All Products
Search

This Product

    Server Load Balancer:Add servers from a same-region data center to an ALB instance

    Document Center

    Server Load Balancer:Add servers from a same-region data center to an ALB instance

    Last Updated:Mar 25, 2026

    To load-balance traffic to servers in a same-region data center, you can use an ALB instance with a CEN transit router to forward requests to the servers.

    Scenario

    ALB supports adding same-region and cross-region Internet Data Center (IDC) servers. This topic describes how to add a same-region IDC server to an ALB instance.

    A company created a Virtual Private Cloud (VPC) named VPC1 in the China (Chengdu) region and an internet-facing ALB instance in this VPC. The company wants to use the ALB instance to forward requests to servers in its data center in the same region. The company can use Cloud Enterprise Network (CEN) to connect VPC1 and a VBR to a transit router. The local data center connects to Alibaba Cloud through the VBR. The ALB then forwards access requests to the data center through the transit router. This allows the ALB to add the servers in the data center in the same region as its backend servers.

    Limitations

    Note

    • Starting from 00:00:00 (UTC+8) on February 25, 2025, newly created ALB instances are upgraded instances by default. Existing ALB instances are not affected, except for those created through self-service applications. For more information, see Announcement on ALB instance upgrades.

    • This topic uses an upgraded ALB instance as an example. If you are using a non-upgraded ALB instance, see Instructions for non-upgraded ALB instances.

    Backend server limitations

    • Only IP-based Server Groups support adding backend servers from a different region.

    • You can add only private IP addresses. Public IP addresses are not supported.

    • To add IPv6 servers, enable the IPv6 feature when you create the IP-based Server Group. Note the following points:

      • You can enable IPv6 for a Server Group only if the VPC selected for the Server Group has IPv6 enabled.

      • IPv6 Server Groups can only be added to listeners or forwarding rules of dual-stack upgraded ALB instances. Non-upgraded ALB instances are not supported.

      • After you enable IPv6 for a Server Group, you can add only IPv6 addresses that are within the CIDR block of the VPC where the Server Group resides. You cannot enable the Remote IP feature.

    Forwarding configuration limitations

    • If you configure an Enterprise Edition transit router for your ALB service, the transit router will create an elastic network interface (ENI) within a vSwitch in the zone you specify. The ENI works as the ingress of the transit router for receiving traffic from the VPC. Therefore, ensure that there is at least a vSwitch available in the zone you select. For more details, see How transit routers work.

    • You cannot customize routing tables in the VPC where your ALB service is deployed for traffic forwarding between ALB and backend servers. Only system routing tables are allowed.

    Prerequisites

    • A VPC named VPC1 has been created in the China (Chengdu) region. In this VPC, two vSwitches, VSW1 and VSW2, have been created in Zone A and Zone B respectively.

      The following table describes the network plan for this example. When planning CIDR blocks, ensure that the CIDR blocks of interconnected networks do not overlap.

      China (Chengdu) region

      VSwitch

      VSwitch zone

      CIDR block

      VPC1

      Primary CIDR block: 172.16.0.0/12

      VSW1

      Zone A

      172.16.0.0/24

      VSW2

      Zone B

      172.16.6.0/24

      VBR

      Not applicable

      Not applicable

      Customer-side interconnect IPv4 address: 10.0.0.2/30

      Alibaba Cloud-side interconnect IPv4 address: 10.0.0.1/30

      Data center

      VSW3

      Not applicable

      192.168.20.0/24

    • An ECS instance named ECS01 has been created in VSW1, and application services are deployed on ECS01.

      Sample commands for deploying a test service on ECS01:

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! This is c****u ECS01." > index.html

    • An ALB instance has been created in VPC1. This topic uses an internet-facing ALB instance as an example.

    • You have registered a domain name, completed ICP filing, and used your own domain name to configure a CNAME record for the ALB.

    • A CEN instance and a transit router have been created in the China (Chengdu) region.

