[ZT] Load Balancing traffic to Cloudflare Tunnel endpoints (#25578)

* add mermaid diagrams

* delete old private load balancing page

* delete partial

* edit diagrams

* private load balancer for warp-to-tunnel

* clean up tunnel LB overview page

* move replica how-to instructions

* begin public load balancer refresh

* update diagrams

* move cli instructions

* small clarification

* enhance LB instructions

* small clarification

* explain diagrams

* minor edits

* fix invalid links

* add vnet details to IP/CIDR guide

* add prereqs

* hostname routes

* update titles for example LB configs

* clarify public LB instructions

* clarify local connection preference

* link to health notifications

* replicas are identical

* fix invalid link

* Update src/content/docs/cloudflare-one/connections/connect-networks/routing-to-tunnel/dns.mdx

Co-authored-by: Devin <[email protected]>

* fix typo

* dashboard/API for host header

* fallback pool

* legacy tunnels no longer supported

* update rule links

* Update src/content/docs/cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers.mdx

---------

Co-authored-by: Devin <[email protected]>

Author: ranbel

public/__redirects

@@ -229,7 +229,7 @@
 /argo-tunnel/getting-started/installation/ /cloudflare-one/connections/connect-networks/get-started/ 301
 /argo-tunnel/quickstart/ /cloudflare-one/connections/connect-networks/get-started/ 301
 /argo-tunnel/reference/arguments/ /cloudflare-one/connections/connect-networks/configure-tunnels/ 301
-/argo-tunnel/reference/load-balancing/ /cloudflare-one/connections/connect-networks/routing-to-tunnel/lb/ 301
+/argo-tunnel/reference/load-balancing/ /cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/ 301
 /argo-tunnel/reference/service/ /cloudflare-one/connections/connect-networks/configure-tunnels/ 301
 /argo-tunnel/trycloudflare/ /cloudflare-one/connections/connect-networks/do-more-with-tunnels/trycloudflare/ 301
 
@@ -1040,6 +1040,8 @@
 /load-balancing/local-traffic-management/ /load-balancing/private-network/ 301
 /load-balancing/local-traffic-management/ltm-tunnels-setup/ /load-balancing/private-network/tunnels-setup/ 301
 /load-balancing/local-traffic-management/ltm-magic-wan/ /load-balancing/private-network/magic-wan/ 301
+/load-balancing/private-network/tunnels-setup/ /load-balancing/private-network/warp-to-tunnel/ 301
+/load-balancing/private-network/warp/ /load-balancing/private-network/warp-to-tunnel/ 301
 
 # logs
 /logs/log-fields/ /logs/logpush/logpush-job/datasets/ 301
@@ -2202,6 +2204,7 @@
 /cloudflare-one/connections/connect-networks/private-net/private-hostnames-ips/ /cloudflare-one/connections/connect-networks/private-net/cloudflared/private-dns/ 301
 /cloudflare-one/connections/connect-networks/private-net/tunnel-virtual-networks/ /cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/ 301
 /cloudflare-one/connections/connect-networks/private-net/warp-connector/vpc-deployments/ /cloudflare-one/connections/connect-networks/private-net/warp-connector/tips/ 301
+/cloudflare-one/connections/connect-networks/routing-to-tunnel/lb/ /cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/ 301
 /argo-tunnel/faq/ /cloudflare-one/faq/cloudflare-tunnels-faq/ 301
 /cloudflare-one/policies/browser-isolation/clientless-browser-isolation/ /cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/ 301
 /cloudflare-one/connections/connect-devices/agentless/dns-over-https/ /cloudflare-one/connections/connect-devices/agentless/dns/dns-over-https/ 301
@@ -2213,6 +2216,7 @@
 /cloudflare-one/connections/connect-devices/warp/warp-settings/ /cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/ 301
 /cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/ /cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/ 301
 /cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp/ /cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment/ 301
+/cloudflare-one/connections/connect-networks/private-net/cloudflared/load-balancing/ /cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/ 301
 /cloudflare-one/connections/connect-networks/locations/ /cloudflare-one/connections/connect-devices/agentless/dns/locations/ 301
 /cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/ /cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/ 301
 /cloudflare-one/connections/connect-networks/configure-tunnels/remote-management/ /cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/ 301

