An Application Load Balancer (ALB) instance distributes requests from clients to backend server groups based on listeners and forwarding rules. To use ALB to balance loads, create an ALB instance and create listeners and backend server groups for the ALB instance. This topic describes the key terms and usage notes of ALB instances.
By default, cross-zone load balancing is enabled for ALB instances. Incoming requests are distributed to backend services deployed in all zones within the same region. If you disable cross-zone load balancing for the backend server group associated with your ALB instance, requests are distributed to backend services deployed in a single zone.
Domain names
ALB provides services through domain names. ALB is integrated with Alibaba Cloud DNS, which allows you to customize domain name resolution. We recommend that you use CNAME records to map custom domain names to the domain name of your ALB instance and use the ALB instance to manage resource access. For more information, see Add a CNAME record to an ALB instance.
Instance status
The following table describes the different states of an ALB instance and whether the operations are supported.
Instance status | Status description | Why the ALB instance is locked | Whether the ALB instance can be deleted | Whether configurations can be changed |
Running | The ALB instance is running as expected. | N/A | Based on whether delete protection is enabled.
| Based on whether the configuration read-only mode is enabled.
|
Creating | The ALB instance is being created. | N/A | No | No |
Updating Configuration | The configuration of the ALB instance is being updated. | N/A | No | |
Creation Failed | The ALB instance failed to be created. | N/A | Yes | |
Stopped | The ALB instance stops running. | Locked (Overdue Payment): The ALB instance is locked due to overdue payments. Renew your ALB instance at the earliest opportunity. The ALB instance resumes after it is unlocked. | No | |
Locked (Associated Resources in Abnormal State): The elastic IP addresses (EIPs) or Internet Shared Bandwidth instances that are associated with the ALB instance are locked due to overdue payments. Renew the EIPs or Internet Shared Bandwidth instances at the earliest opportunity. The ALB instance resumes after the associated resources are unlocked. | No | |||
Locked (Associated Resources Overdue and Released): The EIPs or Internet Shared Bandwidth instances that are associated with the ALB instance are released due to overdue payments and the ALB instance is unavailable. We recommend that you release the ALB instance. | Yes | |||
Locked (Security Risks): The ALB instance is locked due to security risks. You can go to the Penalties List page in the Security Control console to apply for unlocking. | No |
Network types
Alibaba Cloud provides Internet-facing and internal-facing ALB instances.
You can switch the network type of an ALB instance between Internet-facing and internal-facing. For more information, see Change the network type of an ALB instance.
Internet-facing ALB instances
When you create an Internet-facing ALB instance, it is assigned a public IP address and a private IP address.
Internet-facing ALB instances distribute requests that are sent over the Internet. By default, Internet-facing ALB instances use elastic IP addresses (EIPs) to support Internet access and distribute requests from the Internet to backend servers based on forwarding rules. You can also associate an Anycast EIP with your ALB instance to route requests to the nearest access point. For more information, see Associate Anycast EIPs with an ALB instance to enable access through the nearest access point.
An Internet-facing ALB is also assigned a private IP address, which can be used to access Elastic Compute Service (ECS) instances in virtual private clouds (VPCs).
Internal-facing ALB instances
An internal-facing ALB instance is assigned a private IP address.
An internal-facing ALB instance can forward requests that are only from the same VPC as the ALB instance to backend servers based on listeners and forwarding rules.
Internal-facing ALB instances do not support Internet access.
IP versions
IPv4 and dual-stack
ALB supports IPv4 and dual-stack networking.
IP version | Default value | Description |
IPv4 |
| Clients can use only IPv4 addresses, such as 192.0.2.1, to access IPv4 ALB instances. IPv4 ALB instances forward requests from IPv4 clients only to IPv4 backend servers. You can specify ECS instances, elastic network interfaces (ENIs), elastic container instances, IP addresses, and Function Compute functions as backend servers. |
Dual-stack |
| Clients can use IPv4 addresses, such as 192.168.0.1, and IPv6 addresses, such as 2001:db8:1:1:1:1:1:1, to access dual-stack ALB instances. Dual-stack ALB instances can forward requests from IPv4 clients and IPv6 clients to backend IPv4 services and IPv6 services.
|
The network type of a dual-stack ALB instance is determined by the IPv4 address. If the IPv4 address is a private IP address, the ALB instance is internal-facing. If the IPv4 IP address is a public IP address, the ALB instance is Internet-facing.
Usage notes on dual-stack ALB instances
IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.
Access control lists (ACLs) support only IPv4 addresses.
Regions that support dual-stack ALB instances
Area | Region |
China | China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), China (Guangzhou), and China (Heyuan) |
Asia Pacific | Singapore |
Europe & Americas | Germany (Frankfurt), US (Virginia), UK (London), and US (Silicon Valley) |
Middle East | SAU (Riyadh - Partner Region) |
Integration with Web Application Firewall (WAF)
ALB is integrated with WAF 3.0. If you want your ALB instances to be protected by WAF, purchase a WAF-enabled ALB instance. When you purchase WAF-enabled ALB instances, take note of the following information:
If your Alibaba Cloud account does not have a WAF 2.0 instance or has not activated WAF: You can enable WAF 3.0 for Internet-facing and internal-facing ALB instances by purchasing WAF-enabled ALB instances. This way, ALB is interfaced with WAF on the service level. For more information, see Activate and manage WAF-enabled ALB instances.
Regions that support WAF-enabled ALB instances (Regions in which ALB is integrated with WAF 3.0)
Area
Region
China
China (Chengdu), China (Qingdao), China (Beijing), China (Guangzhou), China (Hangzhou), China (Ulanqab), China (Shanghai), China (Shenzhen), China (Zhangjiakou), and China (Hong Kong)
Asia Pacific
Philippines (Manila), Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), Singapore, and Thailand (Bangkok)
Europe and Americas
Germany (Frankfurt), US (Silicon Valley), and US (Virginia)
Middle East
SAU (Riyadh - Partner Region)
If your Alibaba Cloud account already has a WAF 2.0 instance: You can enable WAF 2.0 for basic Internet-facing ALB instance and standard Internet-facing ALB instances in transparent proxy mode. Internal-facing ALB instances do not support WAF 2.0.
Only ALB instances in the following regions can be interfaced with WAF 2.0 in transparent proxy mode: China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Beijing), and China (Zhangjiakou).
NoteIf you want to enable WAF 3.0 for your ALB instance, release the WAF 2.0 instance first or migrate to WAF 3.0.
After you release the WAF 2.0 instance, service errors may arise because the X-Forwarded-Proto header is disabled for ALB by default. You must enable the X-Forwarded-Proto header for the listeners of the ALB instance to prevent errors. For more information, see Manage listeners.
For more information about how to release a WAF 2.0 instance, see Terminate the WAF service.
For more information about how to migrate to WAF 3.0, see Migrate a WAF 2.0 instance to WAF 3.0.
References
For more information about how to configure ALB instances, see Use an ALB instance to provide IPv4 services and Implement load balancing for IPv6 services.
For more information about how to create an ALB instance, see Create an ALB instance. For more information about how to manage ALB instances, see Manage ALB instances.
For more information about how to modify the specifications of an ALB instance, see Modify the configurations of ALB instances.