    • An Express Connect circuit and a VBR have been created. For more information, see Create and manage a dedicated connection over an Express Connect circuit and Create and manage a VBR.

    • A test server named ECS02 has been created in the data center, and application services are deployed on ECS02.

      Sample commands for deploying a test service on ECS02:

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! This is h****z ECS02." > index.html

    Procedure

    Step 1: Create an ALB server group

    Create an IP type server group and add ECS01 and the data center server ECS02 to it.

    1. Log on to the ALB console.

    2. In the top menu bar, select the region where the ALB is located. This topic uses China (Chengdu) as an example.

    3. In the left-side navigation pane, choose ALB > Server Group.

    4. On the Server Group page, click Create Server Group, configure the following parameters, and then click Create.

      This guide describes only the required parameters. Leave other parameters at their default values. For more information, see Server groups.

      Parameter

      Description

      Server Group Type

      Select IP. This allows you to add servers that are not in the VPC by specifying their IP addresses.

      VPC

      Select VPC1.

      Backend Server Protocol

      Select HTTP.

      Note

      For a Basic ALB instance, the HTTPS listener can only select server groups with an HTTP backend protocol.

      Scheduling Algorithm

      Use the default value, Weighted Round-robin. For more information about scheduling algorithms, see Scheduling algorithms.

    5. In the Server group created. dialog box, click Add Backend Server .

    6. In the Add Backend Server panel, add the private IP address of ECS01. Click Next, set the Port and Weight for the IP address, and then click OK.

      The port must be consistent with the port used by the backend service. This guide uses port 80 and the default weight.

    7. Click Add IP Address. Add the private IP address of the data center server ECS02. Because the IP address of ECS02 is outside the server group's VPC, enable Remote IP. Then, click Next, set the Port and Weight for the IP address, and click OK. In this example, enter 80 for the port and use the default weight.

      If the Remote IP switch is turned off, you can add only IP addresses that are within the CIDR block of the VPC where the Server Group resides. If the Remote IP switch is turned on, you can add IP addresses from the following CIDR blocks:

      • 10.0.0.0/8

      • 100.64.0.0/10

      • 172.16.0.0/12

      • 192.168.0.0/16

    Step 2: Configure an ALB listener

    1. Log on to the ALB console.

    2. In the top menu bar, select the region where the ALB instance is located. In this topic, China (Chengdu) is selected.

    3. On the Instances page, find the ALB instance that you created in VPC1 and click Create Listener in the Operations column.

    4. On the NLB Configuration Wizard > Configure Listener wizard, configure the following parameters, leave other parameters at their default values, and then click Next.

      Parameter

      Description

      Select Listener Protocol

      Select HTTP as the listener protocol.

      Listener Port

      Enter the port used to receive and forward requests to backend servers. Valid values: 1 to 65535. This guide uses 80.

    5. From the Server Group drop-down list, select IP. Select the Server Group that you created in Step 1, and then click Next.

    6. In the Configuration Review wizard, confirm the configurations and click Submit.

    Step 3: Create a VPC connection in CEN

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you created.

    3. On the Basic Settings > Transit Router tab, find the Transit Router instance in the China (Chengdu) region, and click Create Connection in the Operations column.

    4. On the Connection with Peer Network Instance page, configure the following parameters to connect VPC1 to the Transit Router in the China (Chengdu) region, and then click OK.

      This guide describes only the required parameters. Leave other parameters at their default values. For more information, see Create a VPC connection on an Enterprise Edition Transit Router.

      Parameter

      Description

      Instance Type

      This guide uses VPC as an example.

      Region

      Select the region of the network instance to connect. This guide uses China (Chengdu) as an example.

      Networks

      Select the ID of the VPC to connect. This guide uses VPC1 as an example.

      vSwitch

      Select vSwitches from the Availability Zones that the Enterprise Edition Transit Router supports. This guide uses VSW1 and VSW2 as examples.

