Application Load Balancer (ALB) is an Alibaba Cloud service that runs at the application layer and is optimized to balance traffic over HTTP, HTTPS, and Quick UDP Internet Connections (QUIC). ALB is highly elastic and can process large volumes of Layer 7 traffic on demand. ALB supports complex routing and is integrated with other cloud-native services. ALB is designed as an ingress gateway to manage inbound traffic on Alibaba Cloud.
Why ALB?
As a cloud-native ingress gateway on Alibaba Cloud, ALB is developed for Layer 7 load balancing over HTTP, HTTPS, and QUIC and provides advanced routing features. For more information about ALB Ingresses, see ALB Ingress management and ALB Ingress user guide.
Application layer elasticity: ALB is developed for Layer 7 load balancing and provides domain names and virtual IP addresses (VIPs) to handle large amounts of network traffic at multiple levels. ALB distributes network traffic across backend server groups to improve the availability of applications and prevent service interruptions caused by single points of failure (SPOFs). ALB supports custom cross-zone deployment and elastic scaling across zones to remove resource bottlenecks in individual zones.
Advanced protocols: ALB supports HTTP, HTTPS, and QUIC and can process a heavy load of network traffic. You can use ALB to provide fast and secure connections to mobile Internet applications, such as real-time audio and video applications, interactive streaming applications, and online gaming applications. ALB supports Google Remote Procedure Call (gRPC) to facilitate efficient communication among microservices through APIs.
Content-based routing: ALB can route network traffic to different backend servers based on the request content, such as the path, HTTP header, query string, HTTP request method, cookie, and source IP address. ALB also supports advanced configurations, such as redirects, rewrites, and custom HTTPS headers.
Security and reliability: ALB supports DDoS mitigation and can be integrated with Web Application Firewall (WAF) to provide more security features. In addition, ALB supports end-to-end HTTPS encryption, custom security policies, and efficient encryption protocols, such as TLS 1.3. ALB protects your business-critical services and complies with the Zero Trust security framework.
Cloud-native: As more cloud-native services are developed, a growing number of customers in the Internet, finance, and enterprise sectors deploy applications in the cloud or migrate existing business systems to the cloud. As a cloud-native ingress gateway for Alibaba Cloud, ALB is deeply integrated with Container Service for Kubernetes (ACK), Serverless App Engine (SAE), Function Compute, and Kubernetes.
Stream transmission support: ALB supports server-sent events (SSE). If you use ALB for your large language model (LLM) application, ALB can forward the reasoning results generated by your application in real time to clients. This will greatly improve the user experience of your application.
Flexible billing: ALB uses elastic IP addresses (EIPs) and Internet Shared Bandwidth instances to provide Internet-facing services and supports flexible billing for Internet data transfer. ALB also supports the pay-by-LCU metering method, which is ideal for services with traffic spikes.
Performance metrics
Starting at 00:00:00 on February 25, 2025 (UTC+8), Alibaba Cloud will upgrade ALB instances.
ALB instances created at or after 00:00:00 on February 25, 2025 (UTC+8) are upgraded versions. If you want to start using upgraded ALB instances sooner, you need to apply for the privilege.
For non-upgraded ALB instances, Alibaba Cloud will upgrade them on the backend sometime after 00:00:00 on February 25, 2025 (UTC+8).
For more information, see ALB instance upgrade.
After ALB instance upgrade
An upgraded ALB instance is allocated with three IP addresses from each vSwitch you specify for it: One acts as a VIP to provide load balancing services, and the other two as local IP addresses to communicate with backend servers ad perform health checks.
We recommend that each vSwitch you specify for an upgraded ALB instance has at least eight available IP addresses to ensure the instance can auto-scale resources as expected.
Metric for performance of each VIP | Maximum value of auto-scaling |
Maximum queries per second (QPS) | 500,000 |
Maximum number of new connections (CPS) | 200,000 |
Maximum number of concurrent connections | 5,000,000 |
Maximum internal bandwidth | 25 Gbit/s |
A two-zone ALB instance has a default Internet bandwidth of 400 Mbit/s while the actual Internet bandwidth of the instance is the sum of the maximum bandwidth of all EIPs associated with it.
The sum of the maximum bandwidth of all pay-by-data-transfer EIPs in each Alibaba Cloud account in each region cannot exceed 5 Gbit/s. For more information, see the bandwidth limits in Pay-as-you-go.
If you want to use larger bandwidth, purchase an Internet Shared Bandwidth instance. For more information about how to purchase an Internet Shared Bandwidth instance, see Create an Internet Shared Bandwidth instance.
ALB supports multi-zone deployment. If the selected region supports two or more zones, select at least two zones to ensure high availability. ALB does not charge additional fees.
We recommend that you use CNAME records to map custom domain names to the domain name of an ALB instance for providing external services. If you use this method, the availability of the ALB service can reach 99.995%.
Before ALB instance upgrade
ALB supports the dynamic IP and static IP modes. The performance of an ALB instance varies based on the IP mode.
The performance metrics of an ALB instance vary only based on the IP mode of the ALB instance, and are not affected by the edition of the ALB instance.
