An Application Load Balancer (ALB) instance is an entity that provides load balancing services. This topic describes how to create an ALB instance.
The service-liked role AliyunServiceRoleForAlb is created for your ALB service. A service-linked role is required the first time you create an ALB instance. The service-linked role allows the ALB instance to access cloud services and resources, such as elastic network interfaces (ENIs), security groups, elastic IP addresses (EIPs), and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.
Create an ALB instance
- Log on to the ALB console.
On the Instances page, click Create ALB.
On the Application Load Balancer page, configure the following parameters.
Select the region where you want to create the ALB instance.
Select the network type of the ALB instance. The system assigns public or private IP addresses to the ALB instance based on the selected network type. Valid values:
Intranet: The ALB instance has only private IP addresses and can be accessed only by resources in the VPC where the ALB instance is deployed.
Internet: The ALB instance has public and private IP addresses. By default, Internet-facing ALB instances use EIPs to provide services over the Internet. If you select Internet, you are charged instance fees and data transfer fees for the EIPs.
Public IP address: EIPs are used to provide services over the Internet and expose ALB instances to the Internet.
Private IP address: allows resources in VPCs to access ALB instances.
If an ALB instance is assigned an IPv4 address and an IPv6 address, the IPv4 address is used to provide services over the Internet. If you need to use the IPv6 address to provide services over the Internet, you must change the network type of the ALB instance. In this case, you are charged IPv6 gateway fees. For more information, see Billing rules.
Select the VPC where you want to deploy the ALB instance.
Select zones and vSwitches.
ALB supports multi-zone deployment. If the selected region supports two or more zones, select at least two zones to ensure high availability. ALB does not charge additional fees.
Select a vSwitch in each zone that you selected. If no vSwitch is available, create a vSwitch as prompted.
Optional: Select an EIP in each zone that you selected.
If no EIP is available in a zone, you can click Automatically assign EIP. The system automatically creates a pay-as-you-go (pay-by-data-transfer) EIP and associates the EIP with the ALB instance. The EIP uses BGP (Multi-ISP) lines and is protected by Anti-DDoS Origin Basic.
You can also associate an existing EIP with the ALB instance.Important
You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances with an ALB instance.
The EIPs allocated to different zones of the same ALB instance must be of the same type.
Select an IP mode for the ALB instance. Valid values:
Static IP: Only one virtual IP address (VIP) is available in each zone. The VIP cannot be changed. An ALB instance in this mode supports up to 100,000 queries per second (QPS).
Dynamic IP: One or more VIPs are available in each zone. The number of VIPs that the ALB instance uses increases with the loads. This mode supports up to one million QPS.
Select an IP version. Valid values:
IPv4: If you select this option, the ALB instance can be accessed only by IPv4 clients.
Dual-stack: If you select this option, the ALB instance can be accessed by both IPv4 and IPv6 clients.
For more information about the regions that support dual-stack ALB instances, see Overview of ALB instances.
If you want to enable the dual-stack feature, you must enable IPv6 for the vSwitches in the zones of the VPC.
Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to IPv4 and IPv6 backend services.
Dual-stack ALB instances can forward requests from IPv6 clients to IPv4 backend services deployed on the following types of backend servers: ECS instances, ENIs, elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported.
Dual-stack ALB instances can forward requests from IPv6 clients to IPv6 backend services deployed on the following types of backend servers: ECS instances. ENIs, and elastic container instances. Backend servers of the IP address or Function Compute type are not supported.
IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.
Access control lists (ACLs) support only IPv4 addresses.
Select the edition of the ALB instance.
Basic: Basic ALB instances support basic routing features, such as request forwarding based on domain names, URLs, and HTTP headers.
Standard: Standard ALB instances support basic and advanced routing features, such as custom TLS security policies, redirects, and rewrites.
WAF Enabled: As an upgrade from standard ALB instances, WAF-enabled ALB instances are integrated with Web Application Firewall (WAF) 3.0 to protect web applications. Network traffic is filtered by WAF before the traffic is routed to ALB listeners.
Limits on WAF-enabled ALB instances:
Before you purchase WAF-enabled ALB instances, you must complete real-name verification.
For more information about the regions in which WAF-enabled ALB instances are supported, see Limits on WAF-enabled ALB instances.
Make sure that WAF is not activated within your Alibaba Cloud account, or WAF 3.0 is activated in your Alibaba Cloud account.
If WAF is not activated in your Alibaba Cloud account, a pay-as-you-go WAF 3.0 instance is created after you create a WAF-enabled ALB instance.
If you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0.
You can upgrade only basic and standard ALB instances that are in the Running state to WAF-enabled ALB instances.
For more information about the differences among basic ALB instances, standard ALB instances, and WAF-enabled ALB instances, see Functions and features.
Associate with EIP Bandwidth Plan
If an ALB instance is deployed in two zones and is not associated with an Internet Shared Bandwidth instance, the default maximum Internet bandwidth of the ALB instance is 400 Mbit/s.
If you require a larger bandwidth, associate an Internet Shared Bandwidth instance with your ALB instance. If you select Associate with EIP Bandwidth Plan, you must select an Internet Shared Bandwidth instance. If no Internet Shared Bandwidth instance is available, click Purchase EIP Bandwidth Plan and purchase an Internet Shared Bandwidth instance. Then, return to the ALB buy page and click to select the Internet Shared Bandwidth instance that you purchased.
We recommend that you purchase a pay-as-you-go Internet Shared Bandwidth instance. For more information about how to purchase an Internet Shared Bandwidth instance, see Create an Internet Shared Bandwidth instance.Note
This parameter is available only if Network Type is set to Internet.
By default, Pay-by-Data-Transfer is selected. The maximum bandwidth is used for reference only. It indicates the upper limit of the bandwidth. In case of resource contention, the bandwidth allocated to each ALB instance may be lower than its maximum bandwidth value. For more information about the billing of EIPs, see EIP billing.Note
This parameter is available only if Network Type is set to Internet and Associate with EIP Bandwidth Plan is not selected.
Enter a name for the ALB instance.
Select the resource group to which the ALB instance belongs.
Notes on Creating Service Linked Roles
The first time you create an ALB instance, click Create to create a service-linked role. The service-linked role allows ALB to access cloud services and resources, such as ENIs, security groups, EIPs, and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.Note
This parameter is displayed only on the first time that you create an ALB instance.
Click Buy Now and complete the payment.
Return to the Instances page and select the region where the ALB instance is deployed to view the ALB instance.
What to do next
Configure a listener to listen for connection requests and forward the requests to backend servers based on a specified scheduling algorithm.