src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas.mdx

@@ -0,0 +1,56 @@
+---
+pcx_content_type: how-to
+title: Deploy cloudflared replicas
+sidebar:
+  order: 2
+---
+
+import { Render } from "~/components";
+
+To deploy multiple instances of `cloudflared`, you can create and configure one tunnel and run it on multiple hosts. If your tunnel runs as a service, only one `cloudflared` instance is allowed per host.
+
+You can run the same tunnel across various `cloudflared` processes for up to 100 connections (25 replicas) per tunnel. Cloudflare Load Balancers and DNS records can still point to the tunnel and its UUID. Traffic will be sent to all `cloudflared` processes associated with the tunnel.
+
+:::tip[Deploy replicas in Kubernetes]
+For information about running `cloudflared` in a Kubernetes deployment, refer to the [Kubernetes guide](/cloudflare-one/connections/connect-networks/deployment-guides/kubernetes/).
+:::
+
+## Remotely-managed tunnels
+
+1. To create a remotely-managed tunnel, follow the [dashboard setup guide](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).
+2. On the **Tunnels** page, select your newly created tunnel.
+3. In the side panel, scroll down to **Connectors** to view the `cloudflared` instances for that tunnel.
+3. Select **Edit**.
+4. Select the operating system of the host where you want to deploy a replica.
+5. Copy the installation command and run it on the host.
+
+The new replica will appear on the **Connectors** list for the tunnel. All replicas will serve the same routes and use the same configuration parameters.
+
+## Locally-managed tunnels
+
+1. To create a locally-managed tunnel, complete Steps 1 through 5 in the [CLI setup guide](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/).
+
+2. Run your newly created tunnel.
+
+   ```sh
+   cloudflared tunnel run <NAME>
+   ```
+
+   This will start a `cloudflared` instance and generate a unique `connector_id`.
+
+3. In a separate window or on another host, run the same command again:
+
+   ```sh
+   cloudflared tunnel run <NAME>
+   ```
+
+   This will initialize another `cloudflared` instance and generate another `connector_id`.
+
+4. Run `tunnel info` to show each `cloudflared` instance running your tunnel:
+
+   ```sh
+   cloudflared tunnel info <NAME>
+   ```
+
+This will output your tunnel UUID as well as two Connector IDs, one for each `cloudflared` process running your tunnel. With this command, you can also see that your tunnel is now being served by eight connections.
+

src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/index.mdx

@@ -11,81 +11,79 @@ Our lightweight and open-source connector, [`cloudflared`](https://github.com/cl
 
 ## `cloudflared` replicas
 
-Cloudflare Tunnel also allows users to deploy additional instances of our connector, `cloudflared`, for availability and failover scenarios. We refer to these unique instances as replicas. Each replica establishes four new connections which serve as additional points of ingress to your origin, should you need them. Each of the replicas will point to the same tunnel. This ensures that your network remains up in the event a single host running `cloudflared` goes down.
+Cloudflare Tunnel allows users to deploy additional instances of our connector, `cloudflared`, for availability and failover scenarios. We refer to these unique instances as replicas. Each replica establishes four new connections which serve as additional points of ingress to your origin, should you need them. Each of the replicas will point to the same tunnel. This ensures that your network remains up in the event a single host running `cloudflared` goes down.
+
+```mermaid
+graph LR
+	C((Cloudflare))
+	subgraph E[Private network]
+			cf1["cloudflared <br> (Tunnel-1 replica)"]
+			cf2["cloudflared <br> (Tunnel-1 replica)"]
+			S1[Application]
+			cf1-->S1
+			cf2-->S1
+	end
+	C -- "Connections x 4 <br>"--> cf1
+	C --> cf1
+	C --> cf1
+	C --> cf1
+	C -- Connections x 4--> cf2
+	C --> cf2
+	C --> cf2
+	C --> cf2
+```
 
 By design, replicas do not offer any level of traffic steering (random, hash, or round-robin). Instead, when a request arrives to Cloudflare, it will be forwarded to the replica that is geographically closest. If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.
 
 ### When to use `cloudflared` replicas
 
 - To provide additional points of availability for a single tunnel.
 - To allocate failover nodes within your network.
-- To update the configuration of a tunnel without downtime.
+- To update the configuration of a tunnel [without downtime](/cloudflare-one/connections/connect-networks/downloads/update-cloudflared/#update-with-multiple-cloudflared-instances).
 
