All Products
Document Center

Server Load Balancer:What is NLB?

Last Updated:Apr 18, 2024

Alibaba Cloud Network Load Balancer (NLB) is a Layer 4 load balancing service intended for the Internet of Everything (IoE) era. NLB offers ultra-high performance and can automatically scale on demand. An NLB instance supports up to 100 million concurrent connections, which is ideal for services that require high concurrency.



  • High performance
    An NLB instance supports up to 100 million concurrent connections and 100 Gbit/s of throughput. You can use NLB to handle massive requests from IoT devices.
  • Auto scaling
    You do not need to select a specification for an NLB instance or manually upgrade or downgrade an NLB instance when workloads change. NLB instances can automatically scale on demand.
  • High availability
    NLB supports disaster recovery at multiple levels. Network traffic is distributed across groups of backend servers to enable disaster recovery. NLB also supports session persistence and cross-zone deployment to ensure service availability.
  • SSL offloading for TCP traffic
    NLB supports large-scale SSL offloading for TCP traffic. You can use NLB to manage SSL certificates and offload SSL processing. This improves the performance of backend servers.
  • Multiple load balancing scenarios
    You can specify backend servers by IP address. You can also integrate NLB with Cloud Enterprise Network (CEN) to route network traffic across VPCs or regions, or to on-premises servers.
  • Multiple advanced features
    NLB supports multiple advanced features to meet diverse needs. For example, NLB supports dual-stack networking (IPv4 and IPv6), listening by port range, limiting the number of new connections per second, and connection draining.


  • Ingress for IoT services

    You can use NLB for smart home, smart parking, video surveillance, and Internet of Vehicles (IoV) services. NLB serves as an ingress and can process a large number of concurrent connections. NLB also supports SSL offloading for TCP traffic and can limit the number of new connections per second to ensure the security and stability of your IoT services.

  • Ingress for Internet-facing services

    NLB serves as an ingress over the Internet. An NLB instance provides ultra-high load balancing capabilities and can automatically scale on demand. You do not need to configure your NLB instance when workloads change. This reduces O&M costs.

  • Ingress for on-premises services

    NLB simplifies network communication between data centers and cloud services. You can specify on-premises servers as the backend servers of NLB and use cloud services such as CEN to route requests from the cloud to the on-premise servers.

NLB components





NLB provides ultra-high Layer-4 processing capabilities and can increase the service capacity of your applications by distributing network traffic across different backend servers. An NLB instance supports up to 100 million concurrent connections.


The smallest configurable unit of NLB. You must specify the protocol and port for each listener to process different requests. For example, you can set the protocol of an NLB listener to TCP and the port to 80. NLB supports TCP, UDP, and SSL over TCP. You must add at least one listener to an NLB instance to distribute network traffic. By default, you can add up to 50 listeners to each NLB instance to distribute network traffic for different workloads.

Server group

Backend servers can be organized into logical groups (also known as server groups). Each server group contains one or more backend servers to process requests distributed by NLB. Server groups of NLB are independent of NLB. You can associate a server group with different NLB instances. By default, you can specify up to 1,000 backend servers in each server group.

You can specify Elastic Compute Service (ECS) instances, elastic container instances, and elastic network interfaces (ENIs) as the backend servers of NLB. You can also add backend servers by IP address. For more information, see the following topics:

Health check

NLB checks the availability of backend servers by performing health checks. If a backend server in a server group is declared unhealthy, NLB does not forward requests to the backend server. NLB supports flexible health check configurations. For example, you can specify the protocol, port, and thresholds for health checks based on your business requirements.

NLB types

This section describes the network types and protocol versions of NLB. The following figure describes dual-stack Internet-facing NLB and dual-stack internal-facing NLB.


Network types

Alibaba Cloud provides Internet-facing and internal-facing NLB instances. You can specify the type of NLB instance based on your business requirements. Whether EIPs and Internet Shared Bandwidth instances are used is based on the specified type of NLB instance. The preceding figure describes the components of an Internet-facing NLB instance and the components of an internal-facing NLB instance.



Domain name

A domain name that can be accessed over the Internet or a private network. The domain name is resolved to the virtual IP address of NLB. You can also configure Canonical Name (CNAME) records to map readable domain names to the domain name of NLB.

Internet Shared Bandwidth instance

Only Internet-facing NLB instances need Internet Shared Bandwidth instances. Internet Shared Bandwidth instances allow you to share and transfer bandwidth resources within the same region. Internet Shared Bandwidth instances support multiple metering methods such as pay-by-bandwidth and pay-by-enhanced-95th-percentile. You can use Internet Shared Bandwidth instances to reduce Internet bandwidth costs. Internet-facing NLB instances use Internet Shared Bandwidth instances that support the pay-by-bandwidth and pay-by-enhanced-95th-percentile metering methods to provide Internet-facing services.


Only Internet-facing NLB instances need EIPs. You do not need to associate EIPs with internal-facing NLB instances. An EIP is an IP address that NLB uses to provide services over the Internet. An Internet-facing NLB instance can use multiple EIPs. To ensure high availability, an Internet-facing NLB instance must use at least two EIPs in different zones to provide services.

Virtual IP address (VIP)

VIPs of NLB are used to distribute requests. A virtual IP address is a private IP address that belongs to a virtual private cloud (VPC).

IP versions

NLB supports IPv4 and dual-stack networking.




IPv4 NLB instances use only IPv4 addresses to provide services.


Dual-stack NLB instances use both IPv4 and IPv6 addresses to provide services. The domain name of an NLB instance remains unchanged.

Activate NLB

To activate NLB, click the following button to go to the NLB buy page.

Create an NLB instance

Deploy and manage NLB instances

After you create an Alibaba Cloud account, you can deploy and manage NLB instances in the following ways:

  • NLB console: a web interface that you can use to manage your NLB service. You can create, use, or release NLB instances in the console. For more information, see Create and manage an NLB instance.

  • Alibaba Cloud SDKs: SDKs for Java, Go, Python, and other programming languages.

  • OpenAPI Explorer: allows you to retrieve and call API operations, and dynamically generate SDK sample code.

  • Terraform: helps you implement version control for cloud and on-premises resources. You can use Terraform configuration files to orchestrate resources on Alibaba Cloud and other cloud service platforms that support Terraform.