Application Load Balancer (ALB) instances receive requests from clients and distribute requests across backend servers based on the forwarding rules that you configure on listeners. To use the ALB service, you must create an ALB instance and add listeners and backend servers to the ALB instance.
By default, ALB supports cross-zone load balancing. When an ALB instance receives requests from clients, the ALB instance distributes the requests across backend servers that are deployed in different zones of the region to which the ALB instance belongs. You cannot disable cross-zone load balancing for ALB.
ALB provides services through domain names. You can map custom domain names to the domain name of ALB. This allows users to access your services in a more convenient manner.
We recommend that you use CNAME records to map custom domain names to the domain name of your ALB instance. This allows users to access your services in a more convenient manner.
If you want to resolve a custom domain name to a specific IP address, we recommend that you use an ALB instance with a specific IP address and use A records to resolve the custom domain name to the IP address of the ALB instance.
The following table describes the different states of an ALB instance and whether the specified operations are supported.
The reason the ALB instance is locked
Whether the ALB instance can be deleted
Whether the configuration can be changed
The ALB instance runs as expected.
Based on whether deletion protection is enabled.
Based on whether the configuration read-only mode is enabled.
The ALB instance is being created.
The configuration of the ALB instance is being updated.
The ALB instance fails to be created.
The ALB instance stops running.
Locked (Overdue Payment): The ALB instance is locked due to overdue payments. Renew your ALB instance at your earliest opportunity. The ALB instance resumes providing services after it is unlocked.
Locked (Associated Resources in Abnormal State): The elastic IP addresses (EIPs) or Internet Shared Bandwidth instances that are associated with the ALB instance are locked due to overdue payments. Renew your EIPs or Internet Shared Bandwidth instances at the earliest opportunity. The ALB instance resumes providing services after the associated resources are unlocked.
Locked (Associated Resources Overdue and Released): The EIPs or Internet Shared Bandwidth instances that are associated with the ALB instance are released due to overdue payments and the ALB instance is unavailable. We recommend that you release the ALB instance.
Alibaba Cloud provides Internet-facing and internal-facing ALB instances.
You can change the network type of an ALB instance as needed. For more information, see Change the network type of an ALB instance.
Internet-facing ALB instances
After you create an Internet-facing ALB instance, the system automatically allocates a public and a private IP address to each zone of the ALB instance.
Internet-facing ALB instances use EIPs to provide services and forward requests from the Internet to backend servers based on the rules that you configure for listeners.
The private IP address of an Internet-facing ALB instance can be accessed by Elastic Compute Service (ECS) instances that are deployed in the virtual private cloud (VPC) to which the ALB instance belongs.
Internal-facing ALB instances
After you create an internal-facing ALB instance, the system automatically allocates a private IP address to each zone of the ALB instance.
Internal-facing ALB instances forward requests from the VPCs to which they belong to backend servers based on the rules that you configure for listeners.
An internal-facing ALB instance cannot be accessed over the Internet.
IPv4 and dual-stack
ALB supports IPv4 and dual-stack networking.
Clients can use only IPv4 addresses (such as 192.0.2.1) to access IPv4 ALB instances.
IPv4 ALB instances can forward requests from IPv4 clients to backend IPv4 services.
Clients can use IPv4 addresses (such as 192.168.0.1) and IPv6 addresses (such as 2001:db8:1:1:1:1:1:1) to access dual-stack ALB instances.
Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to backend IPv4 and IPv6 services.
You can determine the network type of a dual-stack ALB instance based on the network type of its IPv4 address. If the IPv4 address is a private IP address, it indicates that the ALB instance is internal-facing. If the IPv4 IP address is a public IP address, it indicates that the instance is Internet-facing.
Usage notes on dual-stack ALB instances
You cannot enable access control for listeners of dual-stack ALB instances.
You cannot upgrade existing IPv4 ALB instances to dual-stack ALB instances. You can only create dual-stack ALB instances.
Regions that support dual-stack ALB instances
Alibaba Cloud region
China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), and China (Guangzhou)
Europe and Americas
Germany (Frankfurt) and US (Virginia)
Integration with WAF
ALB provides the WAF Enabled edition to allow for the integration of WAF and ALB. When ALB is protected by WAF, take note of the following items:
Your Alibaba Cloud account does not have a WAF 2.0 instance or has not activated WAF: You can connect WAF 3.0 to Internet-facing and internal-facing ALB instances in service integration mode. For more information, see Activate and manage WAF-enabled ALB instances.
Regions that support WAF-enabled ALB instances (Regions where WAF 3.0 can be connected to ALB)
China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), and China (Hong Kong)
Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Australia (Sydney), Singapore, and India (Mumbai)
Europe & Americas
Germany (Frankfurt), US (Silicon Valley), and US (Virginia)
Your Alibaba Cloud account already has a WAF 2.0 instance: You can add Internet-facing ALB of the Basic edition and Internet-facing ALB instances of the Standard edition to WAF 2.0 in transparent proxy mode. You cannot enable WAF 2.0 protection for internal-facing ALB instances.
Only ALB instances in the China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou) regions can be added to WAF 2.0 in transparent proxy mode.Note
If you want to add ALB instances to WAF 3.0, you must first release your WAF 2.0 instance or migrate it to WAF 3.0. Automatic migration is not supported. If you want to migrate to WAF 3.0, consult our experts in the DingTalk Group (Group ID: 34657699). For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.