Esta página ainda não está disponível no idioma selecionado. Estamos trabalhando para adicionar mais opções de idiomas. Agradecemos sua compreensão.
Elastic Load Balance
Elastic Load Balance
- What's New
- Function Overview
-
Service Overview
- ELB Infographics
- What Is ELB?
- ELB Advantages
- How ELB Works
- Application Scenarios
- Differences Between Dedicated and Shared Load Balancers
- Load Balancing on a Public or Private Network
- Network Traffic Paths
- Specifications of Dedicated Load Balancers
- Notes and Constraints
- Security
- Permissions
- Product Concepts
- ELB and Other Services
-
Billing
- Billing Overview
- Billing Mode
- Billing Items (Dedicated Load Balancers)
- Billing Items (Shared Load Balancers)
- Billing Examples
- Bills
- Arrears
- Stopping Billing
- Cost Management
-
FAQs
- When Do I Need Public Bandwidth for ELB?
- Will I Be Billed for Both the Bandwidth Used by the Load Balancer and the Bandwidth Used by Backend Servers?
- Do I Need to Adjust the Bandwidth of Shared Load Balancers Based on the Bandwidth Used by Backend Servers?
- Can I Modify the Bandwidth of a Load Balancer?
- What Functions Will Become Unavailable If a Load Balancer Is Frozen?
- Getting Started
-
User Guide
-
User Guide for Dedicated Load Balancers
- Using a Dedicated Load Balancer
- Permissions Management
-
Load Balancer
- Dedicated Load Balancer Overview
- Creating a Dedicated Load Balancer
- Enabling or Disabling Modification Protection for Dedicated Load Balancers
- Modifying the Basic Configurations of a Dedicated Load Balancer
- Modifying the Network Configurations of a Dedicated Load Balancer
- Exporting Dedicated Load Balancers
- Deleting a Dedicated Load Balancer
- Copying a Dedicated Load Balancer
- Enabling or Disabling a Load Balancer
- Listener
- Backend Server Group
- Backend Server
- Health Check
- Security
- Access Logging
- Tags and Quotas
- Cloud Eye Monitoring
- Auditing
-
User Guide for Shared Load Balancers
- Permissions Management
-
Load Balancer
- Shared Load Balancer Overview
- Creating a Shared Load Balancer
- Configuring Modification Protection for Shared Load Balancers
- Changing the Network Configurations of a Shared Load Balancer
- Deleting a Shared Load Balancer
- Enabling or Disabling a Shared Load Balancer
- Enabling Guaranteed Performance for a Shared Load Balancer
- Listener
- Backend Server Group
- Backend Server
- Health Check
- Security
- Access Logging
- Tags and Quotas
- Cloud Eye Monitoring
- Auditing
- Self-service Troubleshooting
- Appendix
-
User Guide for Dedicated Load Balancers
-
Best Practices
- Using IP as a Backend to Route Traffic Across Backend Servers
- Using Advanced Forwarding for Application Iteration
- Integrating WAF with ELB to Protect Your Websites
- Configuring HTTPS Mutual Authentication to Improve Service Security
- Using ELB to Redirect HTTP Requests to an HTTPS Listener for Higher Service Security
-
API Reference
- Before You Start
- API Overview
- Selecting an API Version
- Calling APIs
-
APIs (V3)
- API Version
- Quota
- AZ
- Load Balancer Flavor
- Reserved IP Address
-
Load Balancer
- Creating a Load Balancer
- Batch Creating Load Balancers
- Upgrading a Load Balancer
- Querying Load Balancers
- Copying a Load Balancer
- Viewing the Details of a Load Balancer
- Updating a Load Balancer
- Deleting a Load Balancer
- Deleting a Load Balancer and Its Associated Resources
- Deleting a Load Balancer and Its Associated Resources (Including EIPs)
- Querying the Status Tree of a Load Balancer
- Deploying a Load Balancer in Other AZs
- Removing a Load Balancer from AZs
- Certificate
- Security Policy
-
IP Address Group
- Creating an IP Address Group
- Querying IP Address Groups
- Querying the Details of an IP Address Group
- Updating an IP Address Group
- Deleting an IP Address Group
- Updating IP Addresses in an IP Address Group
- Deleting IP Addresses from an IP Address Group
- Querying the Listeners Associated with an IP Address Group
- Listener
- Backend Server Group
- Backend Server
- Health Check
- Forwarding Policy
- Forwarding Rule
- Active/Standby Backend Server Group
- Log
- Asynchronous Task
- Feature Configuration
- Asynchronous Tasks
- APIs (V2)
-
APIs (OpenStack)
-
Tag
- Adding a Tag to a Load Balancer
- Batch Adding Load Balancer Tags
- Batch Deleting Load Balancer Tags
- Querying All Tags of a Load Balancer
- Querying the Tags of All Load Balancers
- Querying Load Balancers by Tag
- Deleting a Tag from a Load Balancer
- Adding a Tag to a Listener
- Batch Adding Tags to a Listener
- Batch Deleting Tags from a Listener
- Querying All Tags of a Listener
- Querying the Tags of All Listeners
- Querying Listeners by Tag
- Deleting a Tag from a Listener
- Status Codes
-
Tag
- Examples
- Permissions and Supported Actions
-
Historical APIs
- Shared Load Balancer APIs (OpenStack) (Discarded)
- Asynchronous Job Query (Discarded)
- Querying Versions (Discarded)
-
Getting Started
- Creating a Load Balancer
- Obtaining a Token
- Creating a Load Balancer
- Creating a Public Network Load Balancer
- Adding a Listener
- Creating a Backend Server Group
- Adding Backend Servers
- Configuring a Health Check
- Adding a Forwarding Policy
- Adding a Forwarding Rule
- Adding a Whitelist
- Creating an SSL Certificate
- Appendix
- SDK Reference
-
FAQs
- Popular Questions
-
Service Abnormality
- What Can I Do If There Is Packet Loss?
- Why Can't I Access My Backend Servers Through a Load Balancer?
- Why Does a Server Occasionally Time Out When a Client Access It Through Different Load Balancers or Different Listeners of a Load Balancer?
- What Can I Do If ELB Can't Be Accessed or Traffic Routing is Interrupted?
- How Can I Handle Abnormal Status Codes?
- How Do I Handle Abnormal Request Headers?
- How Do I Check for Traffic Inconsistencies?
- Why Does ELB Fail to Distribute Traffic Evenly?
- How Do I Check If There Is Excessive Access Delay?
- What Do I Do If a Load Balancer Fails a Stress Test?
- How Do I Check If Sticky Sessions Failed to Take Effect?
- How Do I Check SSL/TLS Authentication Errors?
-
Health Checks
- How Do I Troubleshoot an Unhealthy Backend Server of a Dedicated Load Balancer?
- How Do I Troubleshoot an Unhealthy Backend Server of a Shared Load Balancer?
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from the Configured Interval?
- How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?
- Why Does ELB Frequently Send Requests to Backend Servers During Health Checks?
- When Does a Health Check Start?
- What Do I Do If a Lot of Access Logs Are Generated During Health Checks?
- What Status Codes Will Be Returned If Backend Servers Are Identified as Healthy?
-
ELB Functionality
- Can Load Balancers Be Used Separately?
- Can ELB Block DDoS Attacks and Secure Web Code?
- What Types of APIs Does ELB Provide? What Are Permissions of ELB?
- Can Backend Servers of a Load Balancer Run Different OSs?
- Can ELB Be Used Across Accounts or VPCs?
- Can a Backend Server Access Its Load Balancer?
- Can Both the Listener and Backend Server Group Use HTTPS?
- Does ELB Support IPv6 Networks?
- How Do I Determine the Server Response Time Based on Monitoring Data and Logs?
- How Can I Transfer the IP Address of a Client?
- What Are the Differences Between Persistent Connections and Sticky Sessions?
- How Do I Test Sticky Sessions Using Linux Curl Commands?
-
Load Balancers
- How Does ELB Distribute Traffic?
- How Can I Configure Load Balancing for Containerized Applications?
- Can I Bind Multiple EIPs to a Load Balancer?
- Why Multiple IP Addresses Are Required When I Create a Dedicated Load Balancer?
- Can Backend Servers Access the Internet Using the EIP of the Load Balancer?
- Do Shared Load Balancers Have Specifications?
- What Is the Difference Between the Bandwidth Defined in Each Specification of a Dedicated Load Balancer and the Bandwidth of an EIP?
- How Do I Combine ELB and WAF?
-
Listeners
- What Are the Relationships Between Load Balancing Algorithms and Sticky Session Types?
- What HTTP Headers Can I Configure for an HTTP and HTTP Listener?
- Will ELB Stop Distributing Traffic Immediately After a Listener Is Deleted?
- Does ELB Have Restrictions on the File Upload Speed and Size?
- Can Multiple Load Balancers Route Requests to One Backend Server?
- How Is WebSocket Used?
- What Are the Three Timeouts of a Listener and What Are the Default Durations?
- Why Can't I Select the Target Backend Server Group When Adding or Modifying a Listener?
- Why Is There a Security Warning After a Certificate Is Configured for an HTTPS Listener?
- Why Is a Forwarding Policy in the Faulty State?
-
Backend Servers
- Can Backend Servers Access the Internet After They Are Associated with a Load Balancer?
- Can ELB Distribute Traffic Across Servers That Are Not Provided by Huawei Cloud?
- Why Are Backend Servers Frequently Accessed by IP Addresses in 100.125.0.0/16 or 214.0.0.0/8?
- Can ELB Route Traffic Across Regions?
- Does Each Backend Server Need an EIP to Receive Requests from a Public Network Load Balancer?
- How Do I Check the Network Conditions of a Backend Server?
- How Can I Check the Network Configuration of a Backend Server?
- How Do I Check the Status of a Backend Server?
- How Do I Check Whether a Backend Server Can Be Accessed Through an EIP?
- Why Is the Number of Active Connections Monitored by Cloud Eye Different from the Number of Connections Established with the Backend Servers?
- Why Can I Access Backend Servers After a Whitelist Is Configured?
- When Will the Changes to Server Weights Be Applied?
- Certificates
- Access Logging
- Monitoring
-
Billing
- When Do I Need Public Bandwidth for ELB?
- Will I Be Billed for Both the Bandwidth Used by the Load Balancer and the Bandwidth Used by Backend Servers?
- Do I Need to Adjust the Bandwidth of Shared Load Balancers Based on the Bandwidth Used by Backend Servers?
- Can I Modify the Bandwidth of a Load Balancer?
- What Functions Will Become Unavailable If a Load Balancer Is Frozen?
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Load Balancer
- Listener
- Backend Server
- Health Check
- Certificate
- Access Logging
- Monitoring
- Auditing
-
FAQs
- Questions Summary
- ELB Usage
- Load Balancer
- Listener
-
Backend Server
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Is Different from the Configured Health Check Interval?
- Can Backend Servers Access the Public Network After They Are Associated with a Load Balancer?
- How Can I Check the Network Conditions of a Backend Server?
- How Can I Check the Network Configuration of a Backend Server?
- How Can I Check the Status of a Backend Server?
- When Is a Backend Server Considered Healthy?
- Health Check
- Obtaining Source IP Addresses
- HTTP/HTTPS Listeners
- Sticky Session
- Appendix
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- Load Balancer APIs
- Load Balancer (Enterprise Project) APIs
- Common Parameters
- Appendix
- Change History
-
User Guide (Paris Region)
-
Service Overview
- What Is ELB?
- Product Advantages
- How ELB Works
- Application Scenarios
- Differences Between Dedicated and Shared Load Balancers
- Load Balancing on a Public or Private Network
- Network Traffic Paths
- Specifications of Dedicated Load Balancers
- Quotas and Constraints
- Billing (Shared Load Balancers)
- Billing (Dedicated Load Balancers)
- Permissions
- Product Concepts
- How ELB Works with Other Services
- Getting Started
-
Load Balancer
- Overview
- Preparations for Creating a Load Balancer
- Creating a Dedicated Load Balancer
- Creating a Shared Load Balancer
- Configuring Deletion Protection for Load Balancers
- Modifying the Bandwidth
- Changing the Specifications of a Dedicated Load Balancer
- Changing an IP Address
- Binding an IP Address to or Unbinding an IP Address from a Load Balancer
- Adding to or Removing from an IPv6 Shared Bandwidth
- Exporting the Load Balancer List
- Deleting a Load Balancer
- Listener
- Advanced Features of HTTP/HTTPS Listeners
- Backend Server Group
- Backend Server (Dedicated Load Balancers)
- Backend Server (Shared Load Balancers)
- Certificate
- Access Control
- TLS Security Policy
- Tag
- Access Logging
- Monitoring
- Auditing
- Load Balancer Migration
- Permissions Management
- Quotas
-
FAQ
- Popular Questions
- Why Can't I Access My Backend Servers Through a Load Balancer?
- What Can I Do If ELB Can't Be Accessed or Traffic Routing is Interrupted?
- How Can I Handle Error Codes?
- Can ELB Be Used Separately?
- Does ELB Support Persistent Connections?
- Does ELB Support FTP on Backend Servers?
- Is an EIP Assigned Exclusively to a Load Balancer?
- How Many Load Balancers and Listeners Can I Have?
- What Types of APIs Does ELB Provide? What Are Permissions of ELB?
- Can I Adjust the Number of Backend Servers When a Load Balancer is Running?
- Can Backend Servers Run Different OSs?
- Can I Configure Different Backend Ports for a Load Balancer?
- Can ELB Be Used Across Accounts or VPCs?
- Can Backend Servers Access the Ports of a Load Balancer?
- Can Both the Listener and Backend Server Group Use HTTPS?
- Can I Change the VPC and Subnet for My Load Balancer?
- Can I Upgrade a Shared Load Balancer to a Dedicated Load Balancer Without Interrupting Traffic Routing?
- Does ELB Support IPv6 Networks?
- How Do I Check for Traffic Inconsistencies?
- How Do I Check If Traffic Is Being Evenly Distributed?
- How Do I Check If There Is Excessive Access Delay?
- What Do I Do If a Load Balancer Fails a Stress Test?
-
Load Balancers
- How Does ELB Distribute Traffic?
- How Can I Access a Load Balancer Across VPCs?
- How Can I Configure Load Balancing for Containerized Applications?
- Why Can't I Delete My Load Balancer?
- Do I Need to Configure EIP Bandwidth for My Load Balancers?
- Can I Bind Multiple EIPs to a Load Balancer?
- Why Multiple IP Addresses Are Required When I Create or Enable a Dedicated Load Balancer?
- Why Are Requests from the Same IP Address Routed to Different Backend Servers When the Load Balancing Algorithm Is Source IP Hash?
- Can Backend Servers Access the Internet Using the EIP of the Load Balancer?
- Do Shared Load Balancers Have Specifications?
- Will Traffic Routing Be Interrupted If the Load Balancing Algorithm Is Changed?
- What Is the Difference Between the Bandwidth Included in Each Specification of a Dedicated Load Balancer and the Bandwidth of an EIP?
- How Do I Combine ELB and WAF?
-
Listeners
- What Are the Relationships Between Load Balancing Algorithms and Sticky Session Types?
- Can I Bind Multiple Certificates to a Listener?
- What HTTP Headers Can I Configure for an HTTP and HTTP Listener?
- Will ELB Stop Distributing Traffic Immediately After a Listener Is Deleted?
- Does ELB Have Restrictions on the File Upload Speed and Size?
- Can Multiple Load Balancers Route Requests to One Backend Server?
- How Is WebSocket Used?
- Why Can't I Select the Target Backend Server Group When Adding or Modifying a Listener?
- Why Cannot I Add a Listener to a Dedicated Load Balancer?
-
Backend Servers
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from What I Have Configured?
- Can Backend Servers Access the Internet After They Are Associated with a Load Balancer?
- Why Are Backend Servers Frequently Accessed by IP Addresses in 100.125.0.0/16?
- Can ELB Route Traffic Across Regions?
- Does Each Backend Server Need an EIP to Receive Requests from a Public Network Load Balancer?
- How Do I Check the Network Conditions of a Backend Server?
- How Can I Check the Network Configuration of a Backend Server?
- How Do I Check the Status of a Backend Server?
- When Is a Backend Server Considered Healthy?
- How Do I Check Whether a Backend Server Can Be Accessed Through an EIP?
- Why Is the Number of Active Connections Monitored by Cloud Eye Different from the Number of Connections Established with the Backend Servers?
- Why Can I Access Backend Servers After a Whitelist Is Configured?
- When Will Modified Weights Take Effect?
- Why Must the Subnet Where the Load Balancer Resides Have at Least 16 Available IP Addresses for Enabling IP as a Backend?
-
Health Checks
- How Do I Troubleshoot an Unhealthy Backend Server?
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from the Configured Interval?
- How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?
- Why Does ELB Frequently Send Requests to Backend Servers During Health Checks?
- When Does a Health Check Start?
- Do Maximum Retries Include Health Checks That Consider Backend Servers Unhealthy?
- What Do I Do If a Lot of Access Logs Are Generated During Health Checks?
- What Status Codes Will Be Returned If Backend Servers Are Identified as Healthy?
- Obtaining Source IP Addresses
-
HTTP/HTTPS Listeners
- Which Protocol Should I Select for the Backend Server Group When Adding an HTTPS Listener?
- Why Is There a Security Warning After a Certificate Is Configured?
- Why Is a Forwarding Policy in the Faulty State?
- Why Can't I Add a Forwarding Policy to a Listener?
- Why Cannot I Select an Existing Backend Server Group When Adding a Forwarding Policy?
- Sticky Sessions
- Certificates
- Monitoring
- Change History
-
Service Overview
-
API Reference (Paris Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- Dedicated Load Balancer APIs
- Classic Load Balancer APIs
- Enhanced Load Balancer APIs
- Appendix
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
-
Load Balancer
- Overview
- Preparations for Creating a Load Balancer
- Creating a Dedicated Load Balancer
- Modifying the Bandwidth
- Changing the Specifications of a Dedicated Load Balancer
- Changing an IP Address
- Binding an IP Address to or Unbinding an IP Address from a Load Balancer
- Adding to or Removing from an IPv6 Shared Bandwidth
- Exporting the Load Balancer List
- Deleting a Load Balancer
- Listener
- Advanced Features of HTTP/HTTPS Listeners
- Backend Server Group
- Backend Server
- Certificate
- Access Control
- Access Logging
- Monitoring
- Auditing
- Quotas
-
FAQ
- Popular Questions
- Service Abnormality
-
ELB Functionality
- Can ELB Be Used Separately?
- Does ELB Support Persistent Connections?
- Does ELB Support FTP on Backend Servers?
- Is an EIP Assigned Exclusively to a Load Balancer?
- How Many Load Balancers and Listeners Can I Have?
- What Types of APIs Does ELB Provide? What Are Permissions of ELB?
- Can I Adjust the Number of Backend Servers When a Load Balancer is Running?
- Can Backend Servers Run Different OSs?
- Can I Configure Different Backend Ports for a Load Balancer?
- Can ELB Be Used Across Accounts or VPCs?
- Can Backend Servers Access the Ports of a Load Balancer?
- Can Both the Listener and Backend Server Group Use HTTPS?
- Can I Change the VPC and Subnet for My Load Balancer?
- Load Balancing Performance
-
Load Balancers
- How Does ELB Distribute Traffic?
- How Can I Access a Load Balancer Across VPCs?
- Do I Need to Configure EIP Bandwidth for My Load Balancers?
- Can I Bind Multiple EIPs to a Load Balancer?
- Why Multiple IP Addresses Are Required When I Create or Enable a Dedicated Load Balancer?
- Why Are Requests from the Same IP Address Routed to Different Backend Servers When the Load Balancing Algorithm Is Source IP Hash?
- Can Backend Servers Access the Internet Using the EIP of the Load Balancer?
- Will Traffic Routing Be Interrupted If the Load Balancing Algorithm Is Changed?
- What Is the Difference Between the Bandwidth Included in Each Specification of a Dedicated Load Balancer and the Bandwidth of an EIP?
-
Listeners
- What Are the Relationships Between Load Balancing Algorithms and Sticky Session Types?
- Can I Bind Multiple Certificates to a Listener?
- Will ELB Stop Distributing Traffic Immediately After a Listener Is Deleted?
- Does ELB Have Restrictions on the File Upload Speed and Size?
- Can Multiple Load Balancers Route Requests to One Backend Server?
- How Is WebSocket Used?
- Why Can't I Select the Target Backend Server Group When Adding or Modifying a Listener?
- Why Cannot I Add a Listener to a Dedicated Load Balancer?
-
Backend Servers
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from What I Have Configured?
- Can Backend Servers Access the Internet After They Are Associated with a Load Balancer?
- Can ELB Route Traffic Across Regions?
- Does Each Backend Server Need an EIP to Receive Requests from a Public Network Load Balancer?
- How Do I Check the Network Conditions of a Backend Server?
- How Can I Check the Network Configuration of a Backend Server?
- How Do I Check the Status of a Backend Server?
- When Is a Backend Server Considered Healthy?
- Why Can I Access Backend Servers After a Whitelist Is Configured?
- When Will Modified Weights Take Effect?
- Why Must the Subnet Where the Load Balancer Resides Have at Least 16 Available IP Addresses for Enabling IP as a Backend?
-
Health Checks
- How Do I Troubleshoot an Unhealthy Backend Server?
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from the Configured Interval?
- How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?
- Why Does ELB Frequently Send Requests to Backend Servers During Health Checks?
- When Does a Health Check Start?
- Do Maximum Retries Include Health Checks That Consider Backend Servers Unhealthy?
- What Do I Do If a Lot of Access Logs Are Generated During Health Checks?
- What Status Codes Will Be Returned If Backend Servers Are Identified as Healthy?
- Obtaining Source IP Addresses
-
HTTP/HTTPS Listeners
- Which Protocol Should I Select for the Backend Server Group When Adding an HTTPS Listener?
- Why Is There a Security Warning After a Certificate Is Configured?
- Why Is a Forwarding Policy in the Faulty State?
- Why Can't I Add a Forwarding Policy to a Listener?
- Why Cannot I Select an Existing Backend Server Group When Adding a Forwarding Policy?
- Sticky Sessions
- Certificates
- Monitoring
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- APIs
- Permissions Policies and Supported Actions
- Appendix
- Historical APIs
- Change History
-
User Guide (Ankara Region)
- Service Overview
- Load Balancer
- Listener
- Advanced Features of HTTP/HTTPS Listeners
- Backend Server Group
- Backend Server
- Certificate
- Access Control
- TLS Security Policy
- Access Logging
- Monitoring
- Quotas
-
FAQ
- Popular Questions
-
ELB Functionality
- Can ELB Be Used Separately?
- Does ELB Support Persistent Connections?
- Does ELB Support FTP on Backend Servers?
- Is an EIP Assigned Exclusively to a Load Balancer?
- How Many Load Balancers and Listeners Can I Have?
- What Types of APIs Does ELB Provide? What Are Permissions of ELB?
- Can I Adjust the Number of Backend Servers When a Load Balancer is Running?
- Can Backend Servers Run Different OSs?
- Can I Configure Different Backend Ports for a Load Balancer?
- Can ELB Be Used Across Accounts or VPCs?
- Can Backend Servers Access the Ports of a Load Balancer?
- Can Both the Listener and Backend Server Group Use HTTPS?
- Can I Change the VPC and Subnet for My Load Balancer?
-
Load Balancers
- How Does ELB Distribute Traffic?
- How Can I Access a Load Balancer Across VPCs?
- Do I Need to Configure EIP Bandwidth for My Load Balancers?
- Can I Bind Multiple EIPs to a Load Balancer?
- Why Multiple IP Addresses Are Required When I Create or Enable a Dedicated Load Balancer?
- Why Are Requests from the Same IP Address Routed to Different Backend Servers When the Load Balancing Algorithm Is Source IP Hash?
- Can Backend Servers Access the Internet Using the EIP of the Load Balancer?
- Will Traffic Routing Be Interrupted If the Load Balancing Algorithm Is Changed?
- What Is the Difference Between the Bandwidth Included in Each Specification of a Dedicated Load Balancer and the Bandwidth of an EIP?
-
Listeners
- What Are the Relationships Between Load Balancing Algorithms and Sticky Session Types?
- Can I Bind Multiple Certificates to a Listener?
- Will ELB Stop Distributing Traffic Immediately After a Listener Is Deleted?
- Does ELB Have Restrictions on the File Upload Speed and Size?
- Can Multiple Load Balancers Route Requests to One Backend Server?
- How Is WebSocket Used?
- Why Can't I Select the Target Backend Server Group When Adding or Modifying a Listener?
- Why Cannot I Add a Listener to a Dedicated Load Balancer?
-
Backend Servers
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from What I Have Configured?
- Can Backend Servers Access the Internet After They Are Associated with a Load Balancer?
- Can ELB Route Traffic Across Regions?
- Does Each Backend Server Need an EIP to Receive Requests from a Public Network Load Balancer?
- How Do I Check the Network Conditions of a Backend Server?
- How Can I Check the Network Configuration of a Backend Server?
- How Do I Check the Status of a Backend Server?
- When Is a Backend Server Considered Healthy?
- Why Can I Access Backend Servers After a Whitelist Is Configured?
- When Will Modified Weights Take Effect?
- Why Must the Subnet Where the Load Balancer Resides Have at Least 16 Available IP Addresses for Enabling IP as a Backend?
-
Health Checks
- How Do I Troubleshoot an Unhealthy Backend Server?
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from the Configured Interval?
- How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?
- Why Does ELB Frequently Send Requests to Backend Servers During Health Checks?
- When Does a Health Check Start?
- Do Maximum Retries Include Health Checks That Consider Backend Servers Unhealthy?
- What Do I Do If a Lot of Access Logs Are Generated During Health Checks?
- What Status Codes Will Be Returned If Backend Servers Are Identified as Healthy?
- Obtaining Source IP Addresses
-
HTTP/HTTPS Listeners
- Which Protocol Should I Select for the Backend Server Group When Adding an HTTPS Listener?
- Why Is There a Security Warning After a Certificate Is Configured?
- Why Is a Forwarding Policy in the Faulty State?
- Why Can't I Add a Forwarding Policy to a Listener?
- Why Cannot I Select an Existing Backend Server Group When Adding a Forwarding Policy?
- Sticky Sessions
- Certificates
- Monitoring
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- APIs (V3)
- APIs (V2)
-
APIs (OpenStack)
-
Tag
- Adding a Tag to a Load Balancer
- Batch Adding Load Balancer Tags
- Batch Deleting Load Balancer Tags
- Querying All Tags of a Load Balancer
- Querying the Tags of All Load Balancers
- Querying Load Balancers by Tag
- Deleting a Tag from a Load Balancer
- Adding a Tag to a Listener
- Batch Adding Tags to a Listener
- Batch Deleting Tags from a Listener
- Querying All Tags of a Listener
- Querying the Tags of All Listeners
- Querying Listeners by Tag
- Deleting a Tag from a Listener
- Status Codes
-
Tag
- Permissions and Supported Actions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Copied.
TLS Security Policy
Scenarios
When you add HTTPS listeners, you can select appropriate security policies to improve security. A security policy is a combination of TLS protocols of different versions and supported cipher suites.
- Dedicated load balancers: You can select the default security policy or create a custom policy. For details, see Creating a Custom Security Policy.
- Shared load balancers: You can select the default security policy.
Adding a Security Policy
- Log in to the management console.
- In the upper left corner of the page, click
and select the desired region and project. - Hover on
in the upper left corner to display Service List and choose Network > Elastic Load Balance. - Locate the load balancer and click its name.
- Under Listeners, click Add Listener.
- In the Add Listener dialog box, set Frontend Protocol to HTTPS.
- Expand Advanced Settings and select a security policy.
Table 1 shows the default security policies. Select a default security policy or create a custom security policy by referring to Creating a Custom Security Policy.
Table 1 Default security policies Security Policy
Description
TLS Versions
Cipher Suites
TLS-1-0
TLS 1.0, TLS 1.1, and TLS 1.2 and supported cipher suites (high compatibility and moderate security)
TLS 1.2
TLS 1.1
TLS 1.0
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- AES128-SHA256
- AES256-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- ECDHE-RSA-AES256-SHA
- ECDHE-ECDSA-AES256-SHA
- AES128-SHA
- AES256-SHA
TLS-1-1
TLS 1.1 and TLS 1.2 and supported cipher suites (moderate compatibility and moderate security)
TLS 1.2
TLS 1.1
TLS-1-2
TLS 1.2 and supported cipher suites (moderate compatibility and high security)
TLS 1.2
TLS-1-0-Inherit
TLS 1.0, TLS 1.1, and TLS 1.2 and supported cipher suites (high compatibility and moderate security)
TLS 1.2
TLS 1.1
TLS 1.0
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- AES128-SHA256
- AES256-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- DHE-RSA-AES128-SHA
- ECDHE-RSA-AES256-SHA
- ECDHE-ECDSA-AES256-SHA
- AES128-SHA
- AES256-SHA
- DHE-DSS-AES128-SHA
- CAMELLIA128-SHA
- EDH-RSA-DES-CBC3-SHA
- DES-CBC3-SHA
- ECDHE-RSA-RC4-SHA
- RC4-SHA
- DHE-RSA-AES256-SHA
- DHE-DSS-AES256-SHA
- DHE-RSA-CAMELLIA256-SHA
TLS-1-2-Strict
Strict TLS 1.2 and supported cipher suites (low compatibility and ultra-high security)
TLS 1.2
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- AES128-SHA256
- AES256-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
TLS-1-0-WITH-1-3 (for dedicated load balancers)
TLS 1.0 and later, and supported cipher suites (ultra-high compatibility and low security)
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- AES128-SHA256
- AES256-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- ECDHE-RSA-AES256-SHA
- ECDHE-ECDSA-AES256-SHA
- AES128-SHA
- AES256-SHA
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_AES_128_CCM_8_SHA256
TLS-1-2-FS-WITH-1-3 (for dedicated load balancers)
TLS 1.2 and later, and supported forward secrecy cipher suites (high compatibility and ultra-high security)
TLS 1.3
TLS 1.2
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_AES_128_CCM_8_SHA256
TLS-1-2-FS (for dedicated load balancers)
TLS 1.2 and supported forward secrecy cipher suites (moderate compatibility and ultra-high security)
TLS 1.2
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
hybrid-policy-1-0 (dedicated load balancers)
TLS 1.1 and TLS 1.2 and supported cipher suites (moderate compatibility and moderate security)
TLS 1.2
TLS 1.1
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- AES128-SHA256
- AES256-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- ECDHE-RSA-AES256-SHA
- ECDHE-ECDSA-AES256-SHA
- AES128-SHA
- AES256-SHA
- ECC-SM4-SM3
- ECDHE-SM4-SM3
tls-1-2-strict-no-cbc (dedicated load balancers)
TLS 1.2 and supported cipher suites that exclude CBC encryption algorithm (low compatibility and ultra-high security)
TLS 1.2
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
NOTE:
- TLS-1-0-WITH-1-3, TLS-1-2-FS-WITH-1-3, TLS-1-2-FS, hybrid-policy-1-0, and tls-1-2-strict-no-cbc are available only for dedicated load balancers.
- The latest TLS version supported by dedicated load balancers is TLS 1.3, while the latest version supported by shared load balancers is TLS 1.2.
- This table lists the cipher suites supported by ELB. Generally, clients also support multiple cipher suites. In actual use, the intersection of the cipher suites supported by ELB and those supported by clients is used, and the cipher suites supported by ELB take precedence.
- Click OK.
Differences Between Security Policies
|
Security Policy |
TLS-1-0 |
TLS-1-1 |
TLS-1-2 |
TLS-1-2-Strict |
TLS-1-0-WITH-1-3 |
TLS-1-2-FS-WITH-1-3 |
TLS-1-2-FS |
|---|---|---|---|---|---|---|---|
|
TLS versions |
|||||||
|
TLS 1.3 |
- |
- |
- |
- |
√ |
√ |
√ |
|
TLS 1.2 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
TLS 1.1 |
√ |
√ |
- |
- |
√ |
- |
- |
|
TLS 1.0 |
√ |
- |
- |
- |
√ |
- |
- |
|
Cipher suite |
|||||||
|
EDHE-RSA-AES128-GCM-SHA256 |
√ |
√ |
√ |
√ |
- |
- |
- |
|
ECDHE-RSA-AES256-GCM-SHA384 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
ECDHE-RSA-AES128-SHA256 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
ECDHE-RSA-AES256-SHA384 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
AES128-GCM-SHA256 |
√ |
√ |
√ |
√ |
√ |
- |
- |
|
AES256-GCM-SHA384 |
√ |
√ |
√ |
√ |
√ |
- |
- |
|
AES128-SHA256 |
√ |
√ |
√ |
√ |
√ |
- |
- |
|
AES256-SHA256 |
√ |
√ |
√ |
√ |
√ |
- |
- |
|
ECDHE-RSA-AES128-SHA |
√ |
√ |
√ |
- |
√ |
- |
- |
|
ECDHE-RSA-AES256-SHA |
√ |
√ |
√ |
- |
√ |
- |
- |
|
AES128-SHA |
√ |
√ |
√ |
- |
√ |
- |
- |
|
AES256-SHA |
√ |
√ |
√ |
- |
√ |
- |
- |
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
ECDHE-ECDSA-AES128-SHA256 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
ECDHE-ECDSA-AES128-SHA |
√ |
√ |
√ |
- |
√ |
- |
- |
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
ECDHE-ECDSA-AES256-SHA384 |
√ |
√ |
√ |
√ |
√ |
√ |
√ |
|
ECDHE-ECDSA-AES256-SHA |
√ |
√ |
√ |
- |
√ |
- |
- |
|
ECDHE-RSA-AES128-GCM-SHA256 |
- |
- |
- |
- |
√ |
√ |
√ |
|
TLS_AES_256_GCM_SHA384 |
- |
- |
- |
- |
√ |
√ |
√ |
|
TLS_CHACHA20_POLY1305_SHA256 |
- |
- |
- |
- |
√ |
√ |
√ |
|
TLS_AES_128_GCM_SHA256 |
- |
- |
- |
- |
√ |
√ |
√ |
|
TLS_AES_128_CCM_8_SHA256 |
- |
- |
- |
- |
√ |
√ |
√ |
|
TLS_AES_128_CCM_SHA256 |
- |
- |
- |
- |
√ |
√ |
√ |
Creating a Custom Security Policy
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- In the navigation pane on the left, choose TLS Security Policies.
- On the displayed page, click Create Custom Security Policy in the upper right corner.
- Configure the parameters based on Table 3.
Table 3 Custom security policy parameters Parameter
Description
Example Value
Name
Specifies the name of the custom security policy.
tls-test
TLS Version
Specifies the TLS version supported by the custom security policy. You can select multiple versions:
- TLS 1.0
- TLS 1.1
- TLS 1.2
- TLS 1.3
-
Cipher Suite
Specifies the cipher suites that match the selected TLS versions.
-
Description
Provides supplementary information about the custom security policy.
-
- Click OK.
Modifying a Custom Security Policy
You can modify a custom security policy as you need.
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- In the navigation pane on the left, choose TLS Security Policies.
- On the TLS Security Policies page, click Custom Security Policies, locate the custom security policy, and click Modify in the Operation column.
- In displayed dialog box, modify the custom security policy as described in Table 3.
- Click OK.
Deleting a Custom Security Policy
You can delete a custom security policy as you need.
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- In the navigation pane on the left, choose TLS Security Policies.
- On the TLS Security Policies page, click Custom Security Policies, locate the custom security policy, and click Delete in the Operation column.
- Click Yes.
Changing a Security Policy
When you change a security policy, ensure that the security group containing backend servers allows traffic from 100.125.0.0/16 to backend servers and allows ICMP packets for UDP health checks. Otherwise, backend servers will be considered unhealthy, and routing will be affected.
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- Locate the load balancer and click its name.
- Click Listeners, locate the listener, and click its name.
- On the Summary tab page, click Edit on the top right.
- In the Modify Listener dialog box, expand Advanced Settings and change the security policy.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
