An Application Load Balancer (ALB) instance receives requests from clients and distributes them to backend server groups based on listeners and forwarding rules. Before you can use the ALB service, you must create an ALB instance and add listeners and backend server groups. This topic describes the key concepts of and usage notes for ALB instances.
By default, cross-zone load balancing is enabled for ALB. This means ALB distributes traffic across backend services in different zones within the same region. If cross-zone load balancing is disabled for a server group attached to an ALB instance, ALB distributes traffic only among backend services within the same zone.
DNS names
ALB instances provide services through DNS domain names. You can use a canonical name (CNAME) record on your DNS platform to map your custom domain name to the DNS name of an ALB instance. This forwards access requests to the ALB instance.
The domain names for load balancing have been upgraded. Direct access to an ALB instance using the DNS domain name that is provided by ALB is no longer supported.
Instance status
The following table describes the different instance statuses and the operations that you can perform on an instance in each status.
Instance status | Status description | Lock type | Can be deleted | Can be modified |
Running | The instance is running as expected. | Not applicable | Depends on whether Deletion Protection is enabled.
| Depends on whether Configuration Read-only Mode is enabled.
|
Creating | The instance is being created. | Not applicable | No | No |
Configuring | The instance configuration is being modified. | Not applicable | No | |
Creation Failed | The instance failed to be created. | Not applicable | Yes | |
Stopped | The instance is stopped. | Financial lock: The instance is locked due to an overdue payment. Renew the instance as soon as possible. The instance resumes after it is unlocked. | No | |
Associated resource lock: The associated Elastic IP Address (EIP) or Internet Shared Bandwidth instance is locked due to an overdue payment. Renew the EIP or Internet Shared Bandwidth instance as soon as possible. The instance resumes after the associated resource is unlocked. | No | |||
Residual lock: The associated EIP or Internet Shared Bandwidth instance is released due to an overdue payment. The current instance is unavailable. Release the instance. | Yes | |||
Security lock: The instance is locked due to security risks. You can go to the Security Control page to request to unlock the instance. | No |
Instance network types
Alibaba Cloud provides Internet-facing and internal-facing ALB instances.
You can change the network type of an ALB instance to switch between Internet-facing and internal-facing.
Internet-facing ALB instances
When you create an Internet-facing ALB instance, the system allocates a public IP address and a private IP address to the instance.
Internet-facing ALB instances handle requests from the Internet. By default, Internet-facing ALB instances use EIPs to provide services over the Internet and forward requests from the Internet to backend servers based on listener rules. You can also associate an Anycast EIP with an ALB instance to accelerate access from multiple regions.
Internet-facing ALB instances are also assigned private IP addresses. You can use these private IP addresses to access ECS instances in the same VPC.
Internal-facing ALB instances
When you create an internal-facing ALB instance, the system allocates a private IP address to the instance.
Internal-facing ALB instances handle requests from clients in the same VPC. These instances forward requests from the Alibaba Cloud internal network to backend servers based on listeners and forwarding rules.
Internal-facing ALB instances cannot be accessed from the Internet.
Protocol version
IPv4 and dual-stack
ALB instances support the IPv4 and dual-stack IP versions.
Protocol Version | Default value | Description |
IPv4 |
| Only clients that use IPv4 addresses, such as 192.0.2.1, can access the instance. The instance forwards traffic from IPv4 clients only to IPv4 backend services. The backend services can be of the server type (ECS, ENI, or ECI), IP type, or Function Compute type. |
Dual-stack |
| Clients can use both IPv4 addresses, such as 192.168.0.1, and IPv6 addresses, such as 2001:db8:1:1:1:1:1:1, to access the instance. The instance forwards traffic from IPv4 and IPv6 clients to IPv4 or IPv6 backend services. The backend services can be of the server type (ECS, ENI, or ECI) or IP type. The Function Compute type is not supported. Note If the server group of your dual-stack ALB instance is of the IP type and you need to attach IPv6 backend services, you must use an upgraded ALB instance. |
The network type of a dual-stack ALB instance is determined by its IPv4 address. If the IPv4 address is a private IP address, the instance is internal-facing. If the IPv4 address is a public IP address, the instance is Internet-facing.
Usage notes on dual-stack instances
You cannot upgrade an existing IPv4 instance to a dual-stack instance. You can only create new dual-stack instances.
Access control policy entries support only IPv4 addresses.
Regions that support dual-stack instances
Area | Region |
China | China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), China (Guangzhou) |
Asia-Pacific | Singapore, Malaysia (Kuala Lumpur), Japan (Tokyo), Indonesia (Jakarta), South Korea (Seoul), Philippines (Manila), Thailand (Bangkok) |
Europe & Americas | UK (London), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Mexico |
Middle East | SAU (Riyadh - Partner Region) |
Integration with WAF
ALB supports service-level integration with WAF 3.0. You can enable the WAF-enhanced edition for ALB. Note the following when you integrate ALB with WAF for protection:
If your Alibaba Cloud account does not have a WAF 2.0 instance or you have not activated WAF: You can enable WAF 3.0 protection for Internet-facing and internal-facing ALB instances through service-level integration. To do this, you enable the WAF-enhanced edition for ALB.
The WAF-enhanced edition for ALB is available in the regions where ALB supports service-level integration with WAF 3.0.
Area
Region
China
China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), China (Hong Kong)
Asia-Pacific
Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Singapore, Thailand (Bangkok), South Korea (Seoul)
Europe & Americas
Germany (Frankfurt), US (Silicon Valley), US (Virginia), Mexico
Middle East
SAU (Riyadh - Partner Region)
If your Alibaba Cloud account already has a WAF 2.0 instance: You can enable WAF 2.0 in transparent proxy mode for Basic Edition Internet-facing ALB instances and Standard Edition Internet-facing ALB instances. Internal-facing ALB instances do not support WAF 2.0.
Only ALB instances in the China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou) regions support transparent proxy mode for WAF 2.0.
NoteTo enable WAF 3.0 protection for your ALB instance, first release the WAF 2.0 instance or migrate to WAF 3.0.
When you release a WAF 2.0 instance, the X-Forwarded-Proto header is disabled for ALB by default. Direct access to the ALB instance may cause service exceptions. To prevent this, you must enable the X-Forwarded-Proto header in the ALB listener. For more information, see Manage listeners.
For more information about how to release a WAF 2.0 instance, see Disable WAF.
For more information about how to migrate to WAF 3.0, see How to upgrade a WAF 2.0 instance to WAF 3.0.
References
To get started with ALB instances, see Quickly implement load balancing for IPv4 services using ALB and Quickly implement load balancing for IPv6 services using ALB.
For more information about how to create an ALB instance, see Create and manage an ALB instance. After you create an ALB instance, see Manage an ALB instance for information about instance maintenance.
For more information about how to change the configuration of an ALB instance, see Change the configuration of an ALB instance.