An ALB instance receives requests from clients and forwards them to backend servers based on forwarding rules configured in listeners.
DNS name
Starting from 00:00:00 on November 15, 2024 (UTC+8), newly created ALB instances use upgraded domain names by default: xxx.alb.aliyuncsslb.com (for regions in the Chinese mainland) and xxx.alb.aliyuncsslbintl.com (for regions outside the Chinese mainland).
Newly created ALB instances do not support direct access through their DNS names. You must create a CNAME record to map your custom domain name to the DNS name of the ALB instance. This allows clients to access the ALB instance through your custom domain name.
Instance network type
You can change the network type of an ALB instance to switch between the internet-facing and internal types.
|
Item |
Internet-facing ALB instance |
Internal ALB instance |
|
Use case |
You need to expose your backend services to the internet. |
You only need to access backend services from within an Alibaba Cloud VPC. |
|
IP address allocation |
Assigns an Elastic IP Address (EIP) and a private IP address. You can associate an Anycast EIP with an ALB instance to provide low-latency access for multi-region services. |
Assigns only a private IP address. |
|
Access method |
Accessible from the internet and private networks. |
Accessible from private networks only. |
|
Diagram |
 |
 |
|
Billing |
Includes an instance fee, a Load Balancer Capacity Unit (LCU) fee, and internet data transfer fees (charged by EIP). |
Includes only an instance fee and an LCU fee. |
IP version
|
IP version |
Default IP assignment |
Description |
|
IPv4 |
|
|
|
dual-stack |
|
|
The dual-stack feature is available only in supported regions.
The network type of a dual-stack ALB instance is determined by its IPv4 address. If the instance has a public IPv4 address, it is an internet-facing instance. If it has only a private IPv4 address, it is an internal instance.
You can only create new dual-stack instances. You cannot upgrade an existing IPv4 instance to dual-stack.
Entries in an access control list (ACL) support only IPv4 addresses.
After an upgrade, an ALB instance allocates private IPv4 and IPv6 service IP addresses from each specified VSwitch.
WAF integration
-
We recommend that you enable WAF 3.0 protection for your ALB instance by using the service-based integration method. This method creates a WAF-enhanced ALB instance.
-
Supported regions:
Area
Region
China
China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), China (Hong Kong), China (Heyuan)
Asia Pacific
Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Singapore, Thailand (Bangkok), South Korea (Seoul)
Europe & Americas
Germany (Frankfurt), US (Silicon Valley), US (Virginia), Mexico (Queretaro)
Middle East
Saudi Arabia (Riyadh) - Operated by Partner, UAE (Dubai)
-
WAF-enabled ALB instances use the WAF 3.0 service-based architecture. If you have an existing WAF 2.0 instance, you must first release the WAF 2.0 instance or migrate it to WAF 3.0.
By default, ALB does not add the
X-Forwarded-Protoheader to requests. After you release a WAF 2.0 instance, direct access to the ALB may cause service exceptions, such as infinite redirects, because the backend server cannot identify the protocol (HTTP or HTTPS). To prevent this issue, you must manually enable the X-Forwarded-Proto header in the ALB listener configuration. -
Unsupported features: After you enable WAF, the following WAF features are not supported: data leakage prevention and automatic Web SDK integration for the bot management feature that protects against web scraping.
-
-
If you want to use an existing WAF 2.0 instance in your account, internet-facing Basic and Standard ALB instances support transparent integration with WAF 2.0. Supported regions: China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou). Internal ALB instances do not support WAF 2.0 integration.
Cross-zone load balancing
By default, cross-zone load balancing is enabled for ALB instances. Incoming requests are distributed to backend services deployed in all selected zones within the specified region. If you disable this feature for a server group, loads are balanced across each single zone.
Instance status
|
Status |
Description |
Lock type |
Deletion allowed |
Modification allowed |
|
Running |
The instance is running as expected. |
Not applicable |
|
|
|
Creating |
The instance is being created. |
No |
No |
|
|
Updating Configuration |
The instance configuration is being updated. |
No |
||
|
Creation Failed |
The instance failed to be created. |
Yes |
||
|
Stopped |
An instance enters the Stopped status when it is locked. While in this status, its service is unavailable. |
Locked (Overdue Payment): The instance is locked due to an overdue payment. Renew your subscription to unlock the instance. |
No |
|
|
Locked (Associated Resources Anomaly): An associated resource, such as an Elastic IP Address (EIP) or Internet Shared Bandwidth instance, is locked due to an overdue payment. Renew the associated resource to unlock the instance. |
No |
|||
|
Locked (Residual): An associated EIP or Internet Shared Bandwidth instance has been released due to an overdue payment. This makes the ALB instance unavailable. You must release the ALB instance. |
Yes |
|||
|
Locked (Security Risks): The instance is locked due to security risks. Go to the Security Management console to request to unlock the instance. |
No |