ALB key terms and usage notes - Server Load Balancer - Alibaba Cloud Documentation Center

An Application Load Balancer (ALB) instance distributes requests from clients to backend server groups based on listeners and forwarding rules. To use ALB to balance loads, create an ALB instance and create listeners and backend server groups for the ALB instance. This topic describes the key terms and usage notes of ALB instances.

Note

ALB instances distribute requests across zones by default. After an ALB instance in a region receives requests, the ALB instance distributes the requests to the backend servers in all the available zones of the region, including zones that are not assigned virtual IP addresses (VIPs). Cross-zone load balancing cannot be disabled for ALB instances.

Domain names

ALB provides services through domain names. ALB is integrated with Alibaba Cloud DNS, which allows you to customize domain name resolution. We recommend that you use CNAME records to map custom domain names to the domain name of your ALB instance and use the ALB instance to manage resource access. For more information, see Add a CNAME record to an ALB instance.

Instance status

The following table describes the different states of an ALB instance and whether the operations are supported.

Instance status	Status description	Why the ALB instance is locked	Whether the ALB instance can be deleted	Whether configurations can be changed
Running	The ALB instance is running as expected.	N/A	Based on whether delete protection is enabled. Delete protection is enabled: yes. Deletion protection is disabled: no.	Based on whether the configuration read-only mode is enabled. Configuration read-only mode is enabled: yes. Configuration read-only mode is disabled: no.
Creating	The ALB instance is being created.	N/A	No	No
Updating Configuration	The configuration of the ALB instance is being updated.	N/A	No
Creation Failed	The ALB instance failed to be created.	N/A	Yes
Stopped	The ALB instance stops running.	Locked (Overdue Payment): The ALB instance is locked due to overdue payments. Renew your ALB instance at the earliest opportunity. The ALB instance resumes after it is unlocked.	No
		Locked (Associated Resources in Abnormal State): The elastic IP addresses (EIPs) or Internet Shared Bandwidth instances that are associated with the ALB instance are locked due to overdue payments. Renew the EIPs or Internet Shared Bandwidth instances at the earliest opportunity. The ALB instance resumes after the associated resources are unlocked.	No
		Locked (Associated Resources Overdue and Released): The EIPs or Internet Shared Bandwidth instances that are associated with the ALB instance are released due to overdue payments and the ALB instance is unavailable. We recommend that you release the ALB instance.	Yes
		Locked (Security Risks): The ALB instance is locked due to security risks. You can go to the Penalties List page in the Security Control console to apply for unlocking.	No

Network types

Alibaba Cloud provides Internet-facing and internal-facing ALB instances.

You can switch the network type of an ALB instance between Internet-facing and internal-facing. For more information, see Change the network type of an ALB instance.

Internet-facing ALB instances

When you create an Internet-facing ALB instance, it is assigned a public IP address and a private IP address.

Internet-facing ALB instances distribute requests that are sent over the Internet. By default, Internet-facing ALB instances use elastic IP addresses (EIPs) to support Internet access and distribute requests from the Internet to backend servers based on forwarding rules. You can also associate an Anycast EIP with your ALB instance to route requests to the nearest access point. For more information, see Associate Anycast EIPs with an ALB instance to enable access through the nearest access point.
An Internet-facing ALB is also assigned a private IP address, which can be used to access Elastic Compute Service (ECS) instances in virtual private clouds (VPCs).

Internal-facing ALB instances

An internal-facing ALB instance is assigned a private IP address.

An internal-facing ALB instance can forward requests that are only from the same VPC as the ALB instance to backend servers based on listeners and forwarding rules.
Internal-facing ALB instances do not support Internet access.

IP versions

IPv4 and dual-stack

ALB supports IPv4 and dual-stack networking.

IP version

Default value

Description

IPv4

An IPv4 Internet-facing ALB instance is assigned a public IPv4 address and a private IPv4 address in each zone.
An IPv4 internal-facing ALB instance is assigned a private IPv4 address in each zone.

