What is Alibaba Cloud SLB Load Balancer Configuration Guide?

An in-depth guide to Alibaba Cloud SLB load balancer types, listener configuration, health checks, and advanced features for building highly available traffic distribution architectures.

How can Duoyun Cloud help me?

Duoyun Cloud is an official partner of Alibaba Cloud International, Tencent Cloud International, AWS, and GCP, offering up to 40% discount pricing, 24/7 technical support, and professional architecture consulting.

Alibaba Cloud SLB Load Balancer Configuration Guide

Q: Why is Alibaba Cloud SLB Load Balancer Configuration Guide important?

Understanding this topic helps enterprises optimize cloud architecture, reduce costs, and improve operational efficiency — a key component of a multi-cloud strategy.

Load balancing is the traffic gateway for distributed systems, directly impacting service availability and performance. Alibaba Cloud SLB (Server Load Balancer) provides Layer 4 and Layer 7 load balancing capabilities, making it a core component of any high-availability architecture. This guide covers SLB configuration methods and best practices in depth.

SLB Product Family

Alibaba Cloud has evolved SLB into a dual-product system with ALB (Application Load Balancer) and NLB (Network Load Balancer):

| Product | Layer | Features | Use Cases | |---------|-------|----------|----------| | ALB | Layer 7 (HTTP/HTTPS) | Smart routing, content caching, WAF integration | Web apps, API gateways | | NLB | Layer 4 (TCP/UDP) | Ultra-high performance, millions of concurrent connections, ultra-low latency | Gaming, IoT, financial trading | | CLB | Layer 4 + Layer 7 | Classic version, backward compatibility | Legacy migrations |

New project recommendations:

Web/HTTP traffic → ALB
TCP/UDP traffic → NLB
Legacy compatibility → CLB

Comparison with Other Providers

| Feature | Alibaba Cloud ALB | Tencent Cloud CLB | AWS ALB | |---------|-------------------|-----------|------| | Max QPS | 1M+ | 500K+ | 1M+ | | Routing rules | Domain + URL + Header + Cookie | Domain + URL | Domain + URL + Header | | HTTPS offloading | Yes | Yes | Yes | | WAF integration | Native | Extra configuration | AWS WAF | | gRPC support | Yes | Partial | Yes | | Pay-as-you-go | LCU units | Bandwidth/connections | LCU units |

ALB Configuration Deep Dive

Creating an ALB Instance

Log in to the Alibaba Cloud Console
Select Application Load Balancer ALB → Create Instance
Key configuration:

| Setting | Recommendation | Notes | |---------|---------------|-------| | Region | Same as ECS | LB and backends must be in the same region | | Availability zones | Select at least 2 | Cross-zone HA | | Network type | Public | For internet-facing services | | IP mode | Fixed IP | Easier DNS and security group management | | Edition | Standard | Meets most needs |

ALB Pricing Model

ALB uses LCU (Load Balancer Capacity Unit) pay-as-you-go billing:

| Billing Item | Price | Description | |-------------|-------|-------------| | Instance fee | ¥0.24/hour | Base instance retention | | LCU fee | ¥0.028/LCU/hour | Based on actual processing capacity | | Public traffic | ¥0.48/GB | Public instances only |

LCU is calculated as the maximum across four dimensions:

| Dimension | 1 LCU Equals | |-----------|-------------| | New connections | 25/sec | | Active connections | 3,000 | | Processed data | 1 GB/hour | | Rule evaluations | 1,000/sec |

Cost estimate: A web application with 500K daily PVs costs approximately ¥500–800/month.

Listener Configuration

Listeners define how ALB receives and forwards requests:

HTTP Listener

| Parameter | Recommended | Notes | |-----------|------------|-------| | Listen port | 80 | Receives HTTP requests | | Scheduling | Weighted Round Robin (WRR) | Default recommendation | | Session persistence | Enable as needed | Required for stateful apps | | Idle timeout | 60 seconds | Prevent connection buildup | | Request timeout | 60 seconds | Upstream response timeout protection |

HTTPS Listener

| Parameter | Recommended | Notes | |-----------|------------|-------| | Listen port | 443 | Receives HTTPS requests | | Certificate | Upload or select free cert | Use Cloud Shield certificates | | TLS policy | tls_cipher_policy_1_2 | Minimum TLS 1.2 | | HTTP/2 | Enable | Performance boost | | Force HTTPS | Enable redirect | HTTP→HTTPS auto-redirect |

Server Group Configuration

Server groups are collections of backend ECS instances:

