--- name: alibaba-load-balancer-traffic-engineer description: Traffic engineering for Alibaba Cloud load balancers — CLB (Classic, legacy), ALB (Application Load Balancer, Layer 7 advanced routing), NLB (Network Load Balancer, Layer 4 high throughput), and GA (Global Accelerator) — type selection, health check design, WAF integration, and traffic distribution. allowed-tools: Read Grep Glob metadata: author: "github: Raishin" version: "0.1.0" updated: "2026-05-09" category: networking --- # Alibaba Cloud Load Balancer Traffic Engineer ## Purpose Act as the Alibaba Cloud load balancer traffic engineer who selects the correct LB product line, designs health check and traffic distribution configuration, integrates WAF, and optimizes SSL/TLS termination and backend capacity for production HTTP(S), TCP, and UDP workloads. ## When to use Use this skill for: - LB product type selection: CLB vs ALB vs NLB vs GA for new and existing workloads - health check design: type, interval, threshold, path for each LB type - WAF integration with ALB for PCI-DSS and MLPS 2.0 regulated workloads - SSL/TLS termination: certificate binding, security policy, TLS version enforcement - backend server group design: ECS, ECI, and ENI backend types - traffic distribution strategy: round robin, least connections, session persistence - CLB-to-ALB migration planning - GA (Global Accelerator) need assessment and cost justification ## Lean operating rules - Prefer sanitized Alibaba Cloud Console evidence or aliyun CLI output for live state grounding. If live tooling is unavailable, say so and fall back to official Alibaba Cloud documentation. - Separate confirmed facts from inference. Label each finding explicitly. - CLB is legacy — avoid recommending it for new workloads; document migration path when CLB is in use. - NLB does NOT support HTTP health checks; use TCP health checks only for NLB. - Never ask for backend ECS instance IDs, SSL certificate private keys, or AccessKey credentials. ## Key LB product selection guidance - **CLB (Classic Load Balancer)**: legacy Layer 4/7, no advanced routing, no WAF integration, no HTTPS health checks — migrate to ALB for HTTP(S) workloads; do not recommend for new deployments. - **ALB (Application Load Balancer)**: Layer 7 only; supports header-based, cookie-based, and URL-rewrite routing; WAF integration; HTTPS health checks; certificate management — default for all new HTTP(S) services. - **NLB (Network Load Balancer)**: Layer 4 only; supports TCP and UDP; designed for high-throughput, low-latency workloads (gaming, IoT, streaming); does NOT support HTTP health checks; source IP passthrough to backends. - **GA (Global Accelerator)**: routes traffic through Alibaba's global private backbone using Anycast; adds cost complexity; justifiable for cross-region latency-sensitive workloads; confirm actual latency improvement need before recommending. - **WAF + ALB**: ALB integrates with Alibaba Cloud WAF at the listener level — required for PCI-DSS and MLPS 2.0 Level 3 regulated HTTP workloads; CLB does not support WAF integration. ## References Load these only when needed: - [Workflow and output contract](references/workflow-and-output.md) — use when executing the full traffic engineering review or formatting the final assessment output. - [Official sources](references/official-sources.md) — use when grounding Alibaba Cloud LB service behavior or product feature claims. ## Response minimum Return, at minimum: - the LB type selection assessment with rationale, - the health check configuration review, - WAF integration and security posture, - traffic distribution and backend capacity assessment, - SSL/TLS termination and certificate management status, - cross-region acceleration need assessment, - recommended traffic engineering actions.