Clients can use only IPv4 addresses, such as 192.0.2.1, to access IPv4 ALB instances.

IPv4 ALB instances forward requests from IPv4 clients only to IPv4 backend servers. You can specify ECS instances, elastic network interfaces (ENIs), elastic container instances, IP addresses, and Function Compute functions as backend servers.

Dual-stack

A dual-stack Internet-facing ALB instance is assigned a public IPv4 address, a private IPv4 address, and an IPv6 address in each zone.
A dual-stack internal-facing ALB instance is assigned a private IPv4 address and an IPv6 address in each zone.

Clients can use IPv4 addresses, such as 192.168.0.1, and IPv6 addresses, such as 2001:db8:1:1:1:1:1:1, to access dual-stack ALB instances.

Dual-stack ALB instances can forward requests from IPv4 clients and IPv6 clients to backend IPv4 services and IPv6 services.

Dual-stack ALB instances can forward requests from IPv6 clients to IPv4 backend services deployed on the following types of backend servers: ECS instances, ENIs, elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported.
Dual-stack ALB instances can forward requests from IPv6 clients to IPv6 backend services deployed on the following types of backend servers: ECS instances, ENIs, and elastic container instances. Backend servers of the IP address or Function Compute type are not supported.

Note

The network type of a dual-stack ALB instance is determined by the IPv4 address. If the IPv4 address is a private IP address, the ALB instance is internal-facing. If the IPv4 IP address is a public IP address, the ALB instance is Internet-facing.

Usage notes on dual-stack ALB instances

IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.
Access control lists (ACLs) support only IPv4 addresses.

Regions that support dual-stack ALB instances

Area	Region
China	China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), China (Guangzhou), and China (Heyuan)
Asia Pacific	Singapore
Europe & Americas	Germany (Frankfurt), US (Virginia), UK (London), and US (Silicon Valley)
Middle East	SAU (Riyadh - Partner Region)

Integration with Web Application Firewall (WAF)

ALB is integrated with WAF 3.0. If you want your ALB instances to be protected by WAF, purchase a WAF-enabled ALB instance. When you purchase WAF-enabled ALB instances, take note of the following information:

If your Alibaba Cloud account does not have a WAF 2.0 instance or has not activated WAF: You can enable WAF 3.0 for Internet-facing and internal-facing ALB instances by purchasing WAF-enabled ALB instances. This way, ALB is interfaced with WAF on the service level. For more information, see Activate and manage WAF-enabled ALB instances.

Regions that support WAF-enabled ALB instances (Regions in which ALB is integrated with WAF 3.0)

Area	Region
China	China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), and China (Hong Kong)
Asia Pacific	Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Singapore, and Thailand (Bangkok)
Europe and Americas	Germany (Frankfurt), US (Silicon Valley), and US (Virginia)
Middle East	SAU (Riyadh - Partner Region)

If your Alibaba Cloud account already has a WAF 2.0 instance: You can enable WAF 2.0 for basic Internet-facing ALB instance and standard Internet-facing ALB instances in transparent proxy mode. Internal-facing ALB instances do not support WAF 2.0.
Only ALB instances in the following regions can be interfaced with WAF 2.0 in transparent proxy mode: China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou).
Note
If you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0.
- After you release the WAF 2.0 instance, service errors may arise because the X-Forwarded-Proto header is disabled for ALB by default. You must enable the X-Forwarded-Proto header for the listeners of the ALB instance to prevent errors. For more information, see Manage listeners.
- For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.
- For more information about how to migrate to WAF 3.0, see Migrate a WAF 2.0 instance to WAF 3.0.

References

For more information about how to configure ALB instances, see Use an ALB instance to provide IPv4 services and Implement load balancing for IPv6 services.
For more information about how to create an ALB instance, see Create an ALB instance. For more information about how to manage ALB instances, see Manage ALB instances.
For more information about how to modify the specifications of an ALB instance, see Modify the configurations of ALB instances.