Network Load Balancer (NLB) supports adding Elastic Compute Service (ECS) instances from remote virtual private clouds (VPCs) as backend servers, using Cloud Enterprise Network (CEN) transit routers to route traffic across regions. This tutorial walks through a three-region setup: an NLB instance in China (Chengdu) distributes traffic to backend servers in China (Shanghai) and China (Qingdao).
In this tutorial, you will:
Connect three VPCs across three regions through CEN transit routers.
Create an IP-type server group and add cross-region backend servers by private IP address.
Configure a TCP listener on the NLB instance.
Verify that the NLB instance routes traffic across regions and remains available when one backend fails.
Limitations
Backend servers
Cross-region ECS instances must be added to a server group of the IP type.
When adding backend servers by IP address, only private IP addresses are accepted. Public IP addresses are not supported.
Transit routers and VPCs
When you associate an Enterprise Edition transit router with a VPC, elastic network interfaces (ENIs) are automatically created and attached to the vSwitch in each zone. These ENIs forward traffic from the VPC to the transit router. Each VPC must have at least one vSwitch in each zone covered by the Enterprise Edition transit router. For details, see How transit routers work.
Prerequisites
Before you begin, ensure that the following resources are created:
An NLB instance (internal-facing) in VPC1 in China (Chengdu), deployed across Chengdu Zone A and Chengdu Zone B. For details, see Create and manage an NLB instance.
A CEN instance with one transit router per region: TR1 in China (Chengdu), TR2 in China (Shanghai), and TR3 in China (Qingdao). For details, see CEN instances and Transit routers.
Three VPCs, each with at least two vSwitches in different zones: For details, see Create and manage a VPC.
VPC1 in China (Chengdu): CIDR
172.16.0.0/16VPC2 in China (Shanghai): CIDR
10.0.0.0/16VPC3 in China (Qingdao): CIDR
192.168.0.0/16
Three ECS instances: ECS1 in VPC1 (client), ECS2 in VPC2 (backend, private IP
10.0.20.100), and ECS3 in VPC3 (backend, private IP192.168.20.100). The security groups of ECS2 and ECS3 must allow inbound traffic on port 80. For details, see Create an instance by using the wizard.
The diagram below shows the target topology.
Step 1: Connect the VPCs to the transit routers
Log on to the CEN console and click the ID of the CEN instance. The Transit Router tab appears.
Find TR1 and click Create Connection in the Actions column. On the Connection with Peer Network Instance page, set the following parameters and leave others at their default values. Click OK.
Parameter Value Instance type VPC Region China (Chengdu) Resource owner ID Current Account Network instance VPC1 vSwitch A vSwitch in VPC1 Repeat the preceding step to connect VPC2 to TR2 (China (Shanghai)) and VPC3 to TR3 (China (Qingdao)).
Step 2: Create inter-region connections
On the Transit Router tab of the CEN instance, find TR1 and click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, set the following parameters to create a connection between TR1 and TR2. Leave others at their default values. Click OK.
To reduce inter-region traffic costs, activate Cloud Data Transfer (CDT) before creating inter-region connections. Activation is free. For details, see Getting started. Alternatively, purchase a bandwidth plan based on your traffic requirements.
Parameter Value Instance type Inter-region Connection Region China (Chengdu) Peer region China (Shanghai) Bandwidth allocation mode Pay-By-Data-Transfer Repeat the preceding step to create an inter-region connection between TR1 and TR3 (China (Qingdao)).
Step 3: Configure a server group
Log on to the NLB console and select China (Chengdu). Click Create Server Group and configure the following parameters. Leave others at their default values. Click Create.
Parameter Value Server group type IP Server group name test VPC VPC1 Resource group default resource group After the server group is created, click Modify Backend Server in the Actions column. On the Backend Servers tab, click Add IP Address.
In the Select servers step, set IP address to the private IP addresses of ECS2 (
10.0.20.100) and ECS3 (192.168.20.100). Click Next.In the Ports/Weights step, set Port to
80. Leave other parameters at their default values. Click OK.
Step 4: Configure a listener
Log on to the NLB console and select China (Chengdu). On the Instances page, find the NLB instance and click Create Listener in the Actions column.
In the Configure listener step, set Listener protocol to TCP and Listener port to
80. Click Next.In the Select server group step, select the IP-type server group created in Step 3. Click Next.
In the Configuration review step, confirm the settings and click Submit.
Step 5: Verify the results
Deploy test applications on ECS2 and ECS3
Log on to the ECS console and select China (Shanghai). On the Instances page, find ECS2 and click Connect in the Actions column. In the Remote connection dialog box, click Sign in now in the Workbench section.
Run the following commands to deploy the test application on ECS2:
yum install -y nginx systemctl start nginx.service cd /usr/share/nginx/html/ echo "Hello World ! This is ECS02." > index.htmlLog on to the ECS console and select China (Qingdao). On the Instances page, find ECS3 and click Connect in the Actions column. In the Remote connection dialog box, click Sign in now in the Workbench section.
Run the following commands to deploy the test application on ECS3:
yum install -y nginx systemctl start nginx.service cd /usr/share/nginx/html/ echo "Hello World ! This is ECS03." > index.html
Test connectivity from ECS1
Log on to the ECS console and select China (Chengdu). On the Instances page, find ECS1 and click Connect in the Actions column. Click Sign in now in the Workbench section.
Install telnet:
sudo yum install -y telnetTest connectivity. Replace
<NLB-domain>with your NLB instance's domain name.telnet <NLB-domain> 80If the response starts with
Connected to nlb-..., the NLB instance is successfully forwarding traffic to the backend servers.
Simulate a backend failure
On ECS2, stop the application:
systemctl stop nginx.serviceWait a few minutes, then run
telnet <NLB-domain> 80from ECS1 again. The connection still succeeds — the NLB instance has redirected traffic to ECS3.Restore ECS2 and stop ECS3:
# On ECS2 systemctl start nginx.service # On ECS3 systemctl stop nginx.serviceWait a few minutes and run
telnet <NLB-domain> 80from ECS1 again. The connection still succeeds — the NLB instance now routes traffic to ECS2.
The tests confirm that the failure of a single backend server does not affect the availability of the NLB instance.
Release resources
After testing, release resources in the following order to avoid dependency errors.
Delete the CEN instance and transit routers.
Log on to the CEN console and click the CEN instance ID.
Delete TR1: go to Basic Settings > Transit Router, click the TR1 ID. On the Intra-region Connections tab, click Detach for each attached network instance. On the Cross-region Connections tab, click Delete for each inter-region connection. Return to the CEN instance details page and click Delete for TR1.
Repeat for TR2 and TR3.
Return to the Instances page and click Delete for the CEN instance.
Release the ECS instances and security groups.
Log on to the ECS console and select China (Chengdu). Find ECS1, click the
icon, and click Release to release ECS1 immediately.On the Security Group page, find ECS1 Custom Security Group and click Delete.
Repeat for ECS2 (China (Shanghai)) and ECS3 (China (Qingdao)) and their security groups.
Delete the DNS record. For details, see Delete a DNS record.
Release the NLB instance and server group.
Log on to the NLB console and select China (Chengdu). Find the NLB instance, click the
icon, and click Release.On the Server Groups page, find the server group, click the
icon, and click Delete.
Release the VPCs.
Log on to the VPC console and select China (Chengdu). Find VPC1, click Delete, and select Forcefully Delete to release the VPC and its vSwitches.
Repeat for VPC2 (China (Shanghai)) and VPC3 (China (Qingdao)).