All Products
Search
Document Center

Server Load Balancer:ALB instances

Last Updated:Dec 02, 2024

An Application Load Balancer (ALB) instance distributes requests from clients to backend server groups based on listeners and forwarding rules. To use ALB to balance loads, create an ALB instance and create listeners and backend server groups for the ALB instance. This topic describes the key terms and usage notes of ALB instances.

Note

By default, cross-zone load balancing is enabled for ALB instances. Incoming requests are distributed to backend services deployed in all zones within the same region. If you disable cross-zone load balancing for the backend server group associated with your ALB instance, requests are distributed to backend services deployed in a single zone.

Domain names

ALB provides services through domain names. ALB is integrated with Alibaba Cloud DNS, which allows you to customize domain name resolution. We recommend that you use CNAME records to map custom domain names to the domain name of your ALB instance and use the ALB instance to manage resource access. For more information, see Add a CNAME record to an ALB instance.

Instance status

The following table describes the different states of an ALB instance and whether the operations are supported.

Instance status

Status description

Why the ALB instance is locked

Whether the ALB instance can be deleted

Whether configurations can be changed

Running

The ALB instance is running as expected.

N/A

Based on whether delete protection is enabled.

  • Delete protection is enabled: yes.

  • Deletion protection is disabled: no.

Based on whether the configuration read-only mode is enabled.

  • Configuration read-only mode is enabled: yes.

  • Configuration read-only mode is disabled: no.

Creating

The ALB instance is being created.

N/A

No

No

Updating Configuration

The configuration of the ALB instance is being updated.

N/A

No

Creation Failed

The ALB instance failed to be created.

N/A

Yes

Stopped

The ALB instance stops running.

Locked (Overdue Payment): The ALB instance is locked due to overdue payments. Renew your ALB instance at the earliest opportunity. The ALB instance resumes after it is unlocked.

No

Locked (Associated Resources in Abnormal State): The elastic IP addresses (EIPs) or Internet Shared Bandwidth instances that are associated with the ALB instance are locked due to overdue payments. Renew the EIPs or Internet Shared Bandwidth instances at the earliest opportunity. The ALB instance resumes after the associated resources are unlocked.

No

Locked (Associated Resources Overdue and Released): The EIPs or Internet Shared Bandwidth instances that are associated with the ALB instance are released due to overdue payments and the ALB instance is unavailable. We recommend that you release the ALB instance.

Yes

Locked (Security Risks): The ALB instance is locked due to security risks. You can go to the Penalties List page in the Security Control console to apply for unlocking.

No

Network types

Alibaba Cloud provides Internet-facing and internal-facing ALB instances.

You can switch the network type of an ALB instance between Internet-facing and internal-facing. For more information, see Change the network type of an ALB instance.

Internet-facing ALB instances

When you create an Internet-facing ALB instance, it is assigned a public IP address and a private IP address.

  • Internet-facing ALB instances distribute requests that are sent over the Internet. By default, Internet-facing ALB instances use elastic IP addresses (EIPs) to support Internet access and distribute requests from the Internet to backend servers based on forwarding rules. You can also associate an Anycast EIP with your ALB instance to route requests to the nearest access point. For more information, see Associate Anycast EIPs with an ALB instance to enable access through the nearest access point.

  • An Internet-facing ALB is also assigned a private IP address, which can be used to access Elastic Compute Service (ECS) instances in virtual private clouds (VPCs).

Internal-facing ALB instances

An internal-facing ALB instance is assigned a private IP address.

  • An internal-facing ALB instance can forward requests that are only from the same VPC as the ALB instance to backend servers based on listeners and forwarding rules.

  • Internal-facing ALB instances do not support Internet access.

IP versions

IPv4 and dual-stack

ALB supports IPv4 and dual-stack networking.

IP version

Default value

Description

IPv4

  • An IPv4 Internet-facing ALB instance is assigned a public IPv4 address and a private IPv4 address in each zone.

  • An IPv4 internal-facing ALB instance is assigned a private IPv4 address in each zone.

Clients can use only IPv4 addresses, such as 192.0.2.1, to access IPv4 ALB instances.

IPv4 ALB instances forward requests from IPv4 clients only to IPv4 backend servers. You can specify ECS instances, elastic network interfaces (ENIs), elastic container instances, IP addresses, and Function Compute functions as backend servers.

Dual-stack

  • A dual-stack Internet-facing ALB instance is assigned a public IPv4 address, a private IPv4 address, and an IPv6 address in each zone.

  • A dual-stack internal-facing ALB instance is assigned a private IPv4 address and an IPv6 address in each zone.

Clients can use IPv4 addresses, such as 192.168.0.1, and IPv6 addresses, such as 2001:db8:1:1:1:1:1:1, to access dual-stack ALB instances.

Dual-stack ALB instances can forward requests from IPv4 clients and IPv6 clients to backend IPv4 services and IPv6 services.

  • Dual-stack ALB instances can forward requests from IPv6 clients to IPv4 backend services deployed on the following types of backend servers: ECS instances, ENIs, elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported.

  • Dual-stack ALB instances can forward requests from IPv6 clients to IPv6 backend services deployed on the following types of backend servers: ECS instances, ENIs, and elastic container instances. Backend servers of the IP address or Function Compute type are not supported.

Note

The network type of a dual-stack ALB instance is determined by the IPv4 address. If the IPv4 address is a private IP address, the ALB instance is internal-facing. If the IPv4 IP address is a public IP address, the ALB instance is Internet-facing.

Usage notes on dual-stack ALB instances

  • IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.

  • Access control lists (ACLs) support only IPv4 addresses.

Regions that support dual-stack ALB instances

Area

Region

China

China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), China (Guangzhou), and China (Heyuan)

Asia Pacific

Singapore

Europe & Americas

Germany (Frankfurt), US (Virginia), UK (London), and US (Silicon Valley)

Middle East

SAU (Riyadh - Partner Region)

Integration with Web Application Firewall (WAF)

ALB is integrated with WAF 3.0. If you want your ALB instances to be protected by WAF, purchase a WAF-enabled ALB instance. When you purchase WAF-enabled ALB instances, take note of the following information:

  • If your Alibaba Cloud account does not have a WAF 2.0 instance or has not activated WAF: You can enable WAF 3.0 for Internet-facing and internal-facing ALB instances by purchasing WAF-enabled ALB instances. This way, ALB is interfaced with WAF on the service level. For more information, see Activate and manage WAF-enabled ALB instances.

    Regions that support WAF-enabled ALB instances (Regions in which ALB is integrated with WAF 3.0)

    Area

    Region

    China

    China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), and China (Hong Kong)

    Asia Pacific

    Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Singapore, and Thailand (Bangkok)

    Europe and Americas

    Germany (Frankfurt), US (Silicon Valley), and US (Virginia)

    Middle East

    SAU (Riyadh - Partner Region)

  • If your Alibaba Cloud account already has a WAF 2.0 instance: You can enable WAF 2.0 for basic Internet-facing ALB instance and standard Internet-facing ALB instances in transparent proxy mode. Internal-facing ALB instances do not support WAF 2.0.

    Only ALB instances in the following regions can be interfaced with WAF 2.0 in transparent proxy mode: China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou).

    Note

    If you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0.

    • After you release the WAF 2.0 instance, service errors may arise because the X-Forwarded-Proto header is disabled for ALB by default. You must enable the X-Forwarded-Proto header for the listeners of the ALB instance to prevent errors. For more information, see Manage listeners.

    • For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.

    • For more information about how to migrate to WAF 3.0, see Migrate a WAF 2.0 instance to WAF 3.0.

References