Alibaba Cloud Network Load Balancer (NLB) supports TCP, UDP, and SSL over TCP, and provides high-performance Layer 4 load balancing capabilities. This topic describes how to create an NLB instance to forward client requests to backend servers.
Before you use NLB, you must select a region in which you want to deploy an NLB instance, create a virtual private cloud (VPC), and create Elastic Compute Service (ECS) instances.
To use NLB, you must first create an NLB instance. An NLB instance is an entity that provides load balancing services by distributing client requests to backend servers.
You must create a server group and add backend servers to the server group to receive client requests that are forwarded by NLB.
You must add a listener to the NLB instance. A listener checks for connection requests and forwards requests to backend servers based on a scheduling algorithm.
NLB allows you to map frequently visited domain names to the public domain name of the NLB instance by using CNAME records. This facilitates access to network resources.
After a listener is configured, you must check whether backend servers can receive and process the requests that are forwarded by the NLB listener.
You must select a region to deploy the NLB instance, and create a VPC and one or more ECS instances.
A region is selected for the NLB instance. Make sure that the NLB instance and the ECS instances that you want to add to the NLB instance belong to the same region. The NLB instance and the ECS instances must be deployed in the same VPC. We recommend that you deploy ECS instances across zones to improve service availability.
A VPC is created. For more information, see Create a VPC.
Before you create an NLB instance, make sure that the vSwitches in the zones where you want to create the NLB instance provide sufficient IP addresses. To create an NLB instance, make sure that at least five IP addresses are available in each vSwitch, including four IP addresses for health checks and one virtual IP address. If the number of IP addresses is insufficient, an error occurs and you cannot purchase an NLB instance.
Three ECS instances are deployed in the VPC. ECS01 is used to access the NLB instance. ECS02 and ECS03 are used as the backend servers of the NLB instance. NGINX services are deployed on ECS02 and ECS03.
Step 1: Create an NLB instance
- Log on to the NLB console.
- In the top navigation bar, select the region where the NLB instance is deployed.
On the Instances page, click Create NLB.
On the NLB (Pay-As-You-Go) page, configure the following parameters.
Select the region where you want to create the NLB instance.
Select a network type for the NLB instance. The system assigns public or private IP addresses to the NLB instance based on the selected network type.
Intranet: If you create an internal-facing NLB instance, private IP addresses are assigned to the NLB instance. The NLB instance is accessible only over the internal network.
Internet: If you create an Internet-facing NLB instance, public IP addresses are assigned to the NLB instance. The NLB instance is accessible over the Internet. Internet-facing NLB instances use elastic IP addresses (EIPs) to provide services over the Internet. If you create an Internet-facing NLB instance, you are charged instance fees, bandwidth fees, and data transfer fees for the EIPs. For more information, see NLB billable items.
Internet is selected in this example.
Select the VPC where you want to deploy the NLB instance.
NLB supports multi-zone deployment. If the selected region supports two or more zones, you must select at least two zones to ensure high availability. No additional fee is charged by NLB.
You must select a vSwitch for each zone of the NLB instance. If no vSwitch is available, create one as prompted.
Optional: If you set Network Type to Internet, you must select an EIP for each zone of the NLB instance.
If no EIP is available, use the default setting Automatically assign EIP to allow the system to automatically create a pay-as-you-go (pay-by-data-transfer) EIP and associate the EIP with the NLB instance. The EIP uses BGP (Multi-ISP) lines and is protected by Anti-DDoS Origin Basic.
Alternatively, you can associate an existing EIP with the NLB instance.Important
You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances with an NLB instance.
The EIPs allocated to different zones of the same NLB instance must be of the same type.
Select an IP version.
IPv4: If you select this option, the NLB instance can be accessed only by IPv4 clients.
Dual-stack Networking: If you select this option, the NLB instance can be accessed by IPv4 and IPv6 clients.
In this example, IPv4 is selected.
Associate with EIP Bandwidth Plan
Specify whether to associate the NLB instance with an Internet Shared Bandwidth instance. If you select Associate with EIP Bandwidth Plan, you must select an Internet Shared Bandwidth instance. If no Internet Shared Bandwidth instance is available, click Purchase EIP Bandwidth Plan to purchase one. Then, return to the NLB buy page and click to select the purchased Internet Shared Bandwidth instance.
We recommend that you purchase a pay-as-you-go Internet Shared Bandwidth instance. For more information, see Create an Internet Shared Bandwidth instance.Note
This parameter is available only if Network Type is set to Internet.
Internet Billing Method
Pay-By-Data-Transfer (default): The maximum bandwidth is not guaranteed and the value is for reference only. When resource contention occurs, the actual bandwidth may be lower than the maximum bandwidth.Note
This parameter is available only if Network Type is set to Internet and Associate with EIP Bandwidth Plan is not selected.
Enter a name for the NLB instance.
Select the resource group to which the NLB instance belongs.
The first time you create an NLB instance, click Create Service-linked Role.
Click Buy Now and complete the payment as prompted.
Return to the Instances page and select the region where the NLB instance is deployed to view the NLB instance.
