All Products
Search
Document Center

Server Load Balancer:Create and manage an ALB instance

Last Updated:Jan 20, 2025

Application Load Balancer (ALB) provides robust load balancing services for Layer 7 applications. It supports high-performance traffic forwarding features and a wide variety of advanced forwarding rules. You can use ALB to distribute requests to backend servers. This topic describes how to create an ALB instance.

Prerequisites

  • A virtual private cloud (VPC) is created. For more information, see Create a VPC with an IPv4 CIDR block and Create a VPC with an IPv6 CIDR block.

  • For creating an upgraded ALB instance, the vSwitch you specify in the zone you specify has enough available IP addresses. An upgraded ALB instance is allocated with three IP addresses from the vSwitch you specify: One acts as a virtual IP address (VIP) to provide load balancing services, and the other two as local IP addresses to communicate with backend servers. If the vSwitch you specify does not have enough available IP addresses, an error is reported and upgraded ALB instances cannot be created. For more information about upgraded ALB instances, see ALB instance upgrade. (This is not a prerequisite for creating a non-upgraded ALB instance.)

    Note
    • To ensure upgraded ALB instances auto-scale resources as expected, we recommend that each vSwitch you specify for them has at least eight available IP addresses.

    • To ensure upgraded ALB instances properly communicate with backend servers, if any security policies such as iptables rules and third-party security policy software, are configured on your backend servers, we recommend that you configure your backend servers to allow the CIDR block of the vSwitch to which the upgraded ALB instance is connected.

  • The service-liked role AliyunServiceRoleForAlb is created for your ALB service. A service-linked role is required the first time you create an ALB instance. The service-linked role allows the ALB instance to access cloud services and resources, such as elastic network interfaces (ENIs), security groups, elastic IP addresses (EIPs), and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.

Create an ALB instance

  1. Log on to the ALB console.
  2. On the Instances page, click Create ALB.

  3. On the Application Load Balancer page, configure the following parameters.

    Parameter

    Description

    Region

    Select the region in which you want to create the ALB instance.

    Network Type

    Select a network type for the ALB instance. The system assigns a public or private IP address to the ALB instance based on the selected network type.

    • Intranet: The ALB instance has only private IP addresses and can be accessed only by resources in the VPC where the ALB instance is deployed.

    • Internet: The ALB instance has public and private IP addresses. By default, Internet-facing ALB instances use EIPs to provide services over the Internet. If you select Internet, you are charged instance fees and data transfer fees for the EIPs.

      • Public IP address: EIPs are used to provide services over the Internet and expose ALB instances to the Internet.

      • Private IP address: allows resources in VPCs to access ALB instances.

    Note

    If an ALB instance is assigned an IPv4 address and an IPv6 address, the IPv4 address is used to provide services over the Internet. If you want to use a public IPv6 address, you need to change the network type. IPv6 addresses generate IPv6 gateway fees. For more information, see Billing rules and Change the network type of an ALB instance.

    VPC

    Select the VPC where you want to deploy the ALB instance.

    Zone

    Select a zone and a vSwitch.

    1. ALB supports multi-zone deployment. If the selected region supports two or more zones, select at least two zones to ensure high availability. ALB does not charge additional fees.

    2. Select a vSwitch in each zone that you selected. If no vSwitch is available, create one as prompted.

    3. Optional: Select an EIP in each zone that you selected.

      • If no EIP is available in a zone, you can click Automatically assign EIP. The system automatically creates a pay-as-you-go (pay-by-data-transfer) EIP and associates the EIP with the ALB instance. The EIP uses BGP (Multi-ISP) lines and is protected by Anti-DDoS Origin Basic.

      • Alternatively, you can associate an existing EIP with the ALB instance.

        Important
        • You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances with an ALB instance.

        • The EIPs allocated to different zones of the same ALB instance must be of the same type.

    IP Mode

    Select an IP mode for the ALB instance. This parameter is avaialble only for creating non-upgraded ALB instances. For more information about non-upgraded ALB instances, see What is ALB? Upgraded ALB instances do not differentiate between IP modes. Instead, they globally auto-scale VIPs. Each upgraded ALB instance can handle up to one million QPS.

    IP Version

    Select an IP version. Valid values:

    • IPv4: If you select this option, the ALB instance can be accessed only by IPv4 clients.

    • Dual-stack: If you select this option, the ALB instance can be accessed by both IPv4 and IPv6 clients.

    Note
    • For more information about the regions that support dual-stack ALB instances, see Overview of ALB instances.

    • If you want to enable both IPv4 and IPv6, you must enable IPv6 for the vSwitches in the zones of the VPC.

    • Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to IPv4 and IPv6 backend services deployed on the following types of backend servers: Elastic Compute Service (ECS) instances, elastic network interfaces (ENIs), elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported.

    • If your dual-stack ALB instance uses the IP-type server group, to which you want to add an IPv6 address, you must use an upgraded ALB instance. For more information about the upgraded ALB instance, see ALB instance upgrade.

    • IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.

    • Access control lists (ACLs) support only IPv4 addresses.

    Edition

    Select an edition for the ALB instance.

    • Basic: Basic ALB instances support basic routing features such as forwarding requests based on domain names, URLs, and HTTP headers.

    • Standard: Standard ALB instances support basic and advanced routing features, such as custom TLS security policies, redirects, and rewrites.

    • WAF Enabled: As an upgrade from standard ALB instances, WAF-enabled ALB instances are integrated with Web Application Firewall (WAF) 3.0 to protect web applications. Network traffic is filtered by WAF before traffic is routed to ALB listeners.

    Note

    Limits on WAF-enabled ALB instances:

    • Before you can purchase WAF-enabled ALB instances, you must complete real-name verification.

    • For more information about the regions in which WAF-enabled ALB instances are supported, see Limits on WAF-enabled ALB instances.

    • Make sure that WAF is not activated within your Alibaba Cloud account, or WAF 3.0 is activated in your Alibaba Cloud account.

      • If WAF is not activated in your Alibaba Cloud account, a pay-as-you-go WAF 3.0 instance is created after you create a WAF-enabled ALB instance.

      • If you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0.

        • After you release the WAF 2.0 instance, service errors may arise because the X-Forwarded-Proto header is disabled for ALB by default. You must enable the X-Forwarded-Proto header for the listeners of the ALB instance to prevent errors. For more information, see Manage listeners.

        • For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.

        • For more information about how to migrate to WAF 3.0, see Migrate a WAF 2.0 instance to WAF 3.0.

    • You can upgrade only basic and standard ALB instances that are in the Running state to WAF-enabled ALB instances.

    For more information about the differences among basic ALB instances, standard ALB instances, and WAF-enabled ALB instances, see Functions and features.

    Associate with EIP Bandwidth Plan

    If an ALB instance is deployed in two zones and is not associated with an Internet Shared Bandwidth instance, the default maximum Internet bandwidth of the ALB instance is 400 Mbit/s.

    If you require a larger bandwidth, associate an Internet Shared Bandwidth instance with your ALB instance. If you select Associate with EIP Bandwidth Plan, you must select an Internet Shared Bandwidth instance. If no Internet Shared Bandwidth instance is available, click Purchase EIP Bandwidth Plan and purchase an Internet Shared Bandwidth instance. Then, return to the ALB buy page and click 刷新 to select the Internet Shared Bandwidth instance that you purchased.

    We recommend that you purchase a pay-as-you-go Internet Shared Bandwidth instance. For more information, see Create an Internet Shared Bandwidth.

    Note

    This parameter is available only if Network Type is set to Internet.

    Billing Method

    By default, Pay-by-Data-Transfer is selected. The maximum bandwidth value is not a guaranteed value. It indicates the upper limit of bandwidth and is for reference only. In case of resource contention, the bandwidth allocated to each ALB instance may be lower than its maximum bandwidth value. For more information about the billing of EIPs, see Pay-as-you-go.

    Note

    This parameter is available only if Network Type is set to Public-facing and Associate with EIP Bandwidth Plan is not selected.

