Alibaba Cloud Network Load Balancer (NLB) is a Layer 4 load balancing service intended for the Internet of Everything (IoE) era. NLB offers ultra-high performance and can automatically scale on demand. An NLB instance supports up to 100 million concurrent connections, which is ideal for services that require high concurrency.

Benefits
- High performanceAn NLB instance supports up to 100 million concurrent connections and 100 Gbit/s throughput. You can use NLB to handle massive requests from IoT devices.
- Auto scalingYou do not need to select a specification for an NLB instance or manually upgrade or downgrade an NLB instance when workloads change. An NLB instance can automatically scale on demand.
- High availabilityNLB supports disaster recovery at multiple levels. Network traffic is distributed across groups of backend servers to enable disaster recovery. NLB also supports session persistence and cross-zone deployment to ensure service availability.
- SSL offloading for TCP trafficNLB supports large-scale SSL offloading for TCP traffic. You can use NLB to manage SSL certificates and offload SSL processing. This improves the performance of backend servers.
- Multiple load balancing scenariosYou can specify backend servers by IP address. You can also integrate NLB with Cloud Enterprise Network (CEN) to route network traffic across VPCs or regions, or to on-premises servers.
- Multiple advanced featuresNLB supports multiple advanced features to meet diverse needs. For example, NLB supports dual-stack networking (IPv4 and IPv6), listening by port range, limiting the number of new connections per second, and connection draining.
Common scenarios
Ingress for IoT services
You can use NLB for smart home, smart parking, video surveillance, and Internet of Vehicles (IoV) services. NLB serves as an ingress and can process a large number of concurrent connections. NLB also supports SSL offloading for TCP traffic and can limit the number of new connections per second to ensure the security and stability of your IoT services.
Ingress for Internet-facing services
NLB serves as an ingress over the Internet. An NLB instance provides ultra-high load balancing capabilities and can automatically scale on demand. You do not need to configure your NLB instance when workloads change. This reduces O&M costs.
Ingress for on-premises services
NLB simplifies how a data center communicates with cloud services. You can specify on-premises servers as the backend servers of NLB and use cloud services such as CEN to route requests from the cloud to the on-premise servers.
NLB components

Term | Description |
Instance | NLB provides ultra-high Layer-4 processing capabilities and can increase the service capacity of your applications by distributing network traffic across different backend servers. An NLB instance supports up to 100 million concurrent connections. |
Listener | The smallest configurable unit of NLB. You must specify the protocol and port for each listener to process different requests. For example, you can set the protocol of an NLB listener to TCP and the port to 80. NLB supports TCP, UDP, and SSL over TCP. You must add at least one listener to an NLB instance to distribute network traffic. By default, you can add up to 50 listeners to each NLB instance to distribute network traffic for different workloads. |
Server group | Backend servers can be organized into logical groups (also known as server groups). Each server group contains one or more backend servers to process requests distributed by NLB. Server groups of NLB are independent from NLB. You can associate a server group with different NLB instances. By default, you can specify up to 1,000 backend servers in each server group. You can specify Elastic Compute Service (ECS) instances, elastic container instances, and elastic network interfaces (ENIs) as the backend servers of NLB. You can also add backend servers by IP address. For more information, see the following topics: |
Health check | NLB checks the availability of backend servers by performing health checks. If a backend server in a server group is declared unhealthy, NLB does not forward requests to the backend server. NLB supports flexible health check configurations. For example, you can specify the protocol, port, and thresholds for health checks based on your business requirements. |
NLB types
This section describes the network types and protocol versions of NLB. The following figure describes dual-stack Internet-facing NLB and dual-stack internal-facing NLB.

Network type
Alibaba Cloud provides Internet-facing and internal-facing NLB iInternet Shared Bandwidth instanceselect a type of NLB instance based on your business requirements. Whether EIPs and EIP bandwidth plans are used is based on the specified network type. The preceding figure describes the components of an Internet-facing NLB instance and the components of an internal-facing NLB instance.
Term | Description |
Domain name | A domain name that can be accessed over the Internet or a private network. The domain name is resolved to the virtual IP address of NLB. You can also configure Canonical Name (CNAME) records to resolve readable domain names to the domain name of NLB. |
EIP bandwidth plan | Only Internet-facing NLB instances neInternet Shared Bandwidth instancesanInternet Shared Bandwidth instancesans allow you to share and transfer bandwidth resources within the same regioInternet Shared Bandwidth instancesans support multiple metering methods such as pay-by-bandwidth and pay-by-enhanced-95th-percentile. You can uInternet Shared Bandwidth instancesans to save Internet bandwidth costs. If an EIP bandwidth plan is associated with an Internet-facing NLB instance and the EIP bandwidth plan uses the pay-by-bandwidth or pay-by-enhanced-95th-percentile metering method, the public bandwidth fee for the NLB instance is calculated based on the metering method of the EIP bandwidth plan. |
EIP | Only Internet-facing NLB instances need EIPs. You do not need to associate EIPs with internal-facing NLB instances. An EIP is an IP address that NLB uses to provide services over the Internet. An Internet-facing NLB instance can use multiple EIPs. To ensure high availability, an Internet-facing NLB instance must use at least two EIPs in different zones to provide services. |
Virtual IP address | Virtual IP addresses of NLB are used to distribute requests. A virtual IP address is a private IP address that belongs to a virtual private cloud (VPC). |
Protocol version
NLB supports IPv4 and dual-stack networking.
Term | Description |
IPv4 | IPv4 NLB instances use only IPv4 addresses to provide services. |
Dual-stack | Dual-stack NLB instances use both IPv4 and IPv6 addresses to provide services. The domain name of an NLB instance remains unchanged. |
Activate NLB
Click the following button to navigate to the NLB buy page.
Deploy and manage NLB instances
After you create an Alibaba Cloud account, you can deploy and manage NLB instances in the following ways:
NLB console: a web interface that you can use to manage your NLB service. You can create, use, or release NLB instances in the console. For more information, see Create and manage an NLB instance.
Alibaba Cloud SDKs: SDKs for Java, Go, Python, and other programming languages.
OpenAPI Explorer: allows you to retrieve and call API operations, and dynamically generate SDK sample code.
Terraform: uses configuration files to call computing resources of Alibaba Cloud and other platforms that support Terraform. Terraform is an open source tool that implements version control.