Step 2: Create a server group
- In the left-side navigation pane, choose .
- On the Server Groups page, click Create Server Group.
In the Create Server Group dialog box, configure the parameters and click Create.
Server Group Type
Select a server group type. Valid values:
Server Type: Backend servers are added by specifying ECS instances, elastic network interfaces (ENIs), and elastic container instances.
IP: Backend servers are added by specifying IP addresses.
In this example, Server Type is selected.
Server Group Name
Enter a name for the server group.
Select a VPC from the VPC drop-down list. Only servers in the VPC can be added to the server group.
Backend Server Protocol
Select a backend protocol. In this example, TCP is selected.
Select a scheduling algorithm. In this example, Weighted Round-Robin is selected.
Select the resource group to which the server group belongs.
Configure the Tag Key and Tag Value parameters.
Specify whether to enable IPv6.
If you enable IPv6, you can add IPv4 and IPv6 backend servers to the server group.
If you do not enable IPv6, you can add only IPv4 backend servers to the server group.
If IPv6 is disabled for the VPC that you select for the server group, IPv6 is disabled for the server group by default.
In this example, IPv6 is disabled, which is the default setting.
Enable Connection Draining
Specify whether to enable connection draining. If connection draining is enabled, connections to backend servers remain open during the specified timeout period even if the backend servers are removed or the backend servers fail health checks.
In this example, connection draining is disabled, which is the default setting.
Client IP Preservation
Specify whether to preserve client IP addresses. If client IP preservation is enabled, backend servers can retrieve client IP addresses. In this example, the default setting is used.Note
You cannot enable client IP preservation for a server group of the IP type. If you want the server group to retrieve client IP addresses, enable Proxy Protocol for the associated listener.
Enable All-port Forwarding
Specify whether to enable all-port forwarding. After you enable all-port forwarding, you do not need to specify a port when you add a backend server. The NLB instance forwards requests to a backend server based on the frontend port.
In this example, all-port forwarding is disabled, which is the default setting.Note
If you enable Listen by Port Range for your listener, you must enable this feature for the backend server group.
Configure Health Check
Specify whether to enable health checks.
In this example, health checks are enabled, which is the default setting.
Health Check Settings
In this example, the default settings are used.
In the Server group created dialog box, click Add Backend Server.
On the Backend Servers tab, click Add Backend Server.
In the Add Backend Server panel, select ECS02 and ECS03 and click Next.
Specify the ports and weights of the backend servers and click OK.
Return to the Server Groups page to view the server group that you configured.
Step 3: Configure a listener
- In the left-side navigation pane, choose Instances.
On the Instances page, click the ID of the NLB instance that you created in Step 1.
Click the Listener tab. On the Listener tab, click Quick Create Listener.
In the Quick Create Listener dialog box, configure the following parameters and click OK.
Select a listener protocol. In this example, TCP is selected.
Specify the frontend port that is used to receive and forward requests to the backend servers.
You can select a commonly used port, or enter a port number. Valid values: 1 to 65535.
In this example, 80 is specified.
Select Server Type and select a server group from the drop-down list next to Server Type.
In this example, the server group created in Step 2 is selected.
(Optional) Step 4: Create a CNAME record
- In the left-side navigation pane, choose Instances.
On the Instances page, copy the domain name of the NLB instance that you want to manage.
Perform the following steps to create a CNAME record:
Log on to the Alibaba Cloud DNS console.
On the Domain Name Resolution page, click Add Domain Name.
In the Add Domain Name dialog box, enter the domain name of your host and click OK.Important
Before you create the CNAME record, you must use a TXT record to verify the ownership of the domain name.
Find the domain name that you want to manage and click DNS Settings in the Actions column.
On the DNS Settings page, click Add DNS Record.
In the Add DNS Record panel, configure the following parameters and click OK.
Select CNAME from the drop-down list.
Enter the prefix of your domain name. In this example, @ is entered.
DNS Request Source
Enter the CNAME. The CNAME is the domain name of the NLB instance.
Select the time-to-live (TTL) value of the CNAME record cached on the DNS server. The default value is used in this example.Note
New CNAME records immediately take effect. The time that is required for a modified CNAME record to take effect is determined by the TTL value. The default TTL value is 10 minutes.
If the CNAME record that you want to create conflicts with an existing record, specify another domain name.
Step 5: Test the connectivity
You can use one of the following methods to check whether NLB can forward requests to backend servers.
After you configure the CNAME record for NLB, enter the domain name specified in Step 4 in a browser to check whether NLB can forward requests to backend servers. For more information about how to verify a CNAME record, see Verify a DNS record.
If the following result is returned after you enter the domain name in your browser, NLB can forward requests to backend servers.
Log on to ECS01, which is deployed in the VPC to which the NLB instance belongs. For more information, see Connection method overview.
telnet domain name listener portcommand to check whether ECS01 can access ECS02 by using NLB.
telnet nlb-4vg3hnps6q********.cn-hangzhou.nlb.aliyuncs.com 80
If the following packet is returned, NLB can forward requests to backend servers.