou) regions, significantly boosting the system's load capacity and response speed.

    image

    Limitations

    Note

    Backend server limitations

    • Only IP-based Server Groups support adding backend servers from a different region.

    • You can add only private IP addresses. Public IP addresses are not supported.

    • To add IPv6 servers, enable the IPv6 feature when you create the IP-based Server Group. Note the following points:

      • You can enable IPv6 for a Server Group only if the VPC selected for the Server Group has IPv6 enabled.

      • IPv6 Server Groups can only be added to listeners or forwarding rules of dual-stack upgraded ALB instances. Non-upgraded ALB instances are not supported.

      • After you enable IPv6 for a Server Group, you can add only IPv6 addresses that are within the CIDR block of the VPC where the Server Group resides. You cannot enable the Remote IP feature.

    ALB to backend server forwarding limits

    • If you configure an Enterprise Edition transit router for your ALB service, the transit router will create an elastic network interface (ENI) within a vSwitch in the zone you specify. The ENI works as the ingress of the transit router for receiving traffic from the VPC. Therefore, ensure that there is at least a vSwitch available in the zone you select. For more details, see How transit routers work.

    • You cannot customize routing tables in the VPC where your ALB service is deployed for traffic forwarding between ALB and backend servers. Only system routing tables are allowed.

    Before you begin

    • You have two Virtual Private Clouds (VPCs): VPC1 in the China (Chengdu) region and VPC2 in the China (Hangzhou) region.

      • VPC1 has two vSwitches: VSW1 in Availability Zone (Zone) A and VSW2 in Zone B.

      • VPC2 has two vSwitches: VSW3 in Zone H and VSW4 in Zone I.

      • The following table shows the CIDR block plan. If you plan your own CIDR blocks, make sure that the CIDR blocks you want to interconnect do not overlap.

        Click to view VPC CIDR blocks.

        Region

        VPC

        vSwitch

        vSwitch Zone

        CIDR Block

        China (Chengdu)

        VPC1

        Primary CIDR block: 172.16.0.0/12

        VSW1

        Zone A

        172.16.1.0/24

        VSW2

        Zone B

        172.16.2.0/24

        China (Hangzhou)

        VPC2

        Primary CIDR block: 192.168.0.0/16

        VSW3

        Zone H

        192.168.1.0/24

        VSW4

        Zone I

        192.168.2.0/24

    • You have created an Elastic Compute Service (ECS) instance named ECS01 in VSW1 and another ECS instance named ECS02 in VSW3, and have deployed an application service on both instances.

      Example deployment commands

      Example command for ECS01:

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World! This is ECS01 in Chengdu." > index.html

      Example command for ECS02:

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World! This is ECS02 in Hangzhou." > index.html

    • You have created an internet-facing ALB instance in VPC1.

    • You have registered a domain name, completed ICP filing, and configured a CNAME record for an ALB instance by using your own domain name.

    • You have created a CEN instance and created Transit Router instances in both the China (Chengdu) and China (Hangzhou) regions for the CEN instance.

    Procedure

    Step 1: Create an ALB server group

    Create an IP-based Server Group and add ECS01 and the cross-region ECS02 as backend servers.

    1. Log on to the ALB console.

    2. In the top menu bar, select the region where the ALB is located. This topic uses China (Chengdu) as an example.

    3. In the left-side navigation pane, choose ALB > Server Group.

    4. On the Server Group page, click Create Server Group, configure the following parameters, and then click Create.

      This guide describes only the required parameters. Leave other parameters at their default values. For more information, see Server groups.

      Parameter

      Description

      Server Group Type

      Select IP. This allows you to add servers that are not in the VPC by specifying their IP addresses.

      VPC

      Select VPC1.

      Backend Server Protocol

      Select HTTP.

      Note

      For a Basic ALB instance, the HTTPS listener can only select server groups with an HTTP backend protocol.

      Scheduling Algorithm

      Use the default value, Weighted Round-robin. For more information about scheduling algorithms, see Scheduling algorithms.

    5. In the Server group created. dialog box, click Add Backend Server .

    6. In the Add Backend Server panel, add the private IP address of ECS01. Click Next, set the Port and Weight for the IP address, and then click OK.

      The port must be consistent with the port used by the backend service. This guide uses port 80 and the default weight.

    7. Click Add IP Address, and add the private IP address of ECS02. Because the IP address of ECS02 is not within the CIDR block of the VPC associated with the Server Group, turn on the Remote IP switch. Then, click Next, set the Port and Weight for the IP address, and then click OK. This guide uses port 80 and the default weight.