-### Deploy `cloudflared` replicas
-
-To deploy multiple instances of `cloudflared`, you can create and configure one tunnel and run it on multiple hosts. If your tunnel runs as a service, only one `cloudflared` instance is allowed per host.
-
-<Details header="Remotely-managed tunnels" open = {true} >
-
-1. To create a remotely-managed tunnel, follow the [dashboard setup guide](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).
-2. On the **Tunnels** page, select your newly created tunnel. The **Connectors** section shows all of the `cloudflared` instances for that tunnel.
-3. Select **Configure**.
-4. Select the operating system of the host where you want to deploy a replica.
-5. Copy the installation command and run it on the host.
-
-The new replica will appear on the **Connectors** list for the tunnel.
-
-</Details>
-
-<Details header="Locally-managed tunnels">
-
-1. To create a locally-managed tunnel, complete Steps 1 through 5 in the [CLI setup guide](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/).
-
-2. Run your newly created tunnel.
-
-   ```sh
-   cloudflared tunnel run <NAME>
-   ```
-
-   This will start a `cloudflared` instance and generate a unique `connector_id`.
-
-3. In a separate window or on another host, run the same command again:
-
-   ```sh
-   cloudflared tunnel run <NAME>
-   ```
-
-   This will initialize another `cloudflared` instance and generate another `connector_id`.
-
-4. Run `tunnel info` to show each `cloudflared` instance running your tunnel:
-
-   ```sh
-   cloudflared tunnel info <NAME>
-   ```
-
-This will output your tunnel UUID as well as two Connector IDs, one for each `cloudflared` process running your tunnel. With this command, you can also see that your tunnel is now being served by eight connections.
-
-</Details>
-
-You can run the same tunnel across various `cloudflared` processes for up to 100 connections (25 replicas) per tunnel. Cloudflare Load Balancers and DNS records can still point to the tunnel and its UUID. Traffic will be sent to all `cloudflared` processes associated with the tunnel.
-
-:::note[Deploy replicas in Kubernetes]
-For information about running `cloudflared` in a Kubernetes deployment, refer to the [Kubernetes guide](/cloudflare-one/connections/connect-networks/deployment-guides/kubernetes/).
-:::
+For setup instructions, refer to [Deploy cloudflared replicas](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas/).
 
 ## Cloudflare Load Balancers
 
-[Cloudflare Load Balancing](/load-balancing/) allows users to proactively steer traffic away from unhealthy origins (or other <GlossaryTooltip term="endpoint" link="/glossary/?term=endpoint">endpoints</GlossaryTooltip>) and intelligently distribute the traffic load based on a multitude of steering algorithms. This process ensures that errors are not served to end users and empowers businesses to tightly couple overall business objectives to their traffic behavior.
-
-In this model, more than one tunnel is required with identical configurations. The DNS record (`UUID.cfargotunnel.com`) for each Cloudflare Tunnel can be used at the origin within the load balancer. You can then define traffic steering policies to determine how traffic should be routed to each tunnel.
+[Cloudflare Load Balancing](/load-balancing/) proactively steers traffic away from unhealthy origins and intelligently distributes the traffic load based on your choice of [steering algorithms](/load-balancing/understand-basics/traffic-steering/). Unlike [`cloudflared` replicas](#cloudflared-replicas) which all use the same tunnel, a typical load balancer setup requires creating multiple tunnels. Most customers will create one tunnel per data center and one load balancer pool per tunnel.
+
+```mermaid
+graph LR
+		accTitle: Load balancing traffic to applications behind Cloudflare Tunnel
+
+    A[Internet] --> C{Cloudflare <br> Load Balancer}
+    B[WARP clients] --> C
+		M[Magic WAN] --> C
+    C -- Tunnel 1 --> cf1
+    C -- Tunnel 2 --> cf2
+		subgraph F[Data center 2]
+				cf2[cloudflared <br> server]
+       	S3[App server]
+        S4[App server]
+				cf2-->S3
+				cf2-->S4
+    end
+		subgraph E[Data center 1]
+				cf1[cloudflared <br> server]
+        S1[App server]
+        S2[App server]
+				cf1-->S1
+				cf1-->S2
+    end
+```
 
 ### When to use load balancers
 
 - To intelligently steer traffic based on latency, geolocation, or other signals.
 - To implement failover logic if a tunnel reaches an inactive state.
-- To get alerted when a tunnel reaches an inactive state.
+- To get a [health alert](/notifications/notification-available/#load-balancing) when a tunnel reaches an inactive state.
 - To distribute traffic more evenly across your Cloudflare Tunnel-accessible origins or endpoints.
 
-### Deploy a load balancer
+For setup instructions, refer to [Public load balancers](/cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/) or [Private Network Load Balancing](/load-balancing/private-network/) depending on your [use case](#types-of-load-balancers).
+
+### Types of load balancers
+
+There are two types of load balancers that you can use with Cloudflare Tunnel endpoints:
 
-Refer to the [Load Balancer page](/cloudflare-one/connections/connect-networks/routing-to-tunnel/lb/) for more information.
+- [Public load balancers](/cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/) steer traffic from the Internet to applications published on a Cloudflare domain. Use this method if your service is served by Cloudflare Tunnel via a [published application route](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/#2a-publish-an-application).
+- [Private load balancers](/load-balancing/private-network/) steer traffic from WARP clients, Magic WAN, and other <GlossaryTooltip term = "on-ramp">on-ramps</GlossaryTooltip> to an internal IP on your private network. Use this method if your service is connected to Cloudflare Tunnel via a [CIDR route](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/).