All Products
Search

This Product

    Server Load Balancer:Quick start: IPv4 load balancing with NLB

    Document Center

    Server Load Balancer:Quick start: IPv4 load balancing with NLB

    Last Updated:Mar 30, 2026

    Alibaba Cloud Network Load Balancer (NLB) provides high-performance Layer 4 load balancing over TCP, UDP, and SSL over TCP. This topic shows you how to create an NLB instance to distribute traffic from clients to backend servers for IPv4 services.

    Prerequisites

    • You have created a Virtual Private Cloud (VPC) named VPC1 in the China (Shanghai) region. You have also created two vSwitches, VSW1 and VSW2, in Zone E and Zone G, respectively. For more information, see Create a VPC and a vSwitch.

      To ensure the scalability of the NLB instance, reserve at least eight IP addresses in each vSwitch used by the NLB instance.

    • You have created two Elastic Compute Service (ECS) instances, ECS01 and ECS02, and deployed an application on each. ECS01 is in VSW1 and ECS02 is in VSW2.

      • For more information about how to create an ECS instance, see Create an instance by using the wizard.

      • Use the following commands to deploy a test application on ECS01 and ECS02:

        Commands to deploy the application on ECS01

        yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! this is ECS01." > index.html

        Commands to deploy the application on ECS02

        yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! this is ECS02." > index.html

    • You have registered a domain name and completed the ICP filing. For more information, see Register a domain name with Alibaba Cloud and ICP filing.

    The following tables describe the configurations of the VPC and ECS instances used in this topic. The configurations are for reference only.

    Click to view the VPC configurations for this topic

    Parameter

    Description

    Name

    VPC1

    Region

    China (Shanghai)

    IPv4 CIDR

    192.168.0.0/16

    vSwitch

    Name: VSW1

    Zone: Zone E

    IPv4 CIDR: 192.168.5.0/24

    Name: VSW2

    Zone: Zone G

    IPv4 CIDR: 192.168.6.0/24

    The following table shows the configurations of the ECS instances used in this topic. The configurations are for reference only.

    Click to view the ECS configurations for this topic

    Name

    Region

    VPC

    Zone and vSwitch

    ECS configuration

    ECS01

    China (Shanghai)

    VPC1

    Zone E | VSW1

    Image: Alibaba Cloud Linux 3.2104 LTS 64-bit

    ECS02

    Zone G | VSW2

    Step 1: Create an NLB instance

    1. Log on to the Network Load Balancer (NLB) console.

    2. In the top navigation bar, select the region in which the NLB instance is deployed.

    3. On the Instances page, click Create NLB.

    4. On the Network Load Balancer (Pay-As-You-Go) page, set the following parameters. Then, click Buy Now and follow the on-screen instructions to create the instance.

      This section describes only the required parameters. Use the default values for other parameters. For more information, see Create and manage an NLB instance.

      Parameter

      Description

      Region

      Select the region where you want to create the NLB instance.

      Network Type

      Select a network type for the instance. The system assigns a private or public IP address based on your selection. This topic uses Internet-facing as an example.

      VPC

      Select the VPC to which the instance belongs.

      Zone

      Select at least two zones. This topic uses China (Shanghai) Zone E with its vSwitch and China (Shanghai) Zone G with its vSwitch as examples.

      IP Version

      Select the IP version for the instance. This topic uses IPv4 as an example.

      Instance Name

      Enter a custom name for the instance.

      Resource Group

      Select the resource group to which the instance belongs.

      Service-linked role

      When you create an NLB instance for the first time, click Create Service-linked Role to create a service-linked role named AliyunServiceRoleForNlb. The system attaches the AliyunServiceRolePolicyForNlb policy to the role, which allows NLB to access other cloud resources. For more information, see System policies for NLB.

    Step 2: Create a server group

    1. In the left-side navigation pane, choose NLB > Server Groups.

    2. On the Server Groups page, click Create Server Group.

    3. In the Create Server Group dialog box, set the following parameters and click Create.

      The following table describes only the key parameters. Use the default values for other parameters. For more information, see Create a server group.

      Parameter

      Description

      Server Group Type

      The type of backend server to add to the server group. This topic uses Server Type as an example.

      Server Group Name

      Enter a name for the server group.

      VPC

      Select a VPC. Only servers in the selected VPC can be added to this server group.

      Backend Server Protocol

      Select a backend protocol. This topic uses TCP as an example.

      Scheduling Algorithm

      Select a scheduling algorithm. This topic uses Weighted Round-robin as an example.

      Health Check

      Health check is Enable. Keep the default settings.

    4. After the server group is created, click its ID, and then click the Backend Servers tab.

    5. Click Add Backend Server . In the Add Backend Server panel, select ECS01 and ECS02, and then click Next.

    6. In the Configure Ports and Weights step, set the port to 80, keep the default weight of 100, and then click OK.

    Step 3: Configure a listener

    1. In the left-side navigation pane, choose NLB > Instances.

    2. On the Instances page, find the NLB instance and click Create Listener in the Actions column.

    3. In the NLB Configuration Wizard wizard, set the following parameters and click Next.

      This section describes only the required parameters. Use the default values for other parameters. For more information about how to configure a listener, see Add a TCP listener.

      Parameter

      Description

      Select Listener Protocol

      Select a protocol for the listener. This topic uses TCP as an example.

      Listener Port

      The port that receives requests and forwards them to backend servers. This topic uses port 80.

      Listener Name

      Enter a custom name for the listener.

      Advanced Settings

      Keep the default settings. You can click Modify to change them.

    4. In the Server Group wizard, select the Server Type and the target server group under Server Type, view the added backend server information, and then click Next.

    5. In the Confirm step, review the configurations and click Submit.

    6. Click OK to return to the Listener tab. Wait until the Health Check Status of the listener changes to Healthy. This indicates that the ECS01 and ECS02 instances can process requests forwarded by the NLB instance.

    Step 4: Set up DNS resolution

    In a production environment, we recommend that you add a CNAME record to map your custom domain name to the domain name of the NLB instance.

    1. In the left-side navigation pane, choose NLB > Instances.

    2. On the Instances page, copy the DNS name of the created NLB instance.

    3. Add a CNAME record.

      Note

      If your domain name is not registered with Alibaba Cloud, you must add it to the Alibaba Cloud DNS console before configuring DNS settings. For more information, see Manage domain names. If your domain name is registered with Alibaba Cloud, proceed with the following steps.

      1. Log on to the Alibaba Cloud DNS console.

      2. On the Authoritative DNS Resolution page, find the domain name that you want to manage and click Settings in the Operations column.

      3. On the Settings page, click Add Record.

      4. In the Add Record panel, set the following parameters and click OK.

        Parameter

        Description

        Record Type

        Select CNAME from the drop-down list.

        Hostname

        The prefix for your domain name. This topic uses @ as an example.

        Note

        If you are creating a record for a root domain, set Hostname to @.

        DNS Query Source

        Use the default value.

        Record Value

        Enter the CNAME address for the domain name. This is the DNS name of the NLB instance.

        TTL

        TTL stands for Time to Live. It specifies the amount of time that a DNS record is cached on a DNS server. This topic uses the default value.

    Step 5: Verify the results

    1. Test the availability of the NLB instance.

      1. For example, on a Linux client that can access the public network, if Telnet is not installed, you can run a command such as yum install -y telnet on a CentOS system to install it.

      2. Run the telnet domain name port command. A Connected to nlb-... response indicates that the NLB can forward requests to the backend server.

        Trying *.*.*.*...
Connected to www.example.com.
Escape character is '^]'.

        Enter the domain name in a browser, for example, http://domain_name. A page similar to the one shown in the following figure appears, which indicates that the NLB can forward requests to the backend servers.

        image

    2. (Optional) Simulate a failure.

      1. Stop the service on ECS01. On ECS01, run the systemctl stop nginx.service command to stop the application.

      2. The client runs the telnet <domain name> <port> command again, and still receives the response Connected to nlb-...

        Trying *.*.*.*...
Connected to www.example.com.
Escape character is '^]'.

        Enter the domain name in a browser, for example, http://<domain_name>. A page similar to the following figure is displayed, which indicates that the NLB can forward requests to the backend server.

        image

      3. Enable the ECS01 service and stop the ECS02 service. On ECS01, run systemctl start nginx.service to start the application, and on ECS02, run systemctl stop nginx.service to stop the application.

      4. The client runs the telnet domain_name port command again and still receives the response Connected to nlb-...

        Trying *.*.*.*...
Connected to www.example.com.
Escape character is '^]'.

        Enter a domain name in your browser, such as http://domain_name, to see a page similar to the one shown in the following figure, which indicates that the NLB can forward requests to the backend server.

        image

      5. This test confirms that the failure of a single backend server does not affect the availability of the NLB service.

    Clean up resources

    1. Clean up the ECS instances and security groups:

      1. Delete the ECS01 instance and its security group:

        1. Log on to the Elastic Compute Service (ECS) console. In the top navigation bar, select the instance's region. Find the ECS01 instance, click the image.png icon in the Actions column, select Release, and confirm the release.

        2. Log on to the of the ECS consoleSecurity Groups page of the ECS console. In the top navigation bar, select the region where the instance resides. Select the custom security group for ECS01 and click Delete.

      2. Repeat the preceding steps to delete the ECS02 instance and its security group.

    2. Delete the DNS record.

      For more information, see Delete a record.

    3. Clean up the NLB resources:

      1. Log on to the Network Load Balancer (NLB) console. In the top navigation bar, select the instance's region. Find the NLB instance, click the image.png icon in the Actions column, select Release, and confirm the release.

      2. Log on to the Network Load Balancer (NLB) console. In the left-side navigation pane, click Server Group. Find the server group, click the image.png icon in the Actions column, select Delete, and confirm the deletion.

    4. Clean up the VPC resources:

      1. Log on to the Virtual Private Cloud (VPC) console. In the top navigation bar, select the region.

      2. Find the VPC instance and click Delete in the Actions column. In the dialog box that appears, select the option to forcefully delete the VPC and its associated resources, including vSwitches.

    Related documents