      If the Remote IP switch is turned off, you can add only IP addresses that are within the CIDR block of the VPC where the Server Group resides. If the Remote IP switch is turned on, you can add IP addresses from the following CIDR blocks:

      • 10.0.0.0/8

      • 100.64.0.0/10

      • 172.16.0.0/12

      • 192.168.0.0/16

    Step 2: Configure an ALB listener

    1. Log on to the ALB console.

    2. In the top menu bar, select the region where the ALB instance is located. In this topic, China (Chengdu) is selected.

    3. On the Instances page, find the ALB instance that you created in VPC1 and click Create Listener in the Operations column.

    4. On the NLB Configuration Wizard > Configure Listener wizard, configure the following parameters, leave other parameters at their default values, and then click Next.

      Parameter

      Description

      Select Listener Protocol

      Select HTTP as the listener protocol.

      Listener Port

      Enter the port used to receive and forward requests to backend servers. Valid values: 1 to 65535. This guide uses 80.

    5. From the Server Group drop-down list, select IP. Select the Server Group that you created in Step 1, and then click Next.

    6. In the Configuration Review wizard, confirm the configurations and click Submit.

    Step 3: Connect the VPCs to Transit Routers

    Connect VPC1 to the Transit Router in the China (Chengdu) region and VPC2 to the Transit Router in the China (Hangzhou) region. This establishes private, cross-region connectivity between VPC1 and VPC2, which allows the ALB instance to forward requests to the servers in the cross-region VPC.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you created.

    3. On the Basic Settings > Transit Router tab, find the Transit Router instance in the China (Chengdu) region, and click Create Connection in the Operations column.

    4. On the Connection with Peer Network Instance page, configure the following parameters to connect VPC1 to the Transit Router in the China (Chengdu) region, and then click OK.

      This guide describes only the required parameters. Leave other parameters at their default values. For more information, see Create a VPC connection on an Enterprise Edition Transit Router.

      Parameter

      Description

      Instance Type

      This guide uses VPC as an example.

      Region

      Select the region of the network instance to connect. This guide uses China (Chengdu) as an example.

      Networks

      Select the ID of the VPC to connect. This guide uses VPC1 as an example.

      vSwitch

      Select vSwitches from the Availability Zones that the Enterprise Edition Transit Router supports. This guide uses VSW1 and VSW2 as examples.

    5. Click Create More Connections and use the following information to connect VPC2 to the Transit Router in the China (Hangzhou) region.

      Parameter

      Description

      Instance Type

      Select VPC.

      Region

      Select China (Hangzhou).

      Networks

      Select VPC2.

      vSwitch

      Select VSW3 and VSW4.

    Step 4: Create a cross-region TR connection

    To enable private communication between VPC1 and VPC2, create a cross-region connection between the Transit Routers in different regions after you connect the VPCs to the Transit Routers.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you created.

    3. On the Basic Settings > Transit Router tab, find the Transit Router instance in the China (Chengdu) region, and click Create Connection in the Operations column.

    4. On the Connection with Peer Network Instance page, configure the following parameters, and then click OK.

      This guide describes only the required parameters. Leave other parameters at their default values. For more information, see Create a cross-region connection on an Enterprise Edition Transit Router.

      Parameter

      Description

      Instance Type

      Select Inter-region Connection.

      Region

      Select the region of the peer Transit Router. This guide uses China (Chengdu) as an example.

      Peer Region

      Select the region of the peer Transit Router. This guide uses China (Hangzhou) as an example.

      Bandwidth Allocation Mode

      Select Pay-By-Data-Transfer.

      You can use Cloud Data Transfer (CDT) to reduce costs for cross-region traffic between Transit Routers. If you have not activated this service, we recommend that you refer to Upgrade to CDT billing to activate it. Activating CDT is free of charge. You can also use a bandwidth plan based on your business requirements.

    Step 5: Verify the configuration

    After you complete the preceding steps, the ALB instance can forward client requests to both ECS01 and ECS02.

    1. Test connectivity

      Enter the domain name in a browser, for example, http://<your_domain_name>. Refresh the page multiple times. You can observe that the client receives responses as expected, and the responding server switches between ECS01 and ECS02.

      image

      image

    2. Test failover

      1. Run the systemctl stop nginx.service command on the ECS01 instance to stop the application.

      2. Enter the domain name in your browser, for example http://<your_domain_name>. If you still receive a response, this indicates that load balancing for servers in cross-region VPCs is implemented.

      image

    FAQ

    Instructions for non-upgraded ALB instances

    If you are using a non-upgraded ALB instance, follow the steps below. This process requires you to add routes for VPC1, VPC2, and the Transit Routers, and configure Security Groups for the ECS instances. For details, see Step 5: Configure routes and security groups. The other steps are the same as described above.

    image

    • Limitations

      Backend server limitations

      Forwarding configuration limitations

      • You can use Enterprise Edition Transit Routers or Express Connect circuits for remote IP forwarding. Basic Edition Transit Routers are not supported.

        If you use an Enterprise Edition Transit Router, it creates an Elastic Network Interface (ENI) on a vSwitch in an Availability Zone that you specify. The ENI acts as the ingress for traffic from the VPC to the Transit Router. When you create a VPC connection, make sure that you have at least one vSwitch created in an Availability Zone supported by the Enterprise Edition Transit Router. For more information, see Regions and zones supported by Enterprise Edition transit routers.

      • In a Cloud Enterprise Network (CEN), one or more Application Load Balancers (ALB) can mount servers across regions, provided they are in a single Virtual Private Cloud (VPC) within a region.

        image

        • ALBs in multiple VPCs within the same region cannot use the same Transit Router to access backend services.

          image

        • ALBs in multiple VPCs within the same region cannot use multiple Transit Routers to access the same backend service.

          image

      • Traffic between an ALB instance and its backend servers is forwarded only through the system route table. Forwarding traffic through a custom route table of a VPC is not currently supported.

    • Routes and security groups

      1. Add a route entry to the system route table of VPC1.

        Check if the system route table of VPC1 contains a route that points to the VPC1 connection on the Transit Router for the destination CIDR block. If not, perform the following steps to add a route entry.

        Note

        Traffic between ALB and backend services is forwarded only through the system route table. Forwarding through a VPC custom route table is not currently supported.

        1. Log on to the VPC console.

        2. On the VPC page, click the ID of VPC1.

        3. On the VPC1 details page, click the Resource Management tab, and then click the number displayed in the Route Table section.

        4. On the Route Table page, find the System route table for VPC1 and click its ID.

        5. On the route table details page, choose Route Entry List > Custom Route, and then click Add Route Entry.

        6. In the Add Route Entry panel, configure the following parameters, and then click OK.

          Parameter

          Description

          Destination CIDR Block

          Enter the destination CIDR block to which you want to forward traffic. This guide uses the CIDR block of VPC2: 192.168.0.0/16.

          Next Hop Type

          Select the type of the Next Hop. This guide uses Transit Router.

          Transit Router

          Select the specific Transit Router instance. This guide uses the VPC1 connection from Step 3.

      2. Configure the Back-to-Origin Route.

        1. View the Back-to-Origin Route.

          Follow the steps below to obtain the back-to-origin route of the ALB instance.

          1. Log on to the ALB console.

          2. In the top navigation bar, select the region of the instance. This guide uses China (Chengdu).

          3. On the Instances page, click the ID of the target ALB instance.

          4. Click the Instance Details tab, and then click View next to Back-to-origin Route.

        2. Add a back-to-origin route for ALB to the system route table in VPC2.

          1. Log on to the VPC console.

          2. On the VPC page, click the ID of VPC2.

          3. On the VPC details page, click the Resource Management tab, and then click the number displayed in the Route Table section.

          4. On the Route Table page, find the System route table for VPC2 and click its ID.

          5. On the route table details page, choose Route Entry List > Custom Route and then click Add Route Entry.

          6. In the Add Route Entry panel, configure the following parameters, and then click OK.

            Parameter

            Description

            Destination CIDR Block

            Enter the destination CIDR block. In this case, enter the Back-to-Origin Route of the ALB instance. If there are multiple Back-to-Origin Routes, repeat this operation for each one.

            Next Hop Type

            Select the type of the Next Hop. This guide uses Transit Router.

            Transit Router

            Select the specific Transit Router instance. This guide uses the Transit Router associated with VPC2.

        3. Add a Back-to-Origin Route for ALB to the Transit Router associated with VPC1.

          1. Log on to the CEN console.

          2. On the Instances page, click the ID of the CEN instance you created.

          3. On the Basic Settings > Transit Router tab, find the Transit Router instance connected to VPC1 and click its ID.

          4. Click the Route Table tab. In the left-side area of the tab, click the target route table ID. On the route table details page, on the Route Entry tab, click Add Route Entry.

          5. In the Add Route Entry dialog box, configure the route entry information, and then click OK.

            Parameter

            Description

            Route Table

            The current route table is selected by default.

            Transit Router ID

            The current Transit Router instance is selected by default.

            Destination CIDR Block

            The destination CIDR block of the route entry. Enter the Back-to-Origin Route of the ALB instance. If there are multiple Back-to-Origin Routes, repeat this operation for each one.

            Blackhole Route?

            Select No.

            Next Hop

            Select the next hop for the route. This guide uses the VPC1 connection.

      3. Check the Security Group rules of the backend ECS instances.

        Packets for cross-region access use an IP address from the back-to-origin route network segment as the source address to access backend services. You must add an inbound rule to the security group of the ECS instance to allow traffic from the 100.64.0.0/10 network segment, which is the back-to-origin route network segment for ALB. Otherwise, cross-region access to the backend service will fail. For more information, see Add a security group rule.

    Using ALB with peered same-region VPCs?

    Yes, you can.

    How is ALB with CEN billed?

    In addition to ALB fees, CEN-related fees also apply. For more information, see Billing of CEN.

    Related documents