Configuring Load Balancing & Intelligent Failover

Learn how to configure Load Balancing and Intelligent Failover with Cloudflare.



Built on a highly-available and DDoS-resilient Anycast DNS network, Cloudflare's Load Balancingdelivers three key features:
  • Load balancing and failover: deliver traffic evenly across healthy servers, automatically failing over if any server seems unhealthy.
  • Active health checks: set up health checks to monitor your servers at configurable intervals, and look for specific status codes, response text, and/or timeouts. We’ll check your servers from each our data centers, so only the data centers that can’t reach you have to fail over.
  • Geographic control: direct visitors in Europe to your European data center, US visitors to your North American data center, or dive deeper and configure traffic at a regional level.

Load Balancing applies to your Cloudflare account, not to a specific domain.


This guide requires that you have:

  • An existing Free, Pro or Business account with a Load Balancing subscription - configurable in the Traffic app
  • (or) an Enterprise account with Load Balancing enabled
  • At least two (2) origin servers for which to configure traffic
Customers with China network access should not use the Load Balancer or HTTP 530 errors will occur.

If you haven't got any servers to configure yet, or are looking to test things out, our friends at Digital Ocean have a fantastic tutorial on setting up nginx on Ubuntu 16.04 that you can follow.


Cloudflare’s Load Balancer has three major components:
  • A "Health Check" or "Monitor"- the configuration used to determine whether your servers are healthy or unhealthy. This includes whether we check over HTTP or HTTPS, the status code(s) we look for, the interval at which we check, and more. Health Checks attach to Pools, so you can monitor different locations or groups of servers differently, if necessary.
  • A"Pool"- a group of origin servers(or endpoints), each identified by their IP address or hostname. You can configure multiple Pools, and configure a failover priority(Pool A-> Pool B-> Pool C) as needed. If you're familiar with DNS terminology, think of a Pool as arecord set”- except we only return addresses that are considered healthy.
The fallback pool is not available when all pools are disabled.
  • A"Load Balancer", in Cloudflare terms, is a DNS hostname--e.g. you want traffic to be load-balanced for. A Load Balancer defines which pools it wants to use, in the order they should be used in. Geo-routing is also configured at the Load Balancer level.

You can re-use Monitors and Pools across many Load Balancers. Your domain might use a different ordering of Pools(favoring your London servers, for instance) than your domain.

What we're creating

We're going to configure an "active-passive" failover setup: we'll send traffic to the servers in our active Pool until it fails(defined by a threshold we set). Traffic will then failover to the passive Pool. The key pieces are:

  • Hostname:
  • Two(2) servers: origin-server-1 and origin-server-2
  • One location(we’ll tackle adding multiple geographic locations after)

If you're only looking to configure"active-active" failover—where all servers receive traffic at once—that's even easier. You would just create one Pool that contains all of the servers/endpoints, and Cloudflare will automatically (and evenly) distribute load across all healthy origin servers. If one of the servers fails, we'll take it out of the rotation until we see it as healthy again.

Create a Load Balancer

Go to the Traffic app in your Cloudflare dashboard and select the site you wish to set up a Load Balancer for. If you see Enable Load Balancing instead of Create a Load Balancer, you'll need to add the Load Balancing service to your account first.




Click Create a Load Balancer and provide the hostname for your Load Balancer—the DNS name the Load Balancer will be available at.

  • If you have an existing DNS record at this name, your Load Balancer will supersede it once you deploy it (more details).
  • The "orange cloud" to the right of the hostname indicates that Cloudflare will proxy the traffic, allowing you to benefit from the same caching, security and performance benefits that you would normally benefit from. If you want a DNS-only Load Balancer (e.g. for a non-HTTP(S) protocol) you can click this to set it to "grey cloud" (unproxied) mode (read more on how that works).

Here you can also enable Session Affinity. For further detail on this feature, please see Load Balancing: Session Affinity.

Click Next to continue.


Next, we'll create and add a Pool. We are going to create two Pools: the primary pool, and our secondary "backup" pool that will serve traffic if our primary pool fails.

Click Create an origin pool and then we'll name our Pool (this must be unique) and name and add our origin server address. We're adding an IP address here, but if our origin server had a hostname (e.g., we could enter that instead. If you had previously configured Pools, you can select and add those here instead. Click Save to continue. 


 We'll also add a second Pool, similar to our first by clicking Add Pool

Note: If you're on a Free, Pro or Business plan, you can add up to 20 Pools.


By default, pools are ordered by date created. You can re-order them by dragging the number to the left. For now, we will leave the order as is and click Next to continue.


Now let’s create our Health Checks/Monitors. A Health Check describes how we will check the status of the origins, and isn’t tied to a particular server. Health Checks begin once that Health Check is tied to a Pool: it will automatically figure out all of the origin server addresses in that Pool and check them for you. Because of this, we can share this across both of our pools. This also means that changes to our Monitor are automatically reflected across all pools that use it. Lets create our first Health Check by clicking on Attach Health Check and then Create a Health Check

Although a Health Check is extremely configurable, the defaults—HTTP and the "root" path of our origins—will be fine for now. Click Next to attach the Health Check to your primary pool.

If necessary, we could add custom headers, change the timeout and retries, and check for a specific response body. If our origin responded without that body, we'd mark it as unhealthy.

The Health Threshold defines how many origin servers must still be healthy before the Pool itself is marked unhealthy. We only have 1 origin server here, so we'll leave this at 1. You can select specific regions from which we would send Health Checks as well. We'll also enter the email address that we want status (healthy vs. unhealthy) notifications to be sent to; this could also be a mailing list address (e.g. a Google Group) or a PagerDuty address if we wanted to share these with a larger team.
Click Save when you're done. 
We'll repeat these steps to add the Health Check to the secondary pool.
After attaching a Health Check, the status will be unknown for a moment while we fire off our first checks.
The dashboard will poll for updated health status every 60 seconds, and you should see a green healthy status or a red critical status if the health check failed. If you're seeing failures, you can mouse-over the tooltip and see the exact reason it failed. Failure reasons, and steps to resolve, can be found here in our knowledge-base.
Now click Next to continue.
If you also have Geo Routing enabled as part of your subscription, you can configure specific traffic policies and failover ordering by geographic region - e.g. directing all European traffic to your eu-datacenter Pool, and then failing over to north-america Pool, with the inverse for North America. This can be extremely useful when you want visitors to access the closest origin server to them (and improve performance as a result!).
Again, click Next to move on to the final step. 
Your last step is to review your Load Balancing configuration and decide whether you need to make any changes. From here you can edit any of the configuration. Once you are satisfied, you can either Save as Draft to save your work but not use the load balancer yet, or Save and Deploy to immediately start load balancing that hostname. 
It will then show up in your dashboard and start load balancing traffic.


You can drill down into the Pools and origin servers that make up the Load Balancer to check for individual status and/or disable specific Pools or origin servers (e.g. for planned maintenance).
Note: Disabling a Pool will disable it for all Load Balancers it is a member of, so take caution in disabling a Pool when you have multiple Load Balancers.
The fallback pool is not available when all pools are disabled.


Sharing your Load Balancer within your account

You can also share your Load Balancer with other sites in your account by creating a CNAME record - e.g. you can CNAME "" to "" in the DNS app. This is useful if you want to share the same configuration with multiple other domains, and saves you having to re-create the Load Balancer each time.

You can also configure separate Load Balancers for each domain, and re-use the same Monitors and Pools. This can be useful if you want to change the failover order for different domains - e.g. perhaps "" has a different failover priority from "" or "".


So what’s next?
  • Add more origins: you can add multiple origins to the same Pool and we'll evenly distribute load across all healthy origins in that Pool.
  • Configure Geo Routing: if we have multiple servers across the world, or even on different coasts of the United States, we can use Geo Routing to direct users to their closest server behind Cloudflare for performance.

You can also refer to the Load Balancing knowledge-base articles for more tips and configuration advice.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk