: Configure Load Balancing on Alibaba Cloud
Focus
Focus

Configure Load Balancing on Alibaba Cloud

Table of Contents
End-of-Life (EoL)

Configure Load Balancing on Alibaba Cloud

Use the Alibaba CLI to add ENIs to the Alibaba SLB.
On Alibaba Cloud, you can deploy the VM-Series firewall in a load balancer sandwich configuration where the firewall is deployed between a public network and a private network, as shown below.
In Create a VPC and Configure Networks, you created Untrust and Trust ENIs and attached them to the VM-Series firewall instance as secondary ENIs.
When you use the console to add multiple backend servers to Alibaba Server Load Balancer (SLB), the SLB sends traffic to the primary ENI of the next-hop backend servers. Because the primary ENI is the management interface, traffic must go to the Untrust interface (a secondary ENI) for inspection.
To ensure that internet traffic goes to dataplane interfaces rather than the management interface, use the Alibaba CLI to attach the VM-Series firewall untrust ENIs to your SLB instance.
You must install the Aliyun command line interface to use the following CLI commands.
  1. Create the public and private VPCs for a load balancer sandwich configuration, and deploy the VM-Series firewalls.
    The remaining steps are sample CLI commands you can adapt to your environment.
  2. Create the load balancer.
    slb CreateLoadBalancer --RegionId us-west-1 --LoadBalancerName wli-slb 
    --VpcId vpc-rj91ry36ghwgc8cf2fr7z --LoadBalancerSpec slb.s1.small 
    --AddressType internet --MasterZoneId us-west-1a 
    --SlaveZoneId us-west-1b 
    {
            "NetworkType": "classic",
            "LoadBalancerName": "**********",
            "Address": "***********,
            "ResourceGroupId": "rg-************ofi",
            "RequestId": "0B8BA2AA-E837-****-****-B82A8A1D5FBB",
            "AddressIPVersion": "ipv4",
            "LoadBalancerId": "lb-******************mvz",
            "VSwitchId": "",
            "VpcId": "vpc-*****************r7z"
    }
  3. Add backend servers.
    Use the CLI to add interfaces one at a time. The order in which you add the interfaces determines which NIC receives the interface.
    aliyun slb AddBackendServers --LoadBalancerId lb-******************mvz
    --BackendServers
    '[
           {
                  "ServerId":"eni-******************bzw",
                  "Type":"eni","Weight":"100"
           }
    ]'
  4. Create an HTTP Listener that performs a health check.
    aliyun slb CreateLoadBalancerHTTPListener
    --LoadBalancerId lb-******************mvz
    --ListenerPort 80 --StickySession on
    --HealthCheck on --HealthCheckURI '/'