    Step 4: Create a VBR connection in CEN

    1. After you create the VPC connection, click Create More Connections.

    2. On the Connection with Peer Network Instance page, specify the following parameters and click OK to connect the VBR instance to the transit router in the China (Chengdu) region.

      This section describes only the parameters that are relevant to this topic. You can use the default values for other parameters. For more information, see Create a VBR connection on an Enterprise Edition transit router.

      Parameter

      Description

      Instance Type

      Select Virtual Border Router (VBR).

      Region

      Select the region where the network instance is deployed. In this example, China (Chengdu) is selected.

      Networks

      Select the ID of the VBR instance that you want to connect. In this example, the VBR instance is selected.

    Step 5: Add a system route for VPC1

    If the system route table for VPC1 does not already have a route to its transit router connection, follow these steps to add one.

    Note

    Traffic between an ALB instance and its backend servers can be forwarded only through the system route table. Forwarding traffic through custom route tables in a VPC is not supported.

    1. Log on to the VPC console.

    2. On the VPC page, click the instance ID of VPC1.

    3. On the VPC1 details page, click the Resource Management tab, and then click the number under Route Tables.

    4. On the Route Tables page, find the System route table of VPC1 and click the route table ID.

    5. On the route table details page, choose Route Entry List > Custom Route and then click Add Route Entry.

    6. In the Add Route Entry panel, specify the following parameters and click OK.

      Parameter

      Description

      Destination CIDR Block

      Enter the destination CIDR block to which you want to forward traffic. In this example, enter the CIDR block of the data center: 192.168.20.0/24.

      Next Hop Type

      Select the type of the next hop. In this example, Transit Router is selected.

      Transit Router

      Select the network instance connection. In this example, select the VPC1 connection created in Step 3.

    Step 6: Configure VBR routes in Express Connect

    Configure a route on the VBR to the data center.

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. On the Virtual Border Routers (VBRs) page, click the target VBR instance ID.

    4. On the VBR details page, click the Routes tab and then click Add Route.

    5. In the Add Route panel, specify the following parameters and click OK.

      Parameter

      Description

      Next Hop Type

      Select the next hop type for the route entry. In this example, Physical Connection Interfaces is selected.

      Destination CIDR Block

      In this example, enter the CIDR block of the data center: 192.168.20.0/24.

      Next Hop

      Select the Express Connect circuit interface.

    Step 7: Configure routes for the data center

    View the CIDR blocks of the vSwitches associated with the ALB instance. Then, add routes for these vSwitch CIDR blocks to the data center.

    Note

    After a VPC is connected to a transit router, the transit router can learn the routes of all vSwitch CIDR blocks in the VPC. Therefore, you do not need to configure routes for the vSwitch CIDR blocks of the ALB instance on the transit router.

    1. Obtain the CIDR blocks of the vSwitches associated with the ALB instance.

      1. Log on to the VPC console.

      2. In the top navigation bar, select the region where VPC1 is deployed. In this example, China (Chengdu) is selected.

      3. On the VPC page, find and click the ID of VPC1.

      4. On the VPC1 details page, click the Resource Management tab and click the number link under vSwitch.

      5. On the vSwitch page, find the vSwitches that are associated with the ALB instance and record their CIDR blocks.

    2. Add routes for the CIDR blocks of the vSwitches associated with the ALB instance to the data center.

      On your on-premises gateway device, add routes for the CIDR blocks of the vSwitches associated with the ALB instance. The following is sample code for this example. If you have multiple vSwitches, add a route for each of their CIDR blocks.

      Note

      The sample routes are for reference only. The configuration may vary based on the vendor and model of the device.

      ip route 172.16.0.0/24 255.255.255.0 <Alibaba Cloud-side IP address of the VBR instance>
ip route 172.16.6.0/24 255.255.255.0 <Alibaba Cloud-side IP address of the VBR instance>

    Step 8: Verify the result

    1. Test connectivity

      In a browser, enter the domain name, for example, http://<your_domain_name>. Refresh the page multiple times. The client receives responses as expected, and the responding server alternates between ECS01 and ECS02.