Performance of an ALB instance deployed in two zones
IP mode | Maximum queries per second (QPS) | Maximum number of new connections (CPS) | Maximum number of concurrent connections | Maximum internal bandwidth | Default Internet bandwidth |
Dynamic IP | 1 million | 1 Million | 10 million | 100 Gbit/s | 400 Mbit/s. The actual Internet bandwidth varies based on the total bandwidth of the EIPs associated with an ALB instance.
|
Static IP | 100,000 | 100,000 | 1 million | 10 Gbit/s |
In a multi-zone region, the default maximum QPS, CPS, and concurrent connections for an ALB instance are 100,000, 100,000, and 1 million, which do not change with the number of zones. The maximum QPS, CPS, and concurrent connections for an ALB instance in static IP mode are 100,000, 100,000, and 1 million. The maximum QPS, CPS, and concurrent connections for an ALB instance in dynamic IP mode automatically scale up to 1 million, 1 million, and 10 millions.
We recommend that you use CNAME records to map custom domain names to the domain name of an ALB instance. This way, the ALB instance can provide external services. If you use this method, ALB can provide a service uptime of up to 99.995%.
ALB supports multi-zone deployment. If the current region contains two or more zones, you must select at least two zones to ensure high availability. If you select multiple zones for an ALB instance, you are not charged additional fees.
ALB components
Term | Description |
Instance | ALB provides ultra-high Layer 7 processing capabilities and can increase the service capacity of your applications by distributing network traffic across different backend servers. Each ALB instance supports up to 1 million QPS. |
Listener | A listener is the smallest configurable unit of ALB. Listeners listen for requests over the protocols and ports that you configure. For example, you can configure a listener of ALB to process HTTP requests on port 80. You must add at least one listener to each ALB instance before the ALB instance can distribute network traffic. By default, you can add up to 50 listeners to each ALB instance to distribute network traffic for different workloads. |
Forwarding rule | ALB distributes requests to backend servers in one or more server groups based on forwarding rules. ALB provides advanced routing features. In addition to the basic routing features, you can specify conditions such as the HTTP header, cookie, and HTTP method in a forwarding rule to route network traffic to different backend servers. |
Server group | Backend servers can be organized into logical groups (also known as server groups) to which requests are distributed. Each server group contains one or more backend servers that process requests distributed by ALB. Server groups of ALB are independent of ALB. You can associate a server group with different ALB instances. By default, you can specify up to 1,000 backend servers in each server group. ALB supports multiple types of backend servers, such as Elastic Compute Service (ECS) instances, elastic container instances, and elastic network interfaces (ENIs). |
Health check | ALB checks the availability of backend servers by performing health checks. If a backend server is declared unhealthy, ALB does not forward requests to the backend server. ALB supports flexible health check configurations. For example, you can specify the protocol, port, and thresholds for health checks. ALB provides health check templates that can be applied to different server groups. |
ALB instance types
Alibaba Cloud provides Internet-facing and internal-facing ALB instances. You can specify the type of ALB instance based on your business requirements. Whether EIPs and Internet Shared Bandwidth instances are used is based on the specified type of ALB instance.
Term | Description |
VIP | VIPs of ALB are used to receive and forward requests. Each VIP is a private IP address that belongs to a virtual private cloud (VPC). |
EIP | EIPs are required only by Internet-facing ALB instances. You do not need to associate EIPs with internal-facing ALB instances. An EIP is an IP address that ALB uses to provide services over the Internet. You can associate multiple EIPs with an Internet-facing ALB instance. To ensure high availability, an Internet-facing ALB instance must use at least two EIPs in different zones to provide services. |
Internet Shared Bandwidth instance | Internet Shared Bandwidth offers region-level bandwidth sharing and multiplexing capabilities. Within the same region, you can associate multiple EIPs with your Internet Shared Bandwidth instance to multiplex the bandwidth provided by the service, thereby reducing your Internet bandwidth costs. |
Domain name | A domain name can be accessed over the Internet or private networks and can be resolved to the VIP of an ALB instance. You can also create a CNAME record to map a readable domain name to the domain name of ALB. For more information, see Configure a CNAME record. Note Alibaba Cloud has upgraded the domain names for ALB instances. For ALB instances created at or after 00:00:00 on November 15, 2024 (UTC+8), you must use the new domain names. Default domain names provided by Alibaba Cloud DNS can no longer be used to access ALB instances. ALB instances created before 00:00:00 on November 15, 2024 (UTC+8) are not affected by this upgrade. For more information, see ALB and NLB domain name upgrade. |
Activate ALB
To activate ALB, go to the buy page.
Deploy and maintain ALB instances
After you create an Alibaba Cloud account, you can deploy and manage ALB instances in the following ways:
ALB console: a web interface that you can use to manage your ALB service. You can create, use, or release ALB instances in the console. For more information, see Create and manage an ALB instance.
Alibaba Cloud SDKs: SDKs for Java, Go, Python, and other programming languages.
OpenAPI Explorer: allows you to retrieve and call API operations, and dynamically generate SDK sample code.
Terraform: helps you implement version control for cloud and on-premises resources. You can use Terraform configuration files to orchestrate resources on Alibaba Cloud and other cloud service platforms that support Terraform.