# Create server group via CLI
aliyun alidns CreateServerGroup \
  --LoadBalancerId lb-xxx \
  --ServerGroupName web-servers \
  --Protocol HTTP

| Setting | Description | Recommended | |---------|-------------|-------------| | Backend protocol | Matches listener | HTTP | | Backend port | Application listen port | 8080 | | Health check path | Application health endpoint | /health | | Health check interval | Check frequency | 2 seconds | | Unhealthy threshold | Consecutive failures | 3 | | Healthy threshold | Consecutive successes for recovery | 3 |

Health Check Configuration

Health checks are the core mechanism for automatic failure removal:

HTTP Health Check

GET /health HTTP/1.1
Host: backend-service

| Parameter | Default | Production Recommendation | |-----------|---------|--------------------------| | Check interval | 2 seconds | 2–5 seconds | | Timeout | 5 seconds | 3–5 seconds | | Unhealthy threshold | 3 | 2–3 | | Healthy threshold | 3 | 2–3 | | Check path | / | /health (dedicated endpoint) | | HTTP status code | http_2xx, http_3xx | http_2xx |

TCP Health Check

For non-HTTP services (databases, caches, etc.):

Uses TCP SYN probe
No application-layer endpoint needed
Faster detection, but can't determine app-layer health

Health Check Endpoint Design

# Flask example
@app.route('/health')
def health():
    db_ok = check_db_connection()
    cache_ok = check_redis_connection()
    if db_ok and cache_ok:
        return 'OK', 200
    return 'Unhealthy', 503

Advanced Routing Configuration

Domain-Based Routing

One ALB instance can host multiple domains:

| Domain | Forward To | Priority | |--------|-----------|----------| | api.example.com | api-server-group | 1 | | www.example.com | web-server-group | 2 | | admin.example.com | admin-server-group | 3 |

URL Path-Based Routing

| Path | Forward To | Description | |------|-----------|-------------| | /api/* | api-server-group | API service | | /static/* | oss-server-group | Static assets → OSS | | /* | web-server-group | Default route |

Header-Based Routing

Implement canary releases, A/B testing:

| Condition | Forward To | Description | |-----------|-----------|-------------| | Header: X-Version=v2 | v2-server-group | New version | | Others | v1-server-group | Current version |

NLB Configuration Deep Dive

Creating an NLB

aliyun nlb CreateLoadBalancer \
  --LoadBalancerName game-nlb \
  --AddressType Internet \
  --ZoneMappings.1.ZoneId cn-beijing-a \
  --ZoneMappings.1.VSwitchId vsw-xxx \
  --ZoneMappings.2.ZoneId cn-beijing-b \
  --ZoneMappings.2.VSwitchId vsw-yyy

NLB Performance Metrics

| Metric | NLB | |--------|-----| | Max concurrent connections | 100 million | | New connections/CPS | 1 million | | Forwarding latency | Microseconds | | Supported protocols | TCP/UDP/TLS | | Client IP preservation | Yes (Proxy Protocol) |

NLB is ideal for gaming servers, financial trading systems, and other scenarios requiring extreme latency and concurrency. Compared to GCP Network Load Balancer, NLB offers orders-of-magnitude advantages in concurrent connections.

Security Configuration

| Security Measure | ALB | NLB | |-----------------|-----|-----| | Access Control (ACL) | Yes | Yes | | WAF integration | Native | No | | DDoS protection | Cloud Shield DDoS | Cloud Shield DDoS | | HTTPS cert management | Yes | TLS listener | | Security groups | Yes | Yes |

WAF Configuration

ALB integrates natively with Cloud Shield WAF—no extra deployment needed:

Enable WAF Protection in the ALB listener
Select a protection policy (basic/custom rules)
Enable Log Analysis to record attack events

Monitoring and Alerting

| Metric | Description | Alert Threshold | |--------|-------------|----------------| | QPS | Requests per second | >80% of expected peak | | Backend response time | Average RT | >500ms | | Health check failures | Unhealthy backends | >0 | | 4xx/5xx ratio | Error rate | >1% | | Connection utilization | Current/max | >70% |

Cost Optimization

Choose ALB/NLB wisely: Layer 7 needs use ALB; Layer 4 needs use NLB (NLB is cheaper)
Multi-domain reuse: One ALB instance serves multiple domains via routing rules
Internal SLB: Use internal type for internal services, saving public bandwidth costs
Reserved LCU packs: Stable workloads benefit from LCU resource packs for lower unit costs

Conclusion

Alibaba Cloud SLB/ALB/NLB provides a complete load balancing solution from Layer 7 smart routing to Layer 4 ultra-high performance. Properly configuring health checks and routing rules builds a highly available, high-performance traffic distribution architecture.

Duoyun Cloud, as an Alibaba Cloud partner, provides SLB/ALB/NLB configuration consulting and resource procurement. Order through Duoyun for 5%–10% exclusive discounts, free architecture reviews, and Chinese-language technical support. Visit duoyun.io for more offers.