Application Load Balancer (ALB) is a Layer 7 load balancing service. It provides powerful application-layer processing capabilities and advanced forwarding rules. You can use an ALB instance to forward client requests to backend servers.
Create an instance
Plan and prepare
Account permissions: When you create your first ALB instance, the system prompts you to create the service-linked role
AliyunServiceRoleForAlb. This role is required. It grants ALB permission to access cloud resources such as elastic network interfaces (ENIs), security groups, elastic IP addresses (EIPs), and Internet Shared Bandwidth instances.Network preparation:
A Virtual Private Cloud (VPC) is created in the destination region.
To ensure high availability, deploy your ALB instance across at least two zones if your region supports multi-zone deployment. Make sure you create at least one vSwitch in each zone you plan to use.
IP address planning:
An ALB instance allocates three IP addresses from each specified vSwitch: one virtual IP address (VIP) for providing services and two local IP addresses for communicating with backend servers.
To ensure all ALB elastic features function as expected, reserve at least eight IP addresses in each vSwitch where your ALB instance is deployed. The first and last three IPv4 addresses in a vSwitch CIDR block are system-reserved. Therefore, configure the IPv4 CIDR block prefix length of your vSwitch as
/28or shorter, such as/27.
Security planning: To ensure proper connectivity between your ALB instance and backend services, allow traffic from the vSwitch CIDR block if any security policies exist along the access path, such as Alibaba Cloud security groups and third-party security policies.
Console
Go to the Instances page in the ALB console. Click Create ALB.
On the purchase page, complete the following configurations and click Buy Now.
Region: Choose the region closest to your clients to reduce latency.
For more information, see Regions and zones supported by ALB.
Network type:
Intranet: Assigns only private IP addresses. Use this for internal Alibaba Cloud network access.
Internet: Assigns both public and private IP addresses. Supports access over the Internet and internal networks. By default, ALB uses EIPs to provide public-facing services.
Selecting Internet incurs EIP instance fees and data transfer fees. For more information, see EIP billing.
Dual-stack Internet-facing ALB instances use IPv4 addresses to provide public services by default and do not support IPv6 public access. To enable IPv6 public access, change the network type of the ALB instance. This incurs IPv6 Internet data transfer fees.
VPC: Instances and server groups must be in the same VPC.
Zone:
If your region supports multiple zones, select at least two zones and their corresponding vSwitches.
(Only when Network type is set to Internet) You can choose to associate an existing EIP or select Automatically assign EIP. If you select the latter, the system creates a pay-as-you-go (pay-by-data-transfer) EIP and associates it with the ALB instance.
You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances. The EIP types assigned to different zones of the same ALB instance must be identical. For more information, see EIP types.
IP version: Select Dual-stack to support IPv6 access. Otherwise, select IPv4.
Before purchasing a dual-stack ALB instance, enable IPv6 for the vSwitch where the ALB instance will be deployed.
You can only create new dual-stack ALB instances. You cannot upgrade an existing IPv4 ALB instance to dual-stack.
Edition (instance fee):
Basic: Provides core ALB features, including routing based on domain names, URLs, and HTTP headers.
Standard: Adds custom TLS security policies, Tracing Analysis, redirects, and rewrites to the Basic edition.
WAF Enabled: Integrates Web Application Firewall (WAF) 3.0 with the Standard edition to provide application-layer security for web applications.
If WAF is not activated in your Alibaba Cloud account, purchasing a WAF-enabled ALB instance automatically activates a pay-as-you-go WAF 3.0 instance.
You will not incur additional WAF fees for a WAF-enabled ALB instance if you already have a subscription WAF 3.0 instance.
If you have a WAF 2.0 instance, you must release the WAF 2.0 instance or migrate to WAF 3.0.
ALB does not enable the X-Forwarded-Proto header by default. When you use a WAF 2.0 instance, accessing ALB directly may cause service errors—such as infinite redirects—if the backend services fail to detect the correct protocol (HTTP or HTTPS). To avoid this, manually enable the X-Forwarded-Proto request header in the ALB listener configuration.
(Only when Network type is set to Internet) Associate with Internet Shared Bandwidth: A dual-zone ALB instance has a default maximum Internet bandwidth of 400 Mbit/s. You can associate it with an Internet Shared Bandwidth instance to increase the maximum bandwidth.
(Only when Network type is set to Internet and Associate with Internet Shared Bandwidth is not selected) Internet metering method: Default is Pay-by-data-transfer and cannot be changed.
In pay-by-data-transfer mode, the maximum bandwidth is not a guaranteed value. It serves only as a reference and an upper limit. During resource contention, the actual bandwidth may be lower than the maximum value.
Instance name and Resource group: You can specify an instance name and a resource group to simplify management. After purchase, you can change the instance name on the Instances page. You can also use tags to manage instances.
API
Call CreateLoadBalancer to create an ALB instance.
What to do next
Create a server group: Create a group of backend servers to receive requests forwarded from the ALB instance.
Add a listener: Creates a listener to receive incoming requests. You can create HTTP, HTTPS, or QUIC listeners.
Add a CNAME record: Because the SLB domain name has been upgraded, new ALB instances do not support direct access using the SLB domain name. Instead, use a custom domain name and resolve it to the ALB instance’s domain name using a CNAME record.
Release an instance
From the time an instance is created until you release it, you are charged an instance fee, regardless of whether you use it. To avoid unnecessary costs, release the instance when you no longer need it to stop billing.
When you release an Internet-facing ALB instance, any EIP or Anycast EIP associated with it, whether created during initial setup, cloning, adding zones, or changing the network type from Intranet to Internet, is automatically dissociated and released.
Releasing an instance deletes all its configurations permanently. Proceed with caution.
If the instance is managed by another cloud service, such as Container Service for Kubernetes (ACK), releasing it causes the dependent service to fail irreversibly.
Before releasing, make sure you redirect business domain names pointing to this instance to another destination to prevent service interruptions.
Before releasing an instance, confirm that Deletion protection is disabled.
Console
Go to the Instances page in the ALB console. In the Actions column for the target instance, select 
> Release and click Confirm.
API
Call DisableDeletionProtection to disable deletion protection for the instance.
Call DeleteLoadBalancer to delete the ALB instance.
Deletion protection and configuration read-only mode
Deletion protection and configuration read-only mode help prevent accidental deletion or modification of ALB instances.
Configuration read-only mode applies only to the console.
Console
Go to the Instances page in the ALB console. Click the ID of the target instance to open the Instance Details tab. In the Instance Information section, click Deletion Protection or Configuration Read-only Mode to turn them on or off.
API
Call EnableDeletionProtection and DisableDeletionProtection to enable or disable deletion protection.
Call UpdateLoadBalancerAttribute and set the
ModificationProtectionConfigparameter'sStatusfield to enable or disable configuration read-only mode.
Billing overview
ALB supports two billing methods: pay-as-you-go and resource plans. For more information about billing components, see ALB billing overview.
Quotas
For more information, see ALB quotas.