    Instance Name

    Enter a name for the ALB instance.

    Resource Group

    Select a resource group for the ALB instance.

    Notes on Creating Service Linked Roles

    The first time you create an ALB instance, click Create to create a service-linked role. The service-linked role allows ALB to access cloud services and resources, such as ENIs, security groups, EIPs, and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.

    Note

    This parameter is displayed only on the first time that you create an ALB instance.

  4. Click Buy Now and complete the payment.

  5. Return to the Instances page and select the region where the ALB instance is deployed to view the ALB instance.

Release an ALB instance

You can release ALB instances that are not in use to reduce costs. After you release an ALB instance, you are no longer charged for the ALB instance.

You cannot release ALB instances for which deletion protection is enabled. Before you can release the ALB instances, you must disable deletion protection on the instance details page.

When you release an Internet-facing ALB instance, the elastic IP address (EIP) or Anycast EIP associated with the ALB instance is dissociated from the ALB instance and released.

Warning
  • If a custom domain name is mapped to the domain name or IP address of an ALB instance and you want to release the ALB instance, you must map the custom domain name to another ALB instance to prevent service interruptions.

  • If you release an ALB instance that is managed by other Alibaba Cloud services such as Container Service for Kubernetes (ACK), the cloud services that run on the ALB instance become unavailable and cannot be restored. Proceed with caution.

  • After an ALB instance is released, the configurations and data of the ALB instance are deleted and cannot be restored.

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance that you want to release is deployed.

  3. On the Instances page, find the ALB instance and choose 更多操作 > Release in the Actions column.

  4. In the Release Instance message, click OK.

Related operations

Operation

Procedure

Rename an ALB instance

  1. On the Instances page, find the ALB instance that you want to manage, move the pointer over the instance name, then click the 修改实例名 icon.

  2. In the dialog box that appears, specify a new instance name and click OK.

Manage tags

Each tag is a key-value pair. The limitations of using tags for instances are as follows:

  • You can add at most 20 tags to an ALB instance.

  • The keys of tags that are added to the same ALB instance must be unique.

Add tags

You can use tags to classify ALB instances by different dimensions, such as purpose or owner.

  1. On the Instances page, find the ALB instance that you want to manage, and move the pointer over the 标签 icon in the Tag column and click Edit.

  2. In the Configure Tags dialog box, select or enter a key and a value. Then, click OK.

    You can also click the 删除 icon next to a tag to remove the tag.

Filter by tag

You can filter ALB instances by tag.

  • On the Instances page, click Filter by Tag above the instance list.

  • Select a tag key and a tag value from the drop-down list.

    You can click Clear Filter Condition above the instance list to clear the filter conditions.

Enable or disable deletion protection

You can enable deletion protection to prevent ALB instances from being accidentally released. To release an ALB instance, you must first disable deletion protection for the ALB instance.

Important

If your ALB instance is managed by Container Service for Kubernetes (ACK), deletion protection is enabled for the ALB instance by default. To release the ALB instance, you must first disable deletion protection for the ALB instance. After the ALB instance is released, the cloud services that run on the ALB instance become unavailable and cannot be restored. Proceed with caution.

  1. On the Instances page, find the ALB instance that you want to manage and click its ID.

  2. On the Instance Details tab, click Enable Deletion Protection or Disable Deletion Protection in the Instance Information section.

Enable or disable the configuration read-only mode

You can enable the configuration read-only mode to prevent ALB instances from being accidentally modified. To modify an ALB instance, you must first disable the configuration read-only mode.

Important

If you disable the configuration-read-only mode for an ALB instance that is managed by ACK, configurations changes of the ALB instance also affect the ACK cluster.

  1. On the Instances page, find the ALB instance that you want to manage and click its ID.

  2. On the Instance Details tab, click Enable Configuration Read-only Mode or Disable Configuration Read-only Mode in the Instance Information section.

What to do next

Configure a listener to listen for connection requests and forward the requests to backend servers based on a specified scheduling algorithm.

References