Tutorial: How to Set Up Load Balancing & Intelligent Failover on Cloudflare

failover-graphic.gif

Introduction

Built on Cloudflare's highly-available and DDoS-resilient Anycast DNS network, our Load Balancing delivers three key features:
  • Load balancing and failover: deliver traffic evenly across healthy servers, automatically failing over when we see them as unhealthy.
  • Active health checks: set up health checks to monitor your servers at configurable intervals, and look for specific status codes, response text, and/or timeouts. We’ll check your servers from each our data-centers, so only the data-centers that can’t reach you have to fail over.
  • Geographic control: direct visitors in Europe to your European datacenter, US visitors to your North American datacenter, or dive-deeper and configure traffic at a regional-level.

Prerequisites

This guide requires that you have:
  • An existing Free, Pro or Business account with a Load Balancing subscription - configurable in the Traffic app.
  • (or) an Enterprise account with Load Balancing enabled
  • At least two (2) origin servers to configure traffic with.

If you haven't got any servers to configure yet, or are looking to test things out, our friends at Digital Ocean have a fantastic tutorial on setting up nginx on Ubuntu 16.04 that you can follow (twice over!).

Terminology

Cloudflare’s Load Balancer has three major components:
 
  • A "Health Check" or "Monitor" - the configuration we'll use to determine whether your servers are healthy or unhealthy. This includes whether we check over HTTP or HTTPS, the status code(s) we look for, the interval at which we check, and more. Health Checks attach to Pools, so you can monitor different locations or groups of servers differently, if need be.
  • A "Pool" - a group of origin servers (or endpoints), each identified by their IP address or hostname. You can configure multiple Pools, and configure a failover priority (Pool A -> Pool B -> Pool C) as needed. If you're familiar with DNS terminology, think of a Pool as a record set” - except we only return addresses that are considered healthy.
  • A "Load Balancer", in Cloudflare terms, is a DNS hostname--e.g. www.example.com--that you want traffic to be load-balanced for. A Load Balancer defines which pools it wants to use, in the order they should be used in. Geo-routing is also configured at the Load Balancer level. 

 

Note: you can re-use Monitors and Pools across many Load Balancers. Your .co.uk domain might use a different ordering of Pools (favoring your London servers, for instance) than your .com.au domain.

What We're Creating

We're going to set up a "active-passive" failover setup: we'll send traffic to the servers in our
active Pool until it fails (defined by a threshold we set). Traffic will then failover to the
passive Pool.
 
Here's our key pieces:
  • Hostname: lb.moonbrookbowlsclub.com
  • Two (2) servers: origin-server-1 and origin-server-2
  • One location (we’ll tackle adding multiple geographic locations after)
If you're only looking to configure "active-active" failover—where all servers receive
traffic at once—that's even easier. You would just create one Pool that contains all of the
servers/endpoints, and Cloudflare will automatically (and evenly) distribute load across all healthy origin servers. If one of the servers fails, we'll take it out of the rotation until we see it as healthy again.
 

Create a Load Balancer

Head to the Traffic app in your Cloudflare dashboard and select the site you wish to set up a Load Balancer for. If you see "Enable Load Balancing" instead of "Create a Load Balancer", you'll need to add the Load Balancing service to your account first.

 

1.png

 

Click "Create a Load Balancer" and provide the hostname for your Load Balancer—the DNS name the Load Balancer will be available at. 

Note:

  • If you have an existing DNS record at this name, your Load Balancer will supersede it once you deploy it (more details).
  • The "orange cloud" to the right of the hostname indicates that Cloudflare will proxy the traffic, allowing you to benefit from the same caching, security and performance benefits that you would normally benefit from. If you want a DNS-only Load Balancer (e.g. for a non-HTTP(S) protocol) you can click this to set it to "grey cloud" (unproxied) mode (read more on how that works).

Here you can also enable Session Affinity. For further detail on this feature, please see Load Balancing: Session Affinity.

Click "Next" to continue. 

2.png

 

Next, we'll create and add a Pool. We are going to create two Pools: the primary pool, and our secondary "backup" pool that will serve traffic if our primary pool fails. Click "Create an origin pool" and then we'll name our Pool (this must be unique) and name and add our origin server address. We're adding an IP address here, but if our origin server had a hostname (e.g. someapp.googleapps.com), we could enter that instead. If you had previously configured Pools, you can select and add those here instead. Click Save to continue.

