All Products
Search
Document Center

Server Load Balancer:CreateListener

Last Updated:Oct 11, 2024

Creates a TCP or UDP listener, or a listener that uses SSL over TCP for a Network Load Balancer (NLB) instance.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
nlb:CreateListenercreate
  • ServerGroup
    acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
  • SecurityPolicy
    acs:nlb:{#regionId}:{#accountId}:securitypolicy/{#SecurityPolicyId}
  • LoadBalancer
    acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadbalancerId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ListenerProtocolstringYes

The listener protocol. Valid values: TCP, UDP, and TCPSSL.

TCP
ListenerPortintegerYes

The listener port. Valid values: 0 to 65535.

If you set the value to 0, the listener listens by port range. If you set the value to 0, you must specify StartPort and EndPort.

80
ListenerDescriptionstringNo

The name of the listener.

The name must be 2 to 256 characters in length, and can contain letters, digits, commas (,), periods (.), semicolons (;), forward slashes (/), at signs (@), underscores (_), and hyphens (-).

tcp_80
LoadBalancerIdstringYes

The ID of the Network Load Balancer (NLB) instance.

nlb-83ckzc8d4xlp8o****
ServerGroupIdstringYes

The server group ID.

Note
  • If you set ListenerProtocol to TCP, you can associate the listener with server groups whose backend protocol is TCP or TCP_UDP. You cannot associate the listener with server groups whose backend protocol is UDP.
  • If you set ListenerProtocol to UDP, you can associate the listener with server groups whose backend protocol is UDP or TCP_UDP. You cannot associate the listener with server groups whose backend protocol is TCP.
  • If you set ListenerProtocol to TCPSSL, you can associate the listener with server groups whose backend protocol is TCP and have client IP preservation disabled. You cannot associate the listener with server groups whose backend protocol is TCP and have client IP preservation enabled or server groups whose backend protocol is UDP or TCP_UDP.
  • sgp-ppdpc14gdm3x4o****
    IdleTimeoutintegerNo

    The timeout period of idle connections. Unit: seconds

    • If you set ListenerProtocol to TCP or TCPSSL, the timeout period of idle connections can be set to 10 to 900 seconds. Default value: 900.
    • If ListenerProtocol is set to UDP, the timeout period of idle connections can be set to 10 to 20 seconds. Default value: 20.
    900
    SecurityPolicyIdstringNo

    The security policy ID. System security policies and custom security policies are supported.

    • Valid values: tls_cipher_policy_1_0 (default), tls_cipher_policy_1_1, tls_cipher_policy_1_2, tls_cipher_policy_1_2_strict, and tls_cipher_policy_1_2_strict_with_1_3.

    • Custom security policy: the ID of the custom security policy.

    Note This parameter takes effect only for listeners that use SSL over TCP.
    tls_cipher_policy_1_0
    CertificateIdsarrayNo

    The server certificates. This parameter takes effect only for listeners that use SSL over TCP.

    Note You can specify only one server certificate.
    CertificateIdstringNo

    The server certificate. This parameter takes effect only for listeners that use SSL over TCP.

    Note You can specify only one server certificate.
    12315790212_166f8204689_1714763408_70998****
    CaCertificateIdsarrayNo

    The certificate authority (CA) certificates. This parameter takes effect only for listeners that use SSL over TCP.

    Note You can specify only one CA certificate.
    CaCertificateIdstringNo

    The CA certificate. This parameter takes effect only for listeners that use SSL over TCP.

    Note You can specify only one CA certificate.
    139a00604ad-cn-east-hangzh****
    CaEnabledbooleanNo

    Specifies whether to enable mutual authentication. Valid values:

    • true
    • false (default)
    false
    DryRunbooleanNo

    Specifies whether to perform only a dry run without performing the actual request. Valid values:

    • true: performs only a dry run. The system checks the request for potential issues, including missing parameter values, incorrect request syntax, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the DryRunOperation error code is returned.
    • false(default): performs a dry run and performs the actual request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed.
    false
    ClientTokenstringNo

    The client token that is used to ensure the idempotence of the request.

    You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.

    Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
    123e4567-e89b-12d3-a456-426655440000
    RegionIdstringNo

    The region ID of the NLB instance.

    You can call the DescribeRegions operation to query the most recent region list.

    cn-hangzhou
    ProxyProtocolEnabledbooleanNo

    Specifies whether to use the Proxy protocol to pass client IP addresses to backend servers. Valid values:

    • true
    • false (default)
    false
    SecSensorEnabledbooleanNo

    Specifies whether to enable fine-grained monitoring. Valid values:

    • true
    • false (default)
    false
    AlpnEnabledbooleanNo

    Specifies whether to enable Application-Layer Protocol Negotiation (ALPN). Valid values:

    • true
    • false (default)
    false
    AlpnPolicystringNo

    The ALPN policy. Valid values:

    • HTTP1Only: uses only HTTP 1.x. The priority of HTTP 1.1 is higher than the priority of HTTP 1.0.
    • HTTP2Only: uses only HTTP 2.0.
    • HTTP2Preferred: preferentially uses HTTP 2.0 over HTTP 1.x. The priority of HTTP 2.0 is higher than the priority of HTTP 1.1, and the priority of HTTP 1.1 is higher than the priority of HTTP 1.0. Note
    • HTTP2Optional: preferentially uses HTTP 1.x over HTTP 2.0. The priority of HTTP 1.1 is higher than the priority of HTTP 1.0, and the priority of HTTP 1.0 is higher than the priority of HTTP 2.0.
    Note This parameter is required if AlpnEnabled is set to true.
    HTTP1Only
    StartPortintegerNo

    The first port in the listener port range. Valid values: 0 to 65535.

    Note This parameter is required when ListenerPort is set to 0.
    244
    EndPortintegerNo

    The last port in the listener port range. Valid values: 0 to 65535. The number of the last port must be greater than the number of the first port.

    Note This parameter is required when ListenerPort is set to 0.
    566
    CpsintegerNo

    The maximum number of new connections per second supported by the listener in each zone (virtual IP address). Valid values: 0 to 1000000. 0 indicates that the number of connections is unlimited.

    100
    MssintegerNo

    The maximum size of a TCP segment. Unit: bytes. Valid values: 0 to 1500. 0 specifies that the maximum segment size remains unchanged.

    Note This parameter is supported only by TCP listeners and listeners that use SSL over TCP.
    43
    Tagarray<object>No

    The tags.

    objectNo
    KeystringNo

    The key of the tag. You can specify up to 20 tag keys. The tag key cannot be an empty string.

    The tag key can be up to 64 characters in length and cannot contain http:// or https://. It cannot start with aliyun or acs:.

    KeyTest
    ValuestringNo

    The tag value. The tag value can be up to 128 characters in length and cannot start with acs: or aliyun. It cannot contain http:// or https://.

    You can add up to 20 tags in each call.

    Test
    ProxyProtocolV2ConfigobjectNo

    Specifies that the Proxy protocol passes the VpcId, PrivateLinkEpId, and PrivateLinkEpsId parameters to backend servers.

    Ppv2VpcIdEnabledbooleanNo

    Specifies whether to use the Proxy protocol to pass the VpcId parameter to backend servers. Valid values:

    • true
    • false (default)
    false
    Ppv2PrivateLinkEpIdEnabledbooleanNo

    Specifies whether to use the Proxy protocol to pass the Ppv2PrivateLinkEpId parameter to backend servers. Valid values:

    • true
    • false (default)
    false
    Ppv2PrivateLinkEpsIdEnabledbooleanNo

    Specifies whether to use the Proxy protocol to pass the PrivateLinkEpsId parameter to backend servers. Valid values:

    • true
    • false (default)
    false

    Response parameters

    ParameterTypeDescriptionExample
    object

    RpcResponse

    RequestIdstring

    The request ID.

    CEF72CEB-54B6-4AE8-B225-F876FF7BA984
    ListenerIdstring

    The listener ID.

    lsn-bp1bpn0kn908w4nbw****@80
    JobIdstring

    The asynchronous task ID.

    72dcd26b-f12d-4c27-b3af-18f6aed5****

    Examples

    Sample success responses

    JSONformat

    {
      "RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
      "ListenerId": "lsn-bp1bpn0kn908w4nbw****@80",
      "JobId": "72dcd26b-f12d-4c27-b3af-18f6aed5****"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400Conflict.PortThe Port [%s] is conflict.The specified port conflicts with an existing port
    400IllegalParam.MssConflictWithUdpAndGeneveThe param of MssConflictWithUdpAndGeneve is illegal.When the Mss value is not null, the listenerProtocol cannot be udp or GENEVE.
    400QuotaExceeded.%sThe quota of %s is exceeded, usage %s/%s.-
    400SystemBusySystem is busy, please try again later.-
    400Mismatch.VpcIdThe VpcId is mismatched for %s and %s.The VpcId is mismatched for %s and %s.
    400ResourceNotEnough.%sThe specified resource of %s is not enough.-
    400Conflict.LockThe Lock [%s] is conflict.The specific resource is conflict.
    400IllegalParam.AnyPortListenerConflictWithNonAnyPortServerGroupThe param of AnyPortListenerConflictWithNonAnyPortServerGroup is illegal.-
    400IncorrectStatus.loadbalancerThe status of loadbalancer [%s] is incorrect.The current operation cannot be performed on the load balancer as its status is unavailable. Please check if the load balancer is currently undergoing any other operations.
    400ResourceNotFound.CertificateThe specified resource %s is not found.-
    400IllegalParam.ServerGroupIdThe param of ServerGroupId is illegal.The parameter ServerGroupId is invalid. Check the input parameters.
    400IllegalParam.NonAnyPortListenerConflictWithAnyPortServerGroupThe param of NonAnyPortListenerConflictWithAnyPortServerGroup is illegal.The listening port configuration conflicts with the full port forwarding switch.
    400MissingParam.CertificateThe param of certificate is missing.The parameter Certificate is missing.
    400IllegalParam.PortThe param of Port is illegal.The port range in the request is invalid. Check the input parameters.
    400QuotaExceeded.QuotaInsufficientThe quota of %s is exceeded, usage %s/%s.The quota is insufficient, currently used %s/%s. Please modify the quota size in the quota center.
    400Mismatch.ProtocolThe Protocol is mismatched for %s and %s.The protocols of the listener and server group do not match.
    400ResourceNotEnough.CaCertificateApiCountThe specified resource of CaCertificateApiCount is not enough.-
    400MissingParam.ServerGroupIdThe param of ServerGroupId is missing.The parameter ServerGroupId is missing, please check the input parameters.
    400IllegalParam.ListenerDescriptionThe parameter ListenerDescription of listener is illegal.The listener description does not meet the input requirements. Modify the listener description based on the details in the error.
    400DryRunOperationRequest validation has been passed with DryRun flag set.Request validation has been passed with DryRun flag set.
    400IllegalParam.IdleTimeoutThe param of IdleTimeout is illegal.The parameter connection idle timeout configuration is invalid.
    400MissingParam.%sThe parameter of %s is missing.-
    400IllegalParamThe param of %s is illegal.-
    400IllegalParamSize.certificateIdsThe param size of certificateIds or caCertificateIds is illegal.you can only have one certificate id. check whether the id is entered repeatedly.
    400DuplicatedParam.listenerThe param of any port listener is duplicated.Only one listener of the anyport type can be created. Check the input parameters.
    400IllegalParam.PreserveClientIpSwitchThe server group associated with the tcpssl listener does not support enabling PreserveClientIp.The server group associated with the tcpssl listener does not support enabling PreserveClientIp.
    400OperationDenied.RegionNotSupportHDMonitorThe operation is not allowed because of RegionNotSupportHDMonitor.The current region does not support second-level monitoring.
    403Forbidden.NoPermissionAuthentication is failed for NoPermission.Authentication is failed for NoPermission.
    404ResourceNotFound.VSwitchThe specified resource of vSwitch is not found.The specified vSwitch resource was not found. Please check the input parameters.
    404ResourceNotFound.loadBalancerThe specified resource of loadbalancer is not found.The specified load balancer resource was not found. Please check the input parameters.
    404ResourceNotFound.serverGroupThe specified resource of serverGroup is not found.The specified resource of serverGroup is not found. Please check the input parameters.
    404ResourceNotFound.CaCertificateThe specified resource of CaCertificate is not found.Ca certificate does not exist, please check the input parameters.
    404ResourceNotFound.HdMonitorConfigNotExistThe specified resource of HdMonitorConfigNotExist is not found.HdMonitorConfig does not exist, check the input parameters.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2024-08-27The Error code has changedView Change Details
    2024-03-21The Error code has changedView Change Details
    2024-03-14The Error code has changedView Change Details
    2024-02-22The Error code has changedView Change Details
    2024-02-04The Error code has changedView Change Details
    2024-01-30The Error code has changedView Change Details
    2024-01-29The Error code has changedView Change Details
    2024-01-24The Error code has changedView Change Details
    2024-01-22The Error code has changedView Change Details
    2023-12-20The Error code has changedView Change Details
    2023-12-18The Error code has changedView Change Details
    2023-11-27The Error code has changed. The request parameters of the API has changedView Change Details
    2023-10-10The Error code has changedView Change Details
    2023-10-09The Error code has changedView Change Details
    2023-09-26The Error code has changedView Change Details
    2023-09-12The Error code has changedView Change Details
    2023-09-05The Error code has changedView Change Details
    2023-08-22The Error code has changedView Change Details
    2023-06-30The internal configuration of the API is changed, but the call is not affectedView Change Details
    2023-06-29The request parameters of the API has changedView Change Details