All Products
Search

This Product

    Server Load Balancer:Use ALB to balance loads for IPv6 services

    Document Center

    Server Load Balancer:Use ALB to balance loads for IPv6 services

    最終更新日:Sep 11, 2024

    Application Load Balancer (ALB) can forward IPv6 requests. This topic describes how to configure a dual-stack server group that contains IPv4 and IPv6 Elastic Compute Service (ECS) instances for a dual-stack ALB instance. This way, IPv6 clients can access the backend IPv4 and IPv6 services by using the ALB instance.

    Sample scenario

    The following figure shows an example. A company wants to use ALB to forward requests from IPv6 clients to the IPv4 and IPv6 services in a virtual private cloud (VPC) over the Internet. To meet this requirement, the company needs to create ECS instances that support IPv4 and IPv6, create a dual-stack ALB instance in the VPC, and create a server group that supports IPv6. After the preceding steps are complete, requests from IPv6 clients can be forwarded to the IPv4 and IPv6 services on the backend ECS instances by using the ALB instance.

    架构图

    Limits

    • For more information about the regions that support dual-stack ALB instances, see ALB instance overview.

    • To use the dual-stack feature, you must enable the IPv6 feature for the vSwitches in the zones of the VPC.

    • Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to IPv4 and IPv6 backend services.

      • Dual-stack ALB instances can forward requests from IPv6 clients to IPv4 backend services deployed on the following types of backend servers: ECS instances, ENIs, elastic container instances, and IP addresses. Backend servers of the Function Compute type are not supported.

      • Dual-stack ALB instances can forward requests from IPv6 clients to IPv6 backend services deployed on the following types of backend servers: ECS instances, ENIs, and elastic container instances. Backend servers of the IP address or Function Compute type are not supported.

    • IPv4 ALB instances cannot be upgraded to dual-stack instances. You can create dual-stack ALB instances as needed.

    • You cannot associate a dual-stack server group with a listener of an IPv4 ALB instance.

    Prerequisites

    • A VPC that supports IPv6 is created in the China (Shanghai) region. In this example, a VPC named VPC1 is created. After you enable IPv6, an IPv6 gateway is automatically created. Make sure that Internet bandwidth is enabled for the IPv6 gateway.

    • A vSwitch is created in each of Zone E and Zone G in the China (Shanghai) region. In this example, the vSwitch is Zone E is named vSwitch 1 and the vSwitch in Zone G is named vSwitch 2. IPv6 is enabled for vSwitch 2. For more information, see Enable IPv6 for a vSwitch.

    Procedure

    配置流程

    Step 1: Create and configure ECS instances

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click vSwitch.

    3. Select the region of the vSwitch. In this example, China (Shanghai) is selected.

    4. On the vSwitch page, find the vSwitch that you want to manage and choose Add Cloud Service > ECS Instance in the Actions column.

    5. On the Custom Launch tab of the Elastic Compute Service page, create an IPv4 ECS instance named ECS01 and an IPv6 ECS instance named ECS02. The security groups to which the ECS instances are added must allow traffic on port 80. For more information, see Create an instance on the Custom Launch tab.

      Click to view the ECS configurations in this example

      ECS instance

      Region

      VPC

      vSwitch

      IP version

      Image

      ECS01

      China (Shanghai)

      VPC1

      vSwitch 1 in Zone E

      IPv4

      Alibaba Cloud Linux

      ECS02

      China (Shanghai)

      VPC1

      vSwitch 2 in Zone G

      IPv6

      Note

      When you create an IPv6 ECS instance, select Assign IPv6 Address Free of Charge in the IPv6 section.

      Alibaba Cloud Linux

    6. Remotely log on to ECS01 and ECS02. For more information, see Connection method overview.

    7. Run the following commands on ECS01 to deploy an NGINX service: 

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! this is ipv4 rs." > index.html

    8. Run the following commands on ECS02 to deploy an NGINX service: 

      yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! this is ipv6 rs." > index.html

    9. Assign an IPv6 address to ECS02.

      Note

      Skip this step if Assign IPv6 Address Free of Charge is selected in the IPv6 section.

      In this example, an IPv6 address is manually assigned to ECS02. For more information, see Step 4: Configure an IPv6 address.

      1. Run the vi /etc/sysconfig/network-scripts/ifcfg-eth0 command to open the configuration file of the network interface controller (NIC). Replace eth0 in the command with the actual identifier of the NIC. Add the following configurations to the file:

        DHCPV6C=yes
IPV6INIT=yes

      2. After you add the configurations, press the Esc key, enter :wq, and then press the Enter key to save and exit the file.

      3. Restart ECS02. 

        reboot

      4. Restart ECS02 to check whether IPv6 is enabled for ECS02.

      Run the ip addr | grep inet6 or ifconfig | grep inet6 command.

      • If the command output contains the information about inet6, IPv6 is enabled for ECS02.

        • If the command output does not contain the information about inet6, IPv6 is disabled for ECS02.

      The following figure shows that IPv6 is enabled for ECS02.ipv6

    Step 2: Configure a security group rule for ECS02

    Configure a security group rule for ECS02 to allow inbound IPv6 traffic.

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Security Groups.

    3. In the top navigation bar, select the region of the security group. In this example, China (Shanghai) is selected.

    4. On the Security Groups page, find the security group that you want to manage and click Manage Rules in the Actions column.

    5. On the Security Group Details tab, click the Inbound tab in the Access Rule section.

    6. Click Add Rule and configure the parameters. Then, click Save in the Actions column. The following table describes the parameters.

      Parameter

      Description

      Action

      Select an action for the rule. In this example, Allow is selected.

      Priority

      Select a priority for the rule. A smaller value indicates a higher priority. Valid values: 1 to 100.

      In this example, the default value 1 is used.

      Protocol Type

      Select the type of allowed requests. In this example, All ICMP (IPv6) is selected.

      Port Range

      Specify a range of ports to accept requests from IPv6 clients.

      If you set the Protocol Type parameter to All ICMP (IPv6), -1/-1 is automatically selected from the Destination drop-down list and cannot be modified.

      Authorization Object

      Enter the IPv6 CIDR block to which the rule applies.

      In this example, ::/0 is used, which indicates that the rule applies to all IPv6 addresses.

      Note

      You can specify IPv6 addresses based on your business requirements.

      Description

      Enter a description for the rule.

    Step 3: Create an ALB instance

    1. Log on to the ALB console.

    2. On the Instances page, click Create ALB.

    3. On the buy page, configure the parameters, click Buy Now, and then complete the payment as prompted.

      The following table describes only some of the parameters. Use the default values for other parameters. For more information about the parameters, see Create an ECS instance.

      Parameter

      Description

      Region

      The region in which you want to create the ALB instance. In this example, China (Shanghai) is selected.

      Network Type

      Select a network type for the ALB instance. The system assigns public or private IP addresses to the ALB instance based on the selected network type. In this example, Internet is selected.

      Note

      The Internet network type is supported only by IPv4 ALB instances. By default, IPv6 ALB instances are internal-facing. In this example, an Internet-facing IPv6 ALB instance is created. In Step 4, the IPv6 address is changed to a public IPv6 address.

      VPC

      Select the VPC in which you want to deploy the ALB instance.

      Note

      Make sure that the IPv6 feature is enabled for the VPC.

      Zone

      1. Select at least two zones. In this example, Shanghai Zone E and Shanghai Zone G are selected.

      2. Select a vSwitch in each of the zones. In this example, vSwitch 1 in Zone E and vSwitch 2 in Zone G are selected.

      IP Mode

      Select an IP mode for the ALB instance. In this example, Static IP is selected.

      IP Version

      Select an IP version for the ALB instance. In this example, Dual-stack is selected.

      Edition

      Select an edition for the ALB instance. In this example, Standard is selected.

      Instance Name

      Enter a name for the ALB instance.

      Service-linked Role

      The first time you create an ALB instance, click Create Service-linked Role to create the AliyunServiceRoleForAlb role. The policy AliyunServiceRolePolicyForAlb is attached to the service-linked role to allow the ALB instance to access other cloud services. For more information, see System policies for ALB.

    4. After you create the dual-stack ALB instance, you must perform the following step to change the IPv6 address of the ALB instance to a public IPv6 address. For more information, see IP versions.

      1. Return to the Instances page and click the ID of the ALB instance.

      2. On the Instance Details tab, navigate to the Basic Information section and find the Network parameter. Then, click Change Network Type next to IPv6:Private.

      3. In the Change Network Type message, click OK.

        After the change takes effect, you can verify that the IPv6 network type changes to Public.

    Step 4: Create a server group

    1. In the left-side navigation pane, choose ALB > Server Groups.

    2. On the Server Groups page, click Create Server Group.

    3. In the Create Server Group dialog box, configure the parameters and click Create.

      The following table describes only some of the parameters. Use the default values for other parameters. For more information, see Create and manage a server group.

      Parameter

      Description

      Server Group Type

      Specify a type of server group. In this example, Server Type is selected.

      Server Group Name

      Enter a name for the server group.

      VPC

      Select a VPC from the VPC drop-down list. Only servers in the VPC can be added to the server group.

      Note

      Select the VPC in which the ALB instance is created. Make sure that IPv6 is enabled for the selected VPC.

      Backend Server Protocol

      Select a backend protocol. In this example, HTTP is selected.

      Scheduling Algorithm

      Select a scheduling algorithm. In this example, Weighted Round-robin is selected.

      IPv6

      Specifies whether to enable IPv6. In this example, IPv6 is turned on.

      Session Persistence

      Specifies whether to enable session persistence. In this example, the default value is used. Session persistence is disabled.

      Health Check

      Specifies whether to enable the health check feature. In this example, the health check feature is enabled.

      Health Check Settings

      After you enable the health check feature, click Modify to configure the health check settings.

    4. On the Server Group page, click the ID of the server group that you want to manage.

    5. Click the Backend Servers tab and then click Add Backend Server.

    6. In the Add Backend Server panel, select ECS01 and ECS02. In the IP column, select the IPv4 address of ECS01 and the IPv6 address of ECS02 and click Next.

    7. In the Ports/Weights step, specify the ports and weights of ECS01 and ECS02 and click OK.

      In this example, both ECS instances use the port number 80 and the default weight 100.

    Step 5: Configure a listener

    1. On the Instances page, click the ID of the ALB instance that you want to manage.

    2. Click the Listener tab and then click Create Listener.

    3. In the Configure Listener step, configure the parameters and click Next.

      The following table describes only some of the parameters. Use the default values for other parameters. For more information, see Add an HTTP listener.

      Parameter

      Description

      Select Listener Protocol

      Select a listener protocol. In this example, HTTP is selected.

      Listener Port

      Specify a listener port to receive requests and forward them to backend servers. In this example, port 80 is specified.

      Listener Name

      Enter a name for the listener.

      Advanced Settings

      In this example, the default settings are used. You can click Modify to modify the settings.

    4. In the Server Group step, configure the Server Type parameter, select a server group based on the specified Server Type, confirm the backend servers, and then click Next.

    5. In the Confirm step, confirm the configurations and click Submit.

    6. Click OK to return to the Listener tab. If the listener status in the Health Check Status column is Healthy, ECS01 and ECS02 can process requests forwarded by the ALB instance.

    Optional. Configure a DNS record

    1. In the left-side navigation pane, choose ALB > Instance.

    2. On the Instances page, copy the domain name of the ALB instance.

    3. Perform the following steps to create a CNAME record:

      1. Log on to the Alibaba Cloud DNS console.

      2. On the Domain Name Resolution page, click Add Domain Name.

      3. In the Add Domain Name dialog box, enter your domain name and click OK.

        Important

        Before you add a CNAME record, you must use a TXT record to verify the ownership of the domain name.

      4. Find the domain name that you want to manage and click DNS Settings in the Actions column.

      5. On the DNS Settings tab of the domain name details page, click Add DNS Record.

      6. In the Add DNS Record panel, configure the parameters and click OK. The following table describes the parameters.

        Parameter

        Description

        Record Type

        Select CNAME from the drop-down list.

        Hostname

        Enter the prefix of the domain name. In this example, @ is entered.

        Note

        If you use a root domain name, enter @.

        DNS Request Source

        Select Default.

        Record Value

        Enter the CNAME, which is the domain name of the ALB instance.

        TTL

        Specify the time-to-live (TTL) value for the CNAME record to be cached on the DNS server. In this example, the default value is used.

    Step 7: Test network connectivity

    1. Obtain the domain name.

      1. If you use a DNS record to map a custom domain name to the public domain name of the ALB instance, obtain the custom domain name.

      2. If you do not map custom domain names to the ALB instance, log on to the ALB console, select the region of the ALB instance, and copy the public domain name of the ALB instance in the Domain Name column.

    2. You can perform the following steps to test the connectivity between an IPv6 client and the ECS instances in the VPC.

      Note

      Before you perform the test, make sure that your client supports IPv6. To check whether your client supports IPv6, visit http://test-ipv6.com/ to run a test.

      Use a client that supports IPv6 to access ECS01 and ECS02 in the VPC.

      1. Open the CLI of the client.

      2. Run the following command multiple times to test whether requests from the IPv6 client are forwarded to the IPv4 and IPv6 ECS instances based on round-robin. 

        curl -6 http://<ALB domain name> -v

        The following echo reply packet indicates that the IPv6 client can access the IPv4 ECS instance.6-4

        The following echo reply packet indicates that the IPv6 client can access the IPv6 ECS instance.6-6

    The preceding results show that requests from the IPv6 client are forwarded to the IPv4 and IPv6 services in the VPC based on round-robin.

    Release resources

    1. Release the ECS instances and the security groups.

      1. Delete ECS01 and its security group:

        1. Log on to the ECS console. In the top navigation bar, select the region in which ECS01 instance resides, and click the image.png icon on the right side of ECS01. In the dialog box that appears, select Release to immediately release the instance.

        2. Log on to the ECS console. In the top navigation bar, select the region in which ECS01 resides, select the security group of ECS01, and then click Delete to delete the security group.

      2. Repeat the preceding steps to delete ECS02 and its security group.

    2. Optional. Delete the DNS records:

      For more information, see Delete a DNS Record.

    3. Release ALB resources:

      1. Log on to the ALB console. In the top navigation bar, select the region in which the ALB instance resides, click the image.png icon on the right side of the ALB instance. In the message that appears, select Release and click OK.

      2. For more information about how to remove backend servers, see Remove a backend server.

      3. For more information about how to delete a server group, see Delete a server group.

    4. Release VPC resources:

      1. Log on to the VPC console. In the top navigation bar, select the region where the VPC resides.

      2. Click Delete on the right side of the VPC. Select Forcefully Delete and click OK to delete the VPC and vSwitches.