Application Load Balancer (ALB) provides robust load balancing services for Layer 7 applications. It supports high-performance traffic forwarding features and a wide variety of advanced forwarding rules. You can use ALB to distribute requests to backend servers. This topic describes how to create an ALB instance.
Prerequisites
A virtual private cloud (VPC) is created. For more information, see Create a VPC with an IPv4 CIDR block and Create a VPC with an IPv6 CIDR block.
For creating an upgraded ALB instance, the vSwitch you specify in the zone you specify has enough available IP addresses. An upgraded ALB instance is allocated with three IP addresses from the vSwitch you specify: One acts as a virtual IP address (VIP) to provide load balancing services, and the other two as local IP addresses to communicate with backend servers. If the vSwitch you specify does not have enough available IP addresses, an error is reported and upgraded ALB instances cannot be created. For more information about upgraded ALB instances, see ALB instance upgrade. (This is not a prerequisite for creating a non-upgraded ALB instance.)
NoteTo ensure upgraded ALB instances auto-scale resources as expected, we recommend that each vSwitch you specify for them has at least eight available IP addresses.
To ensure upgraded ALB instances properly communicate with backend servers, if any security policies such as iptables rules and third-party security policy software, are configured on your backend servers, we recommend that you configure your backend servers to allow the CIDR block of the vSwitch to which the upgraded ALB instance is connected.
The service-liked role AliyunServiceRoleForAlb is created for your ALB service. A service-linked role is required the first time you create an ALB instance. The service-linked role allows the ALB instance to access cloud services and resources, such as elastic network interfaces (ENIs), security groups, elastic IP addresses (EIPs), and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.
Create an ALB instance
- Log on to the ALB console.
On the Instances page, click Create ALB.
On the Application Load Balancer page, configure the following parameters.
Parameter
Description
Region
Select the region in which you want to create the ALB instance.
Network Type
Select a network type for the ALB instance. The system assigns a public or private IP address to the ALB instance based on the selected network type.
Intranet: The ALB instance has only private IP addresses and can be accessed only by resources in the VPC where the ALB instance is deployed.
Internet: The ALB instance has public and private IP addresses. By default, Internet-facing ALB instances use EIPs to provide services over the Internet. If you select Internet, you are charged instance fees and data transfer fees for the EIPs.
Public IP address: EIPs are used to provide services over the Internet and expose ALB instances to the Internet.
Private IP address: allows resources in VPCs to access ALB instances.
NoteIf an ALB instance is assigned an IPv4 address and an IPv6 address, the IPv4 address is used to provide services over the Internet. If you want to use a public IPv6 address, you need to change the network type. IPv6 addresses generate IPv6 gateway fees. For more information, see Billing rules and Change the network type of an ALB instance.
VPC
Select the VPC where you want to deploy the ALB instance.
Zone
Select a zone and a vSwitch.
ALB supports multi-zone deployment. If the selected region supports two or more zones, select at least two zones to ensure high availability. ALB does not charge additional fees.
Select a vSwitch in each zone that you selected. If no vSwitch is available, create one as prompted.
Optional: Select an EIP in each zone that you selected.
If no EIP is available in a zone, you can click Automatically assign EIP. The system automatically creates a pay-as-you-go (pay-by-data-transfer) EIP and associates the EIP with the ALB instance. The EIP uses BGP (Multi-ISP) lines and is protected by Anti-DDoS Origin Basic.
Alternatively, you can associate an existing EIP with the ALB instance.
ImportantYou can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances with an ALB instance.
The EIPs allocated to different zones of the same ALB instance must be of the same type.
IP Mode
Select an IP mode for the ALB instance. This parameter is avaialble only for creating non-upgraded ALB instances. For more information about non-upgraded ALB instances, see What is ALB? Upgraded ALB instances do not differentiate between IP modes. Instead, they globally auto-scale VIPs. Each upgraded ALB instance can handle up to one million QPS.
IP Version
Select an IP version. Valid values:
IPv4: If you select this option, the ALB instance can be accessed only by IPv4 clients.
Dual-stack: If you select this option, the ALB instance can be accessed by both IPv4 and IPv6 clients.
NoteFor more information about the regions that support dual-stack ALB instances, see Overview of ALB instances.
If you want to enable both IPv4 and IPv6, you must enable IPv6 for the vSwitches in the zones of the VPC.
Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to IPv4 and IPv6 backend services deployed on the following types of backend servers: Elastic Compute Service (ECS) instances, elastic network interfaces (ENIs), elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported.
If your dual-stack ALB instance uses the IP-type server group, to which you want to add an IPv6 address, you must use an upgraded ALB instance. For more information about the upgraded ALB instance, see ALB instance upgrade.
IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.
Access control lists (ACLs) support only IPv4 addresses.
Edition
Select an edition for the ALB instance.
Basic: Basic ALB instances support basic routing features such as forwarding requests based on domain names, URLs, and HTTP headers.
Standard: Standard ALB instances support basic and advanced routing features, such as custom TLS security policies, redirects, and rewrites.
WAF Enabled: As an upgrade from standard ALB instances, WAF-enabled ALB instances are integrated with Web Application Firewall (WAF) 3.0 to protect web applications. Network traffic is filtered by WAF before traffic is routed to ALB listeners.
NoteLimits on WAF-enabled ALB instances:
Before you can purchase WAF-enabled ALB instances, you must complete real-name verification.
For more information about the regions in which WAF-enabled ALB instances are supported, see Limits on WAF-enabled ALB instances.
Make sure that WAF is not activated within your Alibaba Cloud account, or WAF 3.0 is activated in your Alibaba Cloud account.
If WAF is not activated in your Alibaba Cloud account, a pay-as-you-go WAF 3.0 instance is created after you create a WAF-enabled ALB instance.
If you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0.
After you release the WAF 2.0 instance, service errors may arise because the X-Forwarded-Proto header is disabled for ALB by default. You must enable the X-Forwarded-Proto header for the listeners of the ALB instance to prevent errors. For more information, see Manage listeners.
For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.
For more information about how to migrate to WAF 3.0, see Migrate a WAF 2.0 instance to WAF 3.0.
You can upgrade only basic and standard ALB instances that are in the Running state to WAF-enabled ALB instances.
For more information about the differences among basic ALB instances, standard ALB instances, and WAF-enabled ALB instances, see Functions and features.
Associate with EIP Bandwidth Plan
If an ALB instance is deployed in two zones and is not associated with an Internet Shared Bandwidth instance, the default maximum Internet bandwidth of the ALB instance is 400 Mbit/s.
If you require a larger bandwidth, associate an Internet Shared Bandwidth instance with your ALB instance. If you select Associate with EIP Bandwidth Plan, you must select an Internet Shared Bandwidth instance. If no Internet Shared Bandwidth instance is available, click Purchase EIP Bandwidth Plan and purchase an Internet Shared Bandwidth instance. Then, return to the ALB buy page and click to select the Internet Shared Bandwidth instance that you purchased.
We recommend that you purchase a pay-as-you-go Internet Shared Bandwidth instance. For more information, see Create an Internet Shared Bandwidth.
NoteThis parameter is available only if Network Type is set to Internet.
Billing Method
By default, Pay-by-Data-Transfer is selected. The maximum bandwidth value is not a guaranteed value. It indicates the upper limit of bandwidth and is for reference only. In case of resource contention, the bandwidth allocated to each ALB instance may be lower than its maximum bandwidth value. For more information about the billing of EIPs, see Pay-as-you-go.
NoteThis parameter is available only if Network Type is set to Public-facing and Associate with EIP Bandwidth Plan is not selected.
Instance Name
Enter a name for the ALB instance.
Resource Group
Select a resource group for the ALB instance.