 

3.png

 

We'll also add a second Pool, similar to our first by clicking "Add Pool". 

Note: If you're on a Free, Pro or Business plan, you can add up to 5 Pools.

 6.png

 

By default, pools are ordered by when we created them. You can re-order them by dragging the number to the left. For now we will leave the order as is and click "Next" to move on to the next step.

 

7.png

 

Now let’s create our Health Checks/Monitors. A Health Check describes how we will check the status of the origins, and isn’t tied to a particular server. Health Checks begin once that Health Check is tied to a Pool: it will automatically figure out all of the origin server addresses in that Pool and check them for you. Because of this, we can share this across both of our pools. This also means that changes to our Monitor are automatically reflected across all pools that use it. Lets create our first Health Check by clicking on "Attach Health Check" and then "Create a Health Check." 

 

9.png
 
 
 
Although a Health Check is extremely configurable, the defaults—HTTP and the "root" path of our origins—will be fine for now. Click Next to attach the Health Check to your primary pool.
 
Note: If needed, we could add custom headers, change the timeout & retries, and check for a specific response body. If our origin responded without that body, we'd mark it as unhealthy.
 
10.png
  
 
The "Health Threshold" defines how many origin servers must still be healthy before the Pool itself is marked unhealthy. We only have 1 origin server here, so we'll leave this at 1. You can select specific regions from which we would send Health Checks as well. We'll also enter the email address that we want status (healthy vs. unhealthy) notifications to be sent to; this could also be a mailing list address (e.g. a Google Group) or a PagerDuty address if we wanted to share these with a larger team.
 
Click "Save" when you're done.
 
11.png
 
We'll repeat these steps to add the Health Check to the secondary pool.
 
After attaching a Health Check, the status will be "unknown" for a moment while we fire off our first checks.
 
The dashboard will poll for updated health status every 60 seconds, and you should see a green "healthy" status or a red "critical" status if the health check failed. If you're seeing failures, you can mouse-over the tooltip and see the exact reason it failed. Failure reasons, and steps to resolve, can be found here in our knowledge-base.
 
Now click "Next" to move on to the next step. 
 
If you also have Geo Routing enabled as part of your subscription, you can configure specific traffic policies and failover ordering by geographic region - e.g. directing all European traffic to your eu-datacenter Pool, and then failing over to north-america Pool, with the inverse for North America. This can be extremely useful when you want visitors to access the closest origin server to them (and improve performance as a result!).
 
Again, click "Next" to move on to the final step.
 
13.png
 
Your last step is to review your Load Balancing configuration and decide whether you need to make any changes. From here you can edit any of the configuration. Once you are satisfied, you can either "Save as Draft" to save your work but not use the load balancer yet, or "Save and Deploy" to immediately start load balancing that hostname.
 
14.png
 
It will then show up in your dashboard and start load balancing traffic.
 

15.png

You can drill-down into the Pools and origin servers that make up the Load Balancer to check for individual status and/or disable specific Pools or origin servers (e.g. for planned maintenance).
 
Note: Disabling a Pool will disable it for all Load Balancers it is a member of, so take caution in disabling a Pool when you have multiple Load Balancers.

16.png

Sharing your Load Balancer Within Your Account

You can also share your Load Balancer with other sites in your account by creating a CNAME record - e.g. you can CNAME "www.example.com" to "lb.moonbrookbowlsclub.com" in the DNS app. This is useful if you want to share the same configuration with multiple other domains, and saves you having to re-create the Load Balancer each time.
 
lb-guide-dns-cname.png
 
You can also configure separate Load Balancers for each domain, and re-use the same Monitors and Pools. This can be useful if you want to change the failover order for different domains - e.g. perhaps "example.co.uk" has a different failover priority from "example.com" or "example.com.au". 
 

Wrap:

So what’s next?
  • Add more origins: you can add multiple origins to the same Pool and we'll evenly distribute load across all healthy origins in that Pool.
  • Configure Geo Routing: if we have multiple servers across the world, or even on different coasts of the United States, we can use Geo Routing to direct users to their closest server behind Cloudflare for performance.

You can also refer to the Load Balancing knowledge-base articles for more tips and configuration advice.

 

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk