Alibaba Cloud SLB Load Balancer Configuration Guide

Load balancing is the traffic gateway for distributed systems, directly impacting service availability and performance. Alibaba Cloud SLB (Server Load Balancer) provides Layer 4 and Layer 7 load balancing capabilities, making it a core component of any high-availability architecture. This guide covers SLB configuration methods and best practices in depth.

SLB Product Family

Alibaba Cloud has evolved SLB into a dual-product system with ALB (Application Load Balancer) and NLB (Network Load Balancer):

| Product | Layer | Features | Use Cases | |---------|-------|----------|----------| | ALB | Layer 7 (HTTP/HTTPS) | Smart routing, content caching, WAF integration | Web apps, API gateways | | NLB | Layer 4 (TCP/UDP) | Ultra-high performance, millions of concurrent connections, ultra-low latency | Gaming, IoT, financial trading | | CLB | Layer 4 + Layer 7 | Classic version, backward compatibility | Legacy migrations |

New project recommendations:

• Web/HTTP traffic → ALB
• TCP/UDP traffic → NLB
• Legacy compatibility → CLB

Comparison with Other Providers

| Feature | Alibaba Cloud ALB | Tencent Cloud CLB | AWS ALB | |---------|-------------------|-----------|------| | Max QPS | 1M+ | 500K+ | 1M+ | | Routing rules | Domain + URL + Header + Cookie | Domain + URL | Domain + URL + Header | | HTTPS offloading | Yes | Yes | Yes | | WAF integration | Native | Extra configuration | AWS WAF | | gRPC support | Yes | Partial | Yes | | Pay-as-you-go | LCU units | Bandwidth/connections | LCU units |

ALB Configuration Deep Dive

Creating an ALB Instance

1. Log in to the Alibaba Cloud Console
2. Select Application Load Balancer ALB → Create Instance
3. Key configuration:

| Setting | Recommendation | Notes | |---------|---------------|-------| | Region | Same as ECS | LB and backends must be in the same region | | Availability zones | Select at least 2 | Cross-zone HA | | Network type | Public | For internet-facing services | | IP mode | Fixed IP | Easier DNS and security group management | | Edition | Standard | Meets most needs |

ALB Pricing Model

ALB uses LCU (Load Balancer Capacity Unit) pay-as-you-go billing:

| Billing Item | Price | Description | |-------------|-------|-------------| | Instance fee | ¥0.24/hour | Base instance retention | | LCU fee | ¥0.028/LCU/hour | Based on actual processing capacity | | Public traffic | ¥0.48/GB | Public instances only |

LCU is calculated as the maximum across four dimensions:

| Dimension | 1 LCU Equals | |-----------|-------------| | New connections | 25/sec | | Active connections | 3,000 | | Processed data | 1 GB/hour | | Rule evaluations | 1,000/sec |

Cost estimate: A web application with 500K daily PVs costs approximately ¥500–800/month.

Listener Configuration

Listeners define how ALB receives and forwards requests:

HTTP Listener

| Parameter | Recommended | Notes | |-----------|------------|-------| | Listen port | 80 | Receives HTTP requests | | Scheduling | Weighted Round Robin (WRR) | Default recommendation | | Session persistence | Enable as needed | Required for stateful apps | | Idle timeout | 60 seconds | Prevent connection buildup | | Request timeout | 60 seconds | Upstream response timeout protection |

HTTPS Listener

| Parameter | Recommended | Notes | |-----------|------------|-------| | Listen port | 443 | Receives HTTPS requests | | Certificate | Upload or select free cert | Use Cloud Shield certificates | | TLS policy | tls_cipher_policy_1_2 | Minimum TLS 1.2 | | HTTP/2 | Enable | Performance boost | | Force HTTPS | Enable redirect | HTTP→HTTPS auto-redirect |

Server Group Configuration

Server groups are collections of backend ECS instances:

# Create server group via CLI
aliyun alidns CreateServerGroup \
  --LoadBalancerId lb-xxx \
  --ServerGroupName web-servers \
  --Protocol HTTP

| Setting | Description | Recommended | |---------|-------------|-------------| | Backend protocol | Matches listener | HTTP | | Backend port | Application listen port | 8080 | | Health check path | Application health endpoint | /health | | Health check interval | Check frequency | 2 seconds | | Unhealthy threshold | Consecutive failures | 3 | | Healthy threshold | Consecutive successes for recovery | 3 |

Health Check Configuration

Health checks are the core mechanism for automatic failure removal:

HTTP Health Check

GET /health HTTP/1.1
Host: backend-service

| Parameter | Default | Production Recommendation | |-----------|---------|--------------------------| | Check interval | 2 seconds | 2–5 seconds | | Timeout | 5 seconds | 3–5 seconds | | Unhealthy threshold | 3 | 2–3 | | Healthy threshold | 3 | 2–3 | | Check path | / | /health (dedicated endpoint) | | HTTP status code | http_2xx, http_3xx | http_2xx |

TCP Health Check

For non-HTTP services (databases, caches, etc.):

• Uses TCP SYN probe
• No application-layer endpoint needed
• Faster detection, but can't determine app-layer health

Health Check Endpoint Design

# Flask example
@app.route('/health')
def health():
    db_ok = check_db_connection()
    cache_ok = check_redis_connection()
    if db_ok and cache_ok:
        return 'OK', 200
    return 'Unhealthy', 503

Advanced Routing Configuration

Domain-Based Routing

One ALB instance can host multiple domains:

| Domain | Forward To | Priority | |--------|-----------|----------| | api.example.com | api-server-group | 1 | | www.example.com | web-server-group | 2 | | admin.example.com | admin-server-group | 3 |

URL Path-Based Routing

| Path | Forward To | Description | |------|-----------|-------------| | /api/* | api-server-group | API service | | /static/* | oss-server-group | Static assets → OSS | | /* | web-server-group | Default route |

Header-Based Routing

Implement canary releases, A/B testing:

| Condition | Forward To | Description | |-----------|-----------|-------------| | Header: X-Version=v2 | v2-server-group | New version | | Others | v1-server-group | Current version |

NLB Configuration Deep Dive

Creating an NLB

aliyun nlb CreateLoadBalancer \
  --LoadBalancerName game-nlb \
  --AddressType Internet \
  --ZoneMappings.1.ZoneId cn-beijing-a \
  --ZoneMappings.1.VSwitchId vsw-xxx \
  --ZoneMappings.2.ZoneId cn-beijing-b \
  --ZoneMappings.2.VSwitchId vsw-yyy

NLB Performance Metrics

| Metric | NLB | |--------|-----| | Max concurrent connections | 100 million | | New connections/CPS | 1 million | | Forwarding latency | Microseconds | | Supported protocols | TCP/UDP/TLS | | Client IP preservation | Yes (Proxy Protocol) |

NLB is ideal for gaming servers, financial trading systems, and other scenarios requiring extreme latency and concurrency. Compared to GCP Network Load Balancer, NLB offers orders-of-magnitude advantages in concurrent connections.

Security Configuration

| Security Measure | ALB | NLB | |-----------------|-----|-----| | Access Control (ACL) | Yes | Yes | | WAF integration | Native | No | | DDoS protection | Cloud Shield DDoS | Cloud Shield DDoS | | HTTPS cert management | Yes | TLS listener | | Security groups | Yes | Yes |

WAF Configuration

ALB integrates natively with Cloud Shield WAF—no extra deployment needed:

1. Enable WAF Protection in the ALB listener
2. Select a protection policy (basic/custom rules)
3. Enable Log Analysis to record attack events

Monitoring and Alerting

| Metric | Description | Alert Threshold | |--------|-------------|----------------| | QPS | Requests per second | >80% of expected peak | | Backend response time | Average RT | >500ms | | Health check failures | Unhealthy backends | >0 | | 4xx/5xx ratio | Error rate | >1% | | Connection utilization | Current/max | >70% |

Cost Optimization

1. Choose ALB/NLB wisely: Layer 7 needs use ALB; Layer 4 needs use NLB (NLB is cheaper)
2. Multi-domain reuse: One ALB instance serves multiple domains via routing rules
3. Internal SLB: Use internal type for internal services, saving public bandwidth costs
4. Reserved LCU packs: Stable workloads benefit from LCU resource packs for lower unit costs

Conclusion

Alibaba Cloud SLB/ALB/NLB provides a complete load balancing solution from Layer 7 smart routing to Layer 4 ultra-high performance. Properly configuring health checks and routing rules builds a highly available, high-performance traffic distribution architecture.

Duoyun Cloud, as an Alibaba Cloud partner, provides SLB/ALB/NLB configuration consulting and resource procurement. Order through Duoyun for 5%–10% exclusive discounts, free architecture reviews, and Chinese-language technical support. Visit duoyun.io for more offers.