Load Balancing TTLs and Orange vs. Grey Cloud

Cloudflare can operate in two modes - DNS only (unproxied; "grey cloud") and as a HTTP proxy ("orange cloud") with our security, CDN & performance features.

When configuring a Load Balancer, you can choose to configure it in DNS-only or HTTP proxy modes.

  • "Orange cloud" (proxied) Load Balancers have an automatic TTL - this means that Cloudflare will announce Cloudflare IP addresses externally, but will protect (mask) your origin server IP addresses. Any changes to your Load Balancer will propagate within seconds inside Cloudflare, including any failover events. The primary benefit here is that external DNS resolver caches that do not respect short (e.g. 30s) TTLs will not impact the failover speed of your Load Balancer.
  • "Grey cloud" (DNS only) Load Balancers may be configured with a TTL from 30 seconds to 10 minutes. Cloudflare will serve the addresses of the (healthy) origin servers directly, but relies on DNS resolvers respecting the short TTL in order to re-query Cloudflare's DNS for an updated list of healthy addresses.

Where possible, you should set the Load Balancer as orange clouded (proxied) mode:

  • Failover will be faster, as external DNS caches that don't respect short DNS TTLs will not impact failover performance
  • Customers on our Free, Pro & Business plans who have a Load Balancing subscription may see reduced usage on their bill as the "Automatic" TTL (5 minutes) reduces the number of authoritative queries made against Cloudflare, but without impacting failover performance.
Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk