Quickstart
Get up and running quickly with Load Balancing. For more in-depth explanations, refer to the Learning path.
Before you begin
Make sure you:
- Have access to multiple endpoints (origin servers, private or public IP addresses, virtual IP addresses (VIPs), etc), either physical or cloud-based.
- Have access to Load Balancing, available as an add-on for any type of account.
- Have test and production hostnames that are covered by SSL/TLS certificates.
Create a monitor
A monitor issues health monitor requests at regular intervals to evaluate the health of each endpoint within a pool.
When a pool becomes unhealthy, your load balancer takes that pool out of the endpoint rotation.
Set up the monitor
You can create a monitor within the load balancer workflow or in the Monitors section of the dashboard:
Go to Traffic > Load Balancing.
Select Manage Monitors.
Select Create.
Add the following information:
- Type: The protocol to use for health monitors
- Non-enterprise customers: Choose HTTP, HTTPS, or TCP.
- Enterprise customers: Choose HTTP, HTTPS, TCP, UDP ICMP, ICMP Ping, or SMTP.
- Path: The endpoint path to run health monitor requests against
- Port: The destination port for health monitors
- Type: The protocol to use for health monitors
For additional settings, select Advanced health monitor settings:
- Interval:
- By increasing the default, you can improve failover time, but you may also increase load on your endpoints.
- Minimum time in seconds is 60 (Pro), 15 (Business), and 10 (Enterprise).
- Timeout and Retries:
- The health monitor request will return unhealthy if it exceeds the duration specified in Timeout (and exceeds this duration more times than the specified number of Retries).
- Expected Code(s): The expected HTTP response codes listed individually (
200
,302
) or as a range (for example, entering2xx
would cover all response codes in the200
range). - Response Body:
- Looks for a case-insensitive substring in the response body.
- Make sure that the value is relatively static and within the first 100 MB of the HTML page.
- Simulate Zone:
- Pushes a request from Cloudflare health monitors through the Cloudflare stack as if it were a real visitor request to help analyze behavior or validate a configuration using the zone specified.
- It is recommended to use the same zone in which the Load Balancer exists.
- Ensures health monitor requests are compatible with features like authenticated origin pulls and Argo Smart Routing.
- Follow Redirects:
- Instead of reporting a
301
or302
code as unhealthy, the health monitor request follows redirects to the final endpoint.
- Instead of reporting a
- Configure Request Header(s):
- Useful if your endpoints are expecting specific incoming headers.
- Header:
- The HTTP request headers to send in the health monitor. It is recommended that you set a Host header by default. The User-Agent header cannot be overridden. This parameter is only valid for HTTP and HTTPS monitors.
- Interval:
Select Save.
Prepare your servers
Make sure that your firewall or web server does not block or rate limit your configured health monitors or requests associated with Cloudflare IP addresses.
Each health monitor has the HTTP user-agent of "Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/; pool-id: $poolid)"
, where the $poolid
is the first 16 characters of the associated pool.
Set up the monitor
For a full list of monitor properties, refer to Create Monitor. If you need help with API authentication, refer to Cloudflare API documentation.
Requestcurl -X POST \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/accounts/:account_id/load_balancers/monitors" \-H "Content-Type: application/json" \-d '{ "type":"https", "description":"Login page monitor", "method":"GET", "path":"/health", "header": { "Host":["example.com"], "X-App-ID":["abc123"] }, "port":8080, "timeout":3, "retries":0, "interval":90, "expected_body":"alive", "expected_codes":"2xx", "follow_redirects":true, "allow_insecure":true, "consecutive_up":3, "consecutive_down":2, "probe_zone":"example.com"
}'
The response contains the complete definition of the new monitor.
Response{ "success": true, "errors": [], "messages": [], "result": { "id": ":monitor-id", "created_on": "2021-01-01T05:20:00.12345Z", "modified_on": "2021-01-01T05:20:00.12345Z", "type": "https", "description": "Login page monitor", "method": "GET", "path": "/health", "header": { "Host": [ "example.com" ], "X-App-ID": [ "abc123" ] }, "port": 8080, "timeout": 3, "retries": 0, "interval": 90, "expected_body": "alive", "expected_codes": "2xx", "follow_redirects": true, "allow_insecure": true, "consecutive_up": 3, "consecutive_down": 2, "probe_zone": "example.com" }
}
Prepare your servers
Make sure that your firewall or web server does not block or rate limit your configured health monitors or requests associated with Cloudflare IP addresses.
Each health monitor has the HTTP user-agent of "Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/; pool-id: $poolid)"
, where the $poolid
is the first 16 characters of the associated pool.
Example monitor configuration
Field | Value |
---|---|
Type | HTTP |
Path | / |
Port | 80 |
Interval | 60 |
Method | GET |
Timeout | 5 seconds |
Retries | 2 |
Expected Code(s) | 200 |
Create pools
Within Cloudflare, pools represent your endpoints and how they are organized. As such, a pool can be a group of several endpoints, or you could also have only one endpoint (an origin server, for example) per pool.
If you are familiar with DNS terminology, think of a pool as a “record set,” except Cloudflare only returns addresses that are considered healthy. You can attach health monitors to individual pools for customized monitoring.
You can create a pool within the load balancer workflow or in the Pools section of the dashboard:
Go to Traffic > Load Balancing.
Select Manage Pools and then Create.
For your pool, enter the following information:
- A name (must be unique)
- A description to provide more detail on the name
- A choice for Endpoint Steering, which affects how your pool routes traffic to each endpoint
For each endpoint, enter the following information:
- A name (must be unique)
- The endpoint address or associated hostname
- (Optional) A Virtual Network. Required when the endpoint has a private IP address.
- A Weight
- (Optional) A hostname by clicking Add host header
Repeat this process for additional endpoints in the pool.
(Optional) Set up coordinates for Proximity Steering on the pool.
On the pool, update the following information:
- Health Threshold: The Health Threshold is the number of healthy endpoints for the pool as a whole to be considered Healthy and receive traffic based on pool order in a load balancer. Increasing this number makes the pool more reliable, but also more likely to become unhealthy.
- Monitor: Attach a monitor
- Health Monitor Regions: Choose whether to check pool health from multiple locations, which increases accuracy but can lead to probe traffic to your endpoint
- Pool Notifications: You can set up new alerts - and view existing alerts - to be notified when pools are enabled or disabled, or pools or endpoints have changes in their health status.
When finished, select Save.
For a full list of properties, refer to Create Pool. If you need help with API authentication, refer to Cloudflare API documentation.
Requestcurl -X POST \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/accounts/:account_id/load_balancers/pools" \-H "Content-Type: application/json" \-d '{ "description":"Primary data center - Provider XYZ", "name":"primary-dc-1", "enabled":false, "load_shedding": { "default_percent":0, "default_policy":"random", "session_percent":0, "session_policy":"hash" }, "minimum_origins":2, "monitor":"f1aba936b94213e5b8dca0c0dbf1f9cc", "check_regions": [ "WEU", "ENAM" ], "origins": [ { "name":"app-server-1", "address":"0.0.0.0", "enabled":true, "weight":0.56, "header": { "Host": [ "example.com" ] } } ], "origin_steering": { "policy": "random" }, "notification_filter": { "origin": { "disable":false, "healthy":null }, "pool": { "disable":false, "healthy":null } }
}'
The response contains the complete definition of the new pool.
Response{ "success": true, "errors": [], "messages": [], "result": { "id": "17b5962d775c646f3f9725cbc7a53df4", "created_on": "2021-01-01T05:20:00.12345Z", "modified_on": "2021-01-01T05:20:00.12345Z", "description": "Primary data center - Provider XYZ", "name": "primary-dc-1", "enabled": false, "load_shedding": { "default_percent": 0, "default_policy": "random", "session_percent": 0, "session_policy": "hash" }, "minimum_origins": 2, "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc", "check_regions": [ "WEU", "ENAM" ], "origins": [ { "name": "app-server-1", "address": "0.0.0.0", "enabled": true, "weight": 0.56, "header": { "Host": [ "example.com" ] } } ], "origin_steering": { "policy": "random" }, "notification_filter": { "origin": { "disable": false, "healthy": null }, "pool": { "disable": false, "healthy": null } } }
}
After creating the pool, you would also want to create a new notification with the following parameters specified:
"alert_type": "load_balancing_health_alert",
"filters": { "pool_id": <<ARRAY_OF_INCLUDED_POOL_IDS>>, "new_health": <<ARRAY_OF_STATUS_TRIGGERS>> ["Unhealthy", "Healthy"], "event_source": <<ARRAY_OF_OBJECTS_WATCHED>> ["pool", "origin"]
}
Confirm pool health
Before directing any traffic to your pools, make sure that your pools and monitors are set up correctly. The status of your health check will be unknown until the results of the first check are available.
To confirm pool health using the dashboard:
- Go to Traffic > Load Balancing.
- Select Manage Pools.
- For pools and individual endpoints, review the values in the Health and Endpoint Health columns.
For more information on pool and endpoint health statuses, refer to How a pool becomes unhealthy.
To fetch the latest health status of all pools, use the List Pools command, paying attention to the healthy
value for pools and origins (endpoints).
For troubleshooting a specific pool’s health, use the Pool Health Details command.
Unexpected health status
If you notice that healthy pools are being marked unhealthy:
- Review how endpoints and pools become unhealthy.
- Refer to the Troubleshooting section.
Create a load balancer on a test subdomain
Instead of starting on your production domain, you likely should create a load balancer on a test or staging domain. This may involve temporary changes to your monitors and pools, depending on your infrastructure setup.
Starting with a test domain allows you to verify everything is working correctly before routing production traffic.
To create a load balancer in the dashboard:
Go to Traffic > Load Balancing.
Select Create Load Balancer.
On the Hostname page:
- Enter a Hostname, which is the DNS name at which the load balancer is available. For more details on record priority, refer to DNS records for load balancing.
- Toggle the orange cloud icon to update the proxy mode, which affects how traffic is routed and which IP addresses are advertised.
- If you want session-based load balancing, toggle the Session Affinity switch.
Select Next.
On the Add a Pool page:
- Select one or more existing pools or create a new pool.
- If you are going to set traffic steering to Off, re-order the pools in your load balancer to adjust the fallback order.
- If needed, update the Fallback Pool.
- If you choose to set traffic steering to Random, you can set Weights (via the API) to your pools to determine the percentage of traffic sent to each pool.
Select Next.
On the Monitors page:
- Review the monitors attached to your pools.
- If needed, you can attach an existing monitor or create a new monitor.
Select Next.
On the Traffic Steering page, choose an option for Traffic steering and select Next.
On the Custom Rules page, select an existing rule or create a new rule.
Select Next.
On the Review page:
- Review your configuration and make any changes.
- Choose whether to Save as Draft or Save and Deploy.
For a full list of properties, refer to Create Load Balancer. If you need help with API authentication, refer to Cloudflare API documentation.
Requestcurl -X POST \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/zones/:zone_id/load_balancers" \-H "Content-Type: application/json" \-d '{ "description": "Load Balancer for lb.example.com", "name": "lb.example.com", "enabled": true, "ttl": 30, "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4", "default_pools": [ "17b5962d775c646f3f9725cbc7a53df4", "9290f38c5d07c2e2f4df57b1f61d4196", "00920f38ce07c2e2f4df50b1f61d4194" ], "proxied": true, "steering_policy": "random_steering", "session_affinity": "cookie", "session_affinity_attributes": { "samesite": "Auto", "secure": "Auto", "drain_duration": 100, "zero_downtime_failover": "sticky" }, "session_affinity_ttl": 5000, "adaptive_routing": { "failover_across_pools": true }, "location_strategy": { "prefer_ecs": "always", "mode": "resolver_ip" }, "random_steering": { "pool_weights": { "de90f38ced07c2e2f4df50b1f61d4194": 0.3, "9290f38c5d07c2e2f4df57b1f61d4196": 0.5 }, "default_weight": 0.2 }
}'
The response contains the complete definition of the new load balancer.
Response{ "success": true, "errors": [], "messages": [], "result": { "id": "699d98642c564d2e855e9661899b7252", "created_on": "2021-01-01T05:20:00.12345Z", "modified_on": "2021-01-01T05:20:00.12345Z", "description": "Load Balancer for lb.example.com", "name": "lb.example.com", "enabled": true, "ttl": 30, "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4", "default_pools": [ "17b5962d775c646f3f9725cbc7a53df4", "9290f38c5d07c2e2f4df57b1f61d4196", "00920f38ce07c2e2f4df50b1f61d4194" ], "proxied": true, "steering_policy": "random_steering", "session_affinity": "cookie", "session_affinity_attributes": { "samesite": "Auto", "secure": "Auto", "drain_duration": 100, "zero_downtime_failover": "sticky" }, "session_affinity_ttl": 5000, "random_steering": { "pool_weights": { "de90f38ced07c2e2f4df50b1f61d4194": 0.3, "9290f38c5d07c2e2f4df57b1f61d4196": 0.5 }, "default_weight": 0.2 }
}
Review load balancing analytics
Route production traffic
Now that you have set up your load balancer and verified everything is working correctly, you can put the load balancer on a live domain or subdomain:
- If you update your pools and monitors, review the pool health again to make sure everything is working as expected.
- Confirm that your production hostname has the correct priority order of DNS records and is covered by an SSL/TLS certificate.
- Configure your load balancer to receive production traffic, which could involve either:
- Editing the Hostname of your existing load balancer.
- Updating the
CNAME
record sending traffic to your load balancer.
Next steps
Your load balancer should be receiving production traffic (and you can confirm this by reviewing the analytics).
Though your product is officially set up, you may want to consider the following suggestions.
Usage-based notifications
Since this is a service with usage-based billing, Cloudflare recommends that you set up usage-based billing notifications to avoid unexpected bills.
To set up those notifications:
Log in to the Cloudflare dashboard.
Select your account.
Go to Notifications.
On Alert Type of Usage Based Billing, click Select.
Fill out the following information:
- Name
- Product
- Notification limit (exact metric will vary based on product)
- Notification email
Select Save.
Additional configuration options
You may want to further customize how your load balancer routes traffic or integrate your load balancer with other Cloudflare products: