All Products
Search
Document Center

PrivateLink:Create and manage endpoint services

最終更新日:Jun 05, 2024

You can associate endpoint services with endpoints to establish PrivateLink connections. This topic describes how to create a Server Load Balancer (SLB) instance that supports PrivateLink. This topic also describes how to specify the created SLB instance as a service resource of an endpoint service to allow private access from other virtual private clouds (VPCs).

Limits

  • The Classic Load Balancer (CLB) instance that you create to support PrivateLink must be an internal-facing CLB instance that supports only the VPC network type.

  • The Application Load Balancer (ALB) instance that you create to support PrivateLink must be an internal-facing ALB instance that uses a fixed IP address.

  • The Network Load Balancer (NLB) instance that you create to support PrivateLink must be an internal-facing NLB instance.

  • Make sure that the region and zone where you want to deploy an endpoint service support PrivateLink and SLB instances. For more information about the regions and zones that support PrivateLink and SLB instances, see the following topics:

  • The zone that you select when you create an endpoint service must be the zone where a CLB, ALB, or NLB instance is deployed.

Prerequisites

  • PrivateLink is activated. If this is the first time that you use PrivateLink, go to the activation page to activate PrivateLink as prompted.

  • The VPC in which a CLB, ALB, or NLB instance resides is created. A vSwitch is created in the corresponding zone in the VPC. For more information, see the Step 1: Create a VPC and vSwitches section of the Create a VPC with an IPv4 CIDR block topic.

    Note

    Make sure that the region and zone that you select when you create the vSwitch are the same as those you select when you create the CLB, ALB, or NLB instance.

Create an SLB instance

PrivateLink allows you to specify internal-facing CLB, ALB, and NLB instances as the service resources of endpoint services. You can select an appropriate SLB instance based on your business requirements.

Create a CLB instance

  1. Log on to the CLB console.

  2. On the Instances page, click Create CLB.

  3. On the buy page, specify the parameters for the CLB instance that supports PrivateLink, click Buy Now, and then complete the payment.

    Parameter

    Description

    Region

    Select the region where you want to create the CLB instance.

    Note

    Make sure that the CLB instance and the Elastic Compute Service (ECS) instances that you want to specify as backend servers belong to the same region.

    Zone Type

    Specify whether to deploy the CLB instance in one zone or across multiple zones. Default value: Multi-zone.

    Primary Zone

    Select a primary zone for the CLB instance to distribute network traffic.

    Backup Zone

    Select a secondary zone for the CLB instance. The CLB instance distributes network traffic to backend servers in the secondary zone only when the primary zone is unavailable.

    Instance Name

    Enter a name for the CLB instance.

    SLB instance

    Select a type for the CLB instance. You can create an Internet-facing CLB instance or an internal-facing CLB instance based on your business requirements. The system allocates a public or private IP address to the CLB instance based on the specified instance type.

    In this example, Intranet is selected.

    Instance Billing Method

    Select a billing method for the CLB instance. Valid values:

    • Pay-By-Specification

    • Pay-By-CLCU

    In this example, Pay-By-Specification is selected.

    Specification

    Select a specification for the CLB instance. CLB instances with different specifications deliver different performances. For more information, see Overview of CLB instances.

    Network Type

    Select a network type for the CLB instance.

    In this example, VPC is selected.

    IP Version

    Select an IP version for the CLB instance. In this example, IPv4 is selected.

    VPCId

    Select an existing VPC in which you want to deploy the CLB instance.

    VswitchId

    Select a vSwitch in the selected VPC.

    Internet Data Transfer Fee

    Default value: By traffic.

    Note

    Internet-facing CLB instances use the pay-by-data-transfer metering method. In this example, the CLB instance that you want to create is internal-facing and does not generate traffic fees.

    Resource Group

    Select the resource group to which the CLB instance belongs.

    Quantity

    Specify the number of CLB instances that you want to purchase.

    After you create the CLB instance, you can create backend servers and configure listeners for the CLB instance to process the requests from the client. This topic provides the configuration steps only related to endpoint services. For more information about how to create backend servers and configure listeners, see Configure a CLB instance.

Create an ALB instance

  1. Log on to the ALB console.

  2. On the Instances page, click Create ALB.

  3. On the buy page, specify the parameters for the ALB instance that supports PrivateLink, click Buy Now, and then complete the payment.

    Parameter

    Description

    Region

    Select the region where you want to create the ALB instance.

    Network Type

    Select a network type for the ALB instance. The system allocates a public IP address or a private IP address to the ALB instance based on the selected network type. In this example, Intranet is selected.

    VPC

    Select an existing VPC in which you want to deploy the ALB instance.

    Zone

    Select the zone where you want to deploy the ALB instance.

    1. Select at least two zones for the ALB instance.

    2. Select an existing vSwitch in each zone.

    IP Mode

    Select the type of the IP address that is used by the ALB instance. In this example, Static IP is selected.

    IP Version

    Select an IP version for the ALB instance. In this example, IPv4 is selected.

    • IPv4: If you select this option, the ALB instance can be accessed only by IPv4 clients.

    • Dual-stack: If you select this option, the ALB instance can be accessed by both IPv4 and IPv6 clients.

    Edition

    Select an edition for the ALB instance.

    • Basic: Basic ALB instances support basic routing features such as forwarding requests based on domain names, URLs, and HTTP headers.

    • Standard: Standard ALB instances support basic and advanced routing features, such as custom TLS security policies, redirects, and rewrites.

    • WAF Enabled: As an upgrade from standard ALB instances, WAF-enabled ALB instances are integrated with Web Application Firewall (WAF) 3.0 to protect web applications. Network traffic is filtered by WAF before traffic is routed to ALB listeners.

    Note

    Instance Name

    Enter a name for the ALB instance.

    Resource Group

    Select the resource group to which the ALB instance belongs.

    Service-linked Role

    If this is the first time that you create an ALB instance, you must click Create Service-linked Role to create a service-linked role.

    After you create the ALB instance, you can create backend servers and configure listeners for the ALB instance to process the requests from the client. For more information about how to create backend servers and configure listeners, see Use an ALB instance to provide IPv4 services.

Create an NLB instance

  1. Log on to the NLB console.

  2. In the top navigation bar, select the region in which the NLB instance is deployed.

  3. On the Instances page, click Create NLB.

  4. On the NLB (Pay-As-You-Go) International Site page, specify the parameters described in the following table and click Buy Now.

    Parameter

    Description

    Region

    Select the region where you want to create the NLB instance.

    Network Type

    Select a network type for the NLB instance. In this example, Intranet is selected.

    IP Version

    Select an IP version for the NLB instance. In this example, IPv4 is selected.

    • IPv4: If you select this option, the NLB instance can be accessed only by IPv4 clients.

    • Dual-stack Networking: If you select this option, the NLB instance can be accessed by IPv4 and IPv6 clients.

    VPC

    Select the VPC in which you want to deploy the NLB instance.

    Zone

    Select a zone for the NLB instance.

    Instance Name

    Enter a name for the NLB instance.

    Resource Group

    Select the resource group to which the NLB instance belongs. In this example, Default Resource Group is selected.

    Service-linked Role

    If this is the first time that you create an NLB instance, you must click Create Service-linked Role to create a service-linked role.

Create an endpoint service

  1. Log on to the endpoint service console.
  2. In the top navigation bar, select the region where you want to create an endpoint service.

  3. On the Endpoints Service page, click Create Endpoint Service.

  4. On the Create Endpoint Service page, specify the parameters described in the following table and click OK.

    Parameter

    Description

    Region

    Select the region where you want to create the endpoint service.

    Service Resource Type

    Select the type of the service resource. CLB, ALB, and NLB instances are supported.

    Select Service Resource

    Select the zone where the service resource is deployed and select the service resource.

    • You can select a service resource from one zone.

      1. Click the image.png icon next to a service resource.

      2. In the message that appears, click OK.

    • You can select service resources from multiple zones. By default, you must select service resources from two zones.

      If you want to add service resources in multiple zones, you can click +Add Service Resource to add service resources.

    Note
    • A CLB instance can serve as a service resource only in the zone in which the vSwitch of the CLB instance resides.

    • An ALB instance or an NLB instance can be deployed in multiple zones and can serve as a service resource across zones.

    • You can select multiple zones to ensure that a failover can be quickly performed if one of the zones is down. This ensures high service availability and stability and prevents service interruptions or data loss.

    Automatically Accept Endpoint Connections

    Select whether the endpoint service automatically accepts connection requests from endpoints.

    • Yes: The endpoint service automatically accepts all connection requests from endpoints. If you select this option, the endpoint service can be accessed by using endpoints.

    • No: The endpoint connection of the endpoint service is in the Disconnected state. In this case, connection requests to the endpoint service must be manually accepted. For more information, see the Manually accept connection requests section of the Accept endpoint connection requests and manage endpoint connections topic.

    Enable Zone Affinity

    Specify whether to first resolve the domain name of the nearest endpoint that is associated with the endpoint service.

    • Yes: Among all endpoints that are associated with the endpoint service, the domain name of the nearest endpoint is resolved first.

    • No: Among all endpoints that are associated with the endpoint service, the domain name of the nearest endpoint is not resolved first.

    Service Payer

    Select the account that pays the bills.

    Resource Group

    Select the resource group to which the endpoint service belongs.

    Tag Key

    Select or enter a tag key. To facilitate management, you can use custom tags to identify endpoint services.

    Tag Value

    Select or enter a tag value.

    Description

    Enter a description for the endpoint service.

What to do next

After service providers create endpoint services, service consumers need to create endpoints that are associated with the corresponding endpoint services. This way, the VPCs in which endpoints are deployed can access SLB resources deployed in other VPCs by using PrivateLink. For more information, see Create and manage endpoints.

Related operations

Modify the basic information about an endpoint service

You can modify the basic information about an endpoint service. For example, you can modify the description, default peak bandwidth, and setting about whether to automatically accept connection requests from endpoints.

  1. Log on to the endpoint service console.
  2. In the top navigation bar, select the region where you want to create an endpoint service.

  3. On the Endpoints Service page, find the endpoint service that you want to modify and click the ID of the endpoint service.

  4. Modify the basic information about the endpoint service based on your business requirements.

    Parameter

    Description

    Automatically Accept Connections

    Specify whether the endpoint service automatically accepts connection requests from endpoints.

    1. Click Enable or Disable next to Automatically Accept Connections.

    2. In the message that appears, click OK.

    Enable Zone Affinity

    Specify whether the domain name of the nearest endpoint that is associated with the endpoint service is resolved first.

    1. Click Enable or Disable next to Enable Zone Affinity.

    2. In the message that appears, click OK.

    Description

    1. Click Edit next to Description.

    2. In the dialog box that appears, enter a new description and click OK.

    Default Speed Limit

    Specify the default peak bandwidth of the endpoint service.

    1. Click Modify next to Default Speed Limit.

    2. In the Set Default Speed Limit dialog box, enter a new value in the Adjust Speed Limit field and click OK.

Delete an endpoint service

You can delete an endpoint service that you no longer need. After you delete the endpoint service, the SLB instances that are associated with the endpoint service in the corresponding VPC are still retained.

Warning

After you delete an endpoint service, other VPCs cannot access the service resources of the endpoint service over private connections. Exercise caution when you perform this operation.

Before you delete an endpoint service, make sure that the following requirements are met:

  • Connection requests from the endpoints that are associated with the endpoint service are rejected. For more information, see Reject endpoint connection requests.

  • Service resources that are added to the endpoint service are removed. For more information, see the Delete a service resource section of the Manage service resources topic.

  1. Log on to the endpoint service console.
  2. In the top navigation bar, select the region where you want to create an endpoint service.

  3. On the Endpoints Service page, find the endpoint service that you want to delete and click Delete in the Actions column.

  4. In the message that appears, click OK.

(Optional) Add tags to an endpoint service

As the number of endpoint services increases, endpoint service management becomes more difficult. You can use tags to group endpoint services. In this way, you can efficiently search for and filter endpoint services. For more information about tags, see Tags.

  1. Log on to the endpoint service console.

  2. In the top navigation bar, select the region where you want to create an endpoint service.

  3. On the Endpoints Service page, find the endpoint service to which you want to add a tag, move the pointer over the 标签图标 icon in the Tags column, and then click Edit in the pop-up box that appears.

  4. In the Configure Tags dialog box, set the following parameters and click OK.

    Parameter

    Description

    Tag Key

    The key of the tag. You can select or enter a key.

    The tag key can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

    Tag Value

    The value of the tag. You can select or enter a value.

    The tag value can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

  5. Return to the Endpoints Service page and click Filter by Tag. In the filter section, search for an endpoint service based on a tag key and a tag value.

References