      ECS01

      ECS02

    2. Simulate a failure

      1. On ECS01, stop the service by running the systemctl stop nginx.service command.

      2. In a browser, enter the domain name, for example, http://<your_domain_name>. After the client sends a request, it still receives a response. This confirms that failover to the data center server is working.

        ECS02

    FAQ

    Adding servers to a non-upgraded ALB instance

    The procedure for adding servers from a same-region data center to a non-upgraded ALB instance is the same as the one described in this topic, except for Step 7.

    • Limitations

      Backend server limitations

      • Adding remote IP addresses to non-upgraded ALB instances is supported only in specific regions.

      • To add backend servers across networks, you must use an IP type server group.

      • You can add backend servers only by using their private IP addresses. Public IP addresses are not supported.

      • You cannot attach ALB, NLB, or CLB instances within the same VPC.

      Forwarding configuration limitations

      • You can use Enterprise Edition transit routers or Express Connect to forward traffic from remote IP addresses. Basic Edition transit routers are not supported.

        If you use an Enterprise Edition transit router, an elastic network interface (ENI) is created on a vSwitch in the zone that you specify. The ENI serves as an ingress for traffic from the VPC to the Enterprise Edition transit router. When you create a VPC connection, make sure that at least one vSwitch is created in a zone that is supported by Enterprise Edition transit routers to connect the VPC to the transit router. For more information, see Regions and zones that support Enterprise Edition transit routers.

      • Within a single CEN instance, cross-network backend servers can be added to ALB instances in only one VPC per region.

        image

        • You cannot use a single transit router for ALBs in multiple VPCs within the same region to access backend services.

          image

        • ALBs in multiple VPCs within the same region cannot use multiple transit routers to access the same backend service.

          image

      • Traffic between an ALB instance and its backend servers can be forwarded only through the system route table. Forwarding traffic through custom route tables in a VPC is not supported.

    • Back-to-origin routes

      View the back-to-origin routes of the ALB instance. Then, add these routes to the transit router associated with VPC1 and to the data center.

      1. View the back-to-origin routes.

        Perform the following steps to obtain the back-to-origin routes of the ALB instance:

        1. Log on to the ALB console.

        2. In the top navigation bar, select the region where the instance is deployed. In this example, China (Chengdu) is selected.

        3. On the Instances page, click the target ALB instance ID.

        4. Click the Instance Details tab, and then click View to the right of Back-to-origin Route.

      2. Follow these steps to add a back-to-origin route for the ALB to the transit router associated with VPC1.

        1. Log on to the CEN console.

        2. On the Instances page, click the ID of the CEN instance.

        3. On the Basic Settings > Transit Router tab, find the transit router instance that is connected to VPC1, and click its instance ID.

        4. Click the Route Table tab. In the left-side area of the tab, click the ID of the target route table. On the route table details page, on the Routes tab, click Add Route Entry.

        5. In the Add Route dialog box, configure the route entry and click OK.

          Parameter

          Description

          Route Table

          The system selects the current route table by default.

          Transit Router ID

          The system selects the current transit router instance by default.

          Destination CIDR Block

          The destination CIDR block of the route entry. In this example, enter the back-to-origin route of the ALB instance. If multiple back-to-origin routes exist, repeat this step to add all back-to-origin routes.

          Blackhole Route

          Select No.

          Next Hop

          Select the next hop connection. In this example, select the VPC1 connection.

      3. Add the back-to-origin routes of the ALB instance to the data center.

        On your on-premises gateway device, add the back-to-origin routes of the ALB instance. The following sample code shows the routes to configure. If multiple back-to-origin routes exist, add a route for each one.

        Note

        The sample route is for reference only. The configuration may vary based on the vendor and model of the device.

        ip route 100.XX.XX.0/25 255.255.255.128 <Alibaba Cloud-side IP address of the VBR instance>

    Internet-facing ALB and internal-facing ALB both support adding on-premises servers?

    Yes, both instance types are supported.

    Related documents