A Classic Load Balancer (CLB) instance receives client traffic and distributes requests to backend servers. Before you create a CLB instance, understand its network types, IP versions, zone deployment mode, and performance specifications.
CLB supports both Layer 4 (TCP/UDP) and Layer 7 (HTTP/HTTPS) load balancing. For dedicated Layer 7 load balancing with content-based routing, see What is ALB? For high-performance Layer 4 load balancing with dual-stack support, see What is NLB?
Network types
CLB supports Internet-facing and internal instances. The network type is permanent and cannot be changed after the instance is created.
To change the network type, you must create a new CLB instance. Select the network type carefully during creation.
Attribute | Internet-facing | Internal |
Instance type setting | Set to Internet during creation. | Set to Intranet during creation. |
IP address | A static public IP address assigned by the system. The public IP is bound to the instance and cannot be independently associated or disassociated. | A private IP address from the vSwitch CIDR block of the specified VPC. |
Internet access | Accessible from the Internet through the assigned public IP. | Not directly accessible from the Internet. Associate an Elastic IP Address (EIP) to enable public access. EIPs support flexible association and disassociation and can be added to an Internet Shared Bandwidth instance to reduce costs. |
Private network access | Not accessible through a private IP address. | Accessible by any client that can communicate with the VPC. |
Diagram |  |  |
IP versions
CLB supports IPv4 and IPv6 as separate instance types. Dual-stack (simultaneous IPv4 and IPv6 endpoints on the same instance) is not supported. For dual-stack support, use NLB or ALB.
IP version | Address allocation | Client access |
IPv4 | Internet-facing: public IPv4 address. Internal: private IPv4 address. | IPv4 addresses (for example, |
IPv6 | Internet-facing: public IPv6 address. Internal instances do not support IPv6. | IPv6 addresses (for example, |
IPv6 listener requirements
IPv6 packets have a larger header than IPv4 packets. Configure your listeners accordingly:
Listener type | Requirement |
UDP | Set the MTU of each backend server's network interface to 1,200 bytes or higher. Oversized packets are dropped. Some applications may need configuration updates to match this MTU value. |
TCP | No additional configuration required. TCP negotiates the Maximum Segment Size (MSS) automatically. |
Migrate to IPv6
You can migrate services to IPv6 incrementally without modifying the existing system:
Add servers with IPv4 addresses as backend servers to an IPv6 CLB instance.
When traffic increases, add an IPv6 ingress and scale out backend servers. Existing IPv4 services remain unaffected.
Zone deployment
CLB supports multi-zone and single-zone deployment depending on the region. Multi-zone deployment provides automatic failover for high availability.
Multi-zone deployment
In regions that support multiple zones, CLB instances are deployed in a primary zone and a secondary zone by default. This configuration is set during creation and cannot be changed.
Primary zone: Selected during creation. To use a different primary zone, create a new instance.
Secondary zone: Automatically selected by the system.
Failover: If the primary zone fails, traffic automatically switches to the secondary zone.
Latency optimization: Select a primary zone in the same zone as your backend servers to reduce network latency.
Single-zone deployment
In regions that support only one zone, CLB instances are deployed in that zone. If the zone fails, the service becomes unavailable. Use single-zone deployment only for testing or non-critical workloads.
Performance specifications
Performance metrics
CLB instance performance is measured by three metrics:
Metric | Description | Applies to |
Maximum concurrent connections | Maximum number of concurrent connections. New requests are dropped when this limit is reached. | Layer 4 and Layer 7 |
Connections per second (CPS) | Rate at which new connections are established per second. New requests are dropped when this limit is reached. | Layer 4 and Layer 7 |
Queries per second (QPS) | Number of HTTP/HTTPS requests processed per second. New requests are dropped when this limit is reached. | Layer 7 only |
Pay-as-you-go instances
All new CLB instances use pay-as-you-go billing. Pay-as-you-go instances have the following performance limits:
Maximum concurrent connections | CPS | QPS |
1,000,000 | 100,000 | 50,000 |
Pay-by-specification instances (discontinued)
Alibaba Cloud has discontinued the sale of pay-by-specification CLB instances. Existing instances continue to operate normally. For details, see End-of-sale for pay-by-specification CLB instances.
Pay-by-specification instances are categorized as guaranteed-performance or shared-resource. When selecting a specification, focus on Maximum concurrent connections for Layer 4 listeners and QPS for Layer 7 listeners.
Guaranteed-performance specifications
Guaranteed-performance instances provide exclusive resources with the following performance tiers:
Specification | Maximum concurrent connections | CPS | QPS |
Small I (slb.s1.small) | 5,000 | 3,000 | 1,000 |
Standard I (slb.s2.small) | 50,000 | 5,000 | 5,000 |
Medium II (slb.s2.medium) | 100,000 | 10,000 | 10,000 |
Large I (slb.s3.small) | 200,000 | 20,000 | 20,000 |
Large II (slb.s3.medium) | 500,000 | 50,000 | 30,000 |
Super Large I (slb.s3.large) | 1,000,000 | 100,000 | 50,000 |
Guaranteed-performance vs. shared-resource
The following table compares the features available in each instance type. Guaranteed-performance instances support all features listed below. Shared-resource instances support none of them.
Feature | Guaranteed-performance | |
Exclusive resources | ||
SLA | ||
IPv6 | ||
SNI (multiple certificates) | ||
Access control lists | ||
ENI attachment | ||
Secondary private IP addresses of ENIs | ||
HTTP-to-HTTPS redirection | ||
Consistent hashing | ||
TLS security policies | ||
HTTP/2 | ||
WebSocket and WebSocket Secure |
Guaranteed-performance instances include a service level agreement (SLA). For details, see Alibaba Cloud International Website Server Load Balancer (SLB) Service Level Agreement.
Instance status
Status | Description | Can be deleted | Can be modified |
Running | The instance is operating normally. | Yes, if deletion protection is disabled. | Yes, if configuration read-only mode is disabled. |
Locked | The instance is locked due to an overdue payment or a security risk. To remove a financial lock, renew the instance. To remove a security lock, submit a request on the Security Control page. | No | No |
Stopped | The instance is stopped. | Yes | No |