CreateListener - Server Load Balancer - Alibaba Cloud Documentation Center

Creates a TCP or UDP listener, or a listener that uses SSL over TCP for a Network Load Balancer (NLB) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
nlb:CreateListener	Write	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
ListenerProtocol	string	Yes	The listener protocol. Valid values: TCP, UDP, and TCPSSL.	TCP
ListenerPort	integer	Yes	The listener port. Valid values: 0 to 65535. If you set the value to 0, the listener listens by port range. If you set the value to 0, you must specify StartPort and EndPort.	80
ListenerDescription	string	No	The name of the listener. The name must be 2 to 256 characters in length, and can contain letters, digits, commas (,), periods (.), semicolons (;), forward slashes (/), at signs (@), underscores (_), and hyphens (-).	tcp_80
LoadBalancerId	string	Yes	The ID of the Network Load Balancer (NLB) instance.	nlb-83ckzc8d4xlp8o****
ServerGroupId	string	Yes	The server group ID.	sgp-ppdpc14gdm3x4o****
IdleTimeout	integer	No	The timeout period of idle connections. Unit: seconds. Valid values: 1 to 900. Default value: 900.	900
SecurityPolicyId	string	No	The security policy ID. System security policies and custom security policies are supported. Valid values: tls_cipher_policy_1_0 (default), tls_cipher_policy_1_1, tls_cipher_policy_1_2, tls_cipher_policy_1_2_strict, and tls_cipher_policy_1_2_strict_with_1_3. Note This parameter takes effect only for listeners that use SSL over TCP.	tls_cipher_policy_1_0
CertificateIds	array	No	The server certificates. This parameter takes effect only for listeners that use SSL over TCP. Note You can specify only one server certificate.
	string	No	The server certificate. This parameter takes effect only for listeners that use SSL over TCP. Note You can specify only one server certificate.	12315790212_166f8204689_1714763408_70998****
CaCertificateIds	array	No	The certificate authority (CA) certificates. This parameter takes effect only for listeners that use SSL over TCP. Note You can specify only one CA certificate.
	string	No	The CA certificate. This parameter takes effect only for listeners that use SSL over TCP. Note You can specify only one CA certificate.	139a00604ad-cn-east-hangzh****
CaEnabled	boolean	No	Specifies whether to enable mutual authentication. Valid values: true false (default)	false
DryRun	boolean	No	Specifies whether to perform only a dry run without performing the actual request. Valid values: true: performs only a dry run. The system checks the request for potential issues, including missing parameter values, incorrect request syntax, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned. false(default): performs a dry run and performs the actual request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed.	false
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.	123e4567-e89b-12d3-a456-426655440000
RegionId	string	No	The region ID of the NLB instance. You can call the DescribeRegions operation to query the most recent region list.	cn-hangzhou
ProxyProtocolEnabled	boolean	No	Specifies whether to use the Proxy protocol to pass client IP addresses to backend servers. Valid values: true false (default)	false
SecSensorEnabled	boolean	No	Specifies whether to enable fine-grained monitoring. Valid values: true false (default)	false
AlpnEnabled	boolean	No	Specifies whether to enable Application-Layer Protocol Negotiation (ALPN). Valid values: true false (default)	false
AlpnPolicy	string	No	The ALPN policy. Valid values: HTTP1Only HTTP2Only HTTP2Preferred HTTP2Optional	ALPN
StartPort	integer	No	The first port in the listener port range. Valid values: 0 to 65535. Note This parameter is required when ListenerPort is set to 0.	244
EndPort	integer	No	The last port in the listener port range. Valid values: 0 to 65535. The number of the last port must be greater than the number of the first port. Note This parameter is required when ListenerPort is set to 0.	566
Cps	integer	No	The maximum number of connections that can be created per second on the NLB instance. Valid values: 0 to 1000000. 0 specifies that the number of connections is unlimited.	100
Mss	integer	No	The maximum size of a TCP segment. Unit: bytes. Valid values: 0 to 1500. 0 specifies that the maximum segment size remains unchanged. Note This parameter is supported only by TCP listeners and listeners that use SSL over TCP.	43
Tag	object []	No	The tags.
Key	string	No	The key of the tag. You can specify up to 20 tag keys. The tag key cannot be an empty string. The tag key can be up to 64 characters in length and cannot contain `http://` or `https://`. It cannot start with `aliyun` or `acs:`.	KeyTest
Value	string	No	The tag value. The tag value can be up to 128 characters in length and cannot start with `acs:` or `aliyun`. It cannot contain `http://` or `https://`. You can add up to 20 tags in each call.	Test
ProxyProtocolV2Config	object	No	Specifies that the Proxy protocol passes the VpcId, PrivateLinkEpId, and PrivateLinkEpsId parameters to backend servers.
Ppv2VpcIdEnabled	boolean	No	Specifies whether to use the Proxy protocol to pass the VpcId parameter to backend servers. Valid values: true false (default)	false
Ppv2PrivateLinkEpIdEnabled	boolean	No	Specifies whether to use the Proxy protocol to pass the Ppv2PrivateLinkEpId parameter to backend servers. Valid values: true false (default)	false
Ppv2PrivateLinkEpsIdEnabled	boolean	No	Specifies whether to use the Proxy protocol to pass the PrivateLinkEpsId parameter to backend servers. Valid values: true false (default)	false

Response parameters

Parameter	Type	Description	Example
	object	RpcResponse
RequestId	string	The request ID.	CEF72CEB-54B6-4AE8-B225-F876FF7BA984
ListenerId	string	The listener ID.	lsn-bp1bpn0kn908w4nbw****
JobId	string	The asynchronous task ID.	72dcd26b-f12d-4c27-b3af-18f6aed5****

Examples

Sample success responses

JSONformat

{
  "RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
  "ListenerId": "lsn-bp1bpn0kn908w4nbw****",
  "JobId": "72dcd26b-f12d-4c27-b3af-18f6aed5****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	Conflict.Port	The Port [%s] is conflict.	The specified port conflicts with an existing port
400	IllegalParam.MssConflictWithUdpAndGeneve	The param of MssConflictWithUdpAndGeneve is illegal.	When the Mss value is not null, the listenerProtocol cannot be udp or GENEVE.
400	QuotaExceeded.%s	The quota of %s is exceeded, usage %s/%s.	-
400	SystemBusy	System is busy, please try again later.	-
400	Mismatch.VpcId	The VpcId is mismatched for %s and %s.	The VpcId is mismatched for %s and %s.
400	ResourceNotEnough.%s	The specified resource of %s is not enough.	-
400	Conflict.Lock	The Lock [%s] is conflict.	The specific resource is conflict.
400	IllegalParam.AnyPortListenerConflictWithNonAnyPortServerGroup	The param of AnyPortListenerConflictWithNonAnyPortServerGroup is illegal.	-
400	IllegalParam.PreserveClientIpSwitch	The param of PreserveClientIpSwitch is illegal.	The parameter PreserveClientIpSwitch is invalid. Please check the input value of the parameter PreserveClientIpSwitch.
400	IncorrectStatus.loadbalancer	The status of loadbalancer [%s] is incorrect.	The current operation cannot be performed on the load balancer as its status is unavailable. Please check if the load balancer is currently undergoing any other operations.
400	ResourceNotFound.Certificate	The specified resource %s is not found.	-
400	IllegalParam.ServerGroupId	The param of ServerGroupId is illegal.	The parameter ServerGroupId is invalid. Check the input parameters.
400	IllegalParam.NonAnyPortListenerConflictWithAnyPortServerGroup	The param of NonAnyPortListenerConflictWithAnyPortServerGroup is illegal.	The listening port configuration conflicts with the full port forwarding switch.
400	MissingParam.Certificate	The param of certificate is missing.	The parameter Certificate is missing.
400	IllegalParam.Port	The param of Port is illegal.	The port range in the request is invalid. Check the input parameters.
400	QuotaExceeded.QuotaInsufficient	The quota of %s is exceeded, usage %s/%s.	The quota is insufficient, currently used %s/%s. Please modify the quota size in the quota center.
400	Mismatch.Protocol	The Protocol is mismatched for %s and %s.	The protocols of the listener and server group do not match.
400	ResourceNotEnough.CaCertificateApiCount	The specified resource of CaCertificateApiCount is not enough.	-
400	MissingParam.ServerGroupId	The param of ServerGroupId is missing.	The parameter ServerGroupId is missing, please check the input parameters.
400	IllegalParam.ListenerDescription	The parameter ListenerDescription of listener is illegal.	The listener description does not meet the input requirements. Modify the listener description based on the details in the error.
403	Forbidden.%s	Authentication is failed for %s.	-
403	Forbidden.NoPermission	Authentication is failed for NoPermission.	Authentication is failed for NoPermission.
404	ResourceNotFound.VSwitch	The specified resource of vSwitch is not found.	The specified vSwitch resource was not found. Please check the input parameters.
404	ResourceNotFound.loadBalancer	The specified resource of loadbalancer is not found.	The specified load balancer resource was not found. Please check the input parameters.

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2024-02-22

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 404 change
	delete Error Codes: 400
	delete Error Codes: 403

2024-02-04

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404

2024-01-30

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 403
	delete Error Codes: 404

2024-01-29

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 403 change
	delete Error Codes: 400
	delete Error Codes: 404

2024-01-24

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404

2024-01-22

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	Error Codes 404 change
	delete Error Codes: 403

2023-12-20

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404

2023-12-18

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404

2023-11-27

The Error code has changed. The request parameters of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404
Input Parameters	The request parameters of the API has changed.
	Added Input Parameters: ProxyProtocolV2Config

2023-10-10

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404

2023-10-09

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	delete Error Codes: 404

2023-09-26

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	Error Codes 403 change
	delete Error Codes: 404

2023-09-12

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 404 change
	delete Error Codes: 400
	delete Error Codes: 403

2023-09-05

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change
	delete Error Codes: 403
	Added Error Codes: 404

2023-08-22

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Added Error Codes: 400
	Added Error Codes: 403

2023-06-30

The internal configuration of the API is changed, but the call is not affected

see changesets

Change item	Change content
	The internal configuration of the API is changed, but the call is not affected.

2023-06-29

The request parameters of the API has changed

see changesets

Change item	Change content
Input Parameters	The request parameters of the API has changed.
	Added Input Parameters: Tag

2023-03-30

The internal configuration of the API is changed, but the call is not affected

see changesets

Change item	Change content
	The internal configuration of the API is changed, but the call is not affected.