Notes on Creating Service Linked Roles
The first time you create an ALB instance, click Create to create a service-linked role. The service-linked role allows ALB to access cloud services and resources, such as ENIs, security groups, EIPs, and Internet Shared Bandwidth instances. For more information, see Service-linked roles for ALB.
NoteThis parameter is displayed only on the first time that you create an ALB instance.
Click Buy Now and complete the payment.
Return to the Instances page and select the region where the ALB instance is deployed to view the ALB instance.
Release an ALB instance
You can release ALB instances that are not in use to reduce costs. After you release an ALB instance, you are no longer charged for the ALB instance.
You cannot release ALB instances for which deletion protection is enabled. Before you can release the ALB instances, you must disable deletion protection on the instance details page.
When you release an Internet-facing ALB instance, the elastic IP address (EIP) or Anycast EIP associated with the ALB instance is dissociated from the ALB instance and released.
If a custom domain name is mapped to the domain name or IP address of an ALB instance and you want to release the ALB instance, you must map the custom domain name to another ALB instance to prevent service interruptions.
If you release an ALB instance that is managed by other Alibaba Cloud services such as Container Service for Kubernetes (ACK), the cloud services that run on the ALB instance become unavailable and cannot be restored. Proceed with caution.
After an ALB instance is released, the configurations and data of the ALB instance are deleted and cannot be restored.
- Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance that you want to release is deployed.
On the Instances page, find the ALB instance and choose in the Actions column.
In the Release Instance message, click OK.
Related operations
Operation | Procedure |
Rename an ALB instance |
|
Manage tags | Each tag is a key-value pair. The limitations of using tags for instances are as follows:
Add tags You can use tags to classify ALB instances by different dimensions, such as purpose or owner.
Filter by tag You can filter ALB instances by tag.
|
Enable or disable deletion protection | You can enable deletion protection to prevent ALB instances from being accidentally released. To release an ALB instance, you must first disable deletion protection for the ALB instance. Important If your ALB instance is managed by Container Service for Kubernetes (ACK), deletion protection is enabled for the ALB instance by default. To release the ALB instance, you must first disable deletion protection for the ALB instance. After the ALB instance is released, the cloud services that run on the ALB instance become unavailable and cannot be restored. Proceed with caution.
|
Enable or disable the configuration read-only mode | You can enable the configuration read-only mode to prevent ALB instances from being accidentally modified. To modify an ALB instance, you must first disable the configuration read-only mode. Important If you disable the configuration-read-only mode for an ALB instance that is managed by ACK, configurations changes of the ALB instance also affect the ACK cluster.
|
What to do next
Configure a listener to listen for connection requests and forward the requests to backend servers based on a specified scheduling algorithm.
References
Product overview
For more information about the performance metrics, use scenarios, and components of ALB, see What is ALB?
For more information about the functions and features of ALB, see Functions and features.
For more information about the regions and zones that support ALB, see Supported regions and zones.
User guides:
For more information about how to create an IPv4 ALB instance and forward requests from IPv4 clients to backend servers, see Use an ALB instance to provide IPv4 services.
For more information about how to create a dual-stack ALB instance and forward requests from IPv6 clients to backend servers, see Implement load balancing for IPv6 services.
For more information about how to release an ALB instance, see Release an ALB instance.
For more information about how to change the network type of an ALB instance, see Change the network type of an ALB instance.
For more information about how to change the zones of an ALB instance, see Change the zones where an ALB instance is deployed.
For more information about how to change the status of zones to simulate disaster recovery, see Change the status of zones.
For more information about how to change the edition of an ALB instance, see Change the edition of an ALB instance.
For more information about how to add an ALB instance to an Internet Shared Bandwidth instance or change the maximum bandwidth of an ALB instance, see Modify the maximum bandwidth.
API references:
CreateLoadBalancer: creates an ALB instance.
GetLoadBalancerAttribute: queries the details about an ALB instance.
DeleteLoadBalancer: deletes an ALB instance.