From 97468409f753e5a56e52ce55afb2027fae9f2a2a Mon Sep 17 00:00:00 2001 From: Angela Costa Date: Wed, 30 Apr 2025 10:21:23 +0100 Subject: [PATCH 1/4] LB updates --- .../load-balancing-china.mdx | 5 +++-- .../load-balancers/dns-records.mdx | 2 +- .../load-balancing/load-balancers/index.mdx | 6 +++++ .../load-balancing/private-network/index.mdx | 2 ++ .../load-balancing-components.mdx | 6 ++++- .../dns-load-balancing-limitations.mdx | 1 + .../layer-7-load-balancing-benefits.mdx | 1 + .../load-balancing/load-balancer-create.mdx | 22 ++++++++++--------- .../load-balancer-definition.mdx | 2 +- .../session-affinity-definition.mdx | 4 ++++ 10 files changed, 36 insertions(+), 15 deletions(-) diff --git a/src/content/docs/load-balancing/additional-options/load-balancing-china.mdx b/src/content/docs/load-balancing/additional-options/load-balancing-china.mdx index d9fbf761f2d8b0e..a92dd9d24348a53 100644 --- a/src/content/docs/load-balancing/additional-options/load-balancing-china.mdx +++ b/src/content/docs/load-balancing/additional-options/load-balancing-china.mdx @@ -25,5 +25,6 @@ https://api.cloudflare.com/client/v4/zones/{zone_id}/load_balancers Load balancers deployed to the China Network currently have the following limitations: -1. Only cookie-based session affinity is supported. -2. Private network off-ramps (Tunnel, GRE, IPsec) are not supported. +- Only cookie-based session affinity is supported. +- Private network off-ramps (Tunnel, GRE, IPsec) are not supported. +- Private Network Load Balancing is not available on the China Network. diff --git a/src/content/docs/load-balancing/load-balancers/dns-records.mdx b/src/content/docs/load-balancing/load-balancers/dns-records.mdx index 2acb51acde41fc6..dc854a4510142ad 100644 --- a/src/content/docs/load-balancing/load-balancers/dns-records.mdx +++ b/src/content/docs/load-balancing/load-balancers/dns-records.mdx @@ -9,7 +9,7 @@ head: --- -When you [create a load balancer](/load-balancing/load-balancers/create-load-balancer/), Cloudflare automatically creates an LB DNS record for the specified **Hostname**. This functionality allows you to use a hostname with or without an existing DNS record. +When you [create a load balancer](/load-balancing/load-balancers/create-load-balancer/), Cloudflare automatically creates an LB DNS record for the specified **Hostname**. This functionality allows you to use a hostname with or without an existing DNS record. Private load balancers do not receive an automatic DNS record. Instead, you can configure a hostname using your internal DNS system or by applying a Gateway Firewall override. ## Supported records diff --git a/src/content/docs/load-balancing/load-balancers/index.mdx b/src/content/docs/load-balancing/load-balancers/index.mdx index e279d6c4bcf68e8..e6e129f5635b541 100644 --- a/src/content/docs/load-balancing/load-balancers/index.mdx +++ b/src/content/docs/load-balancing/load-balancers/index.mdx @@ -22,6 +22,12 @@ For an overview of how the Cloudflare Load Balancing solution works, refer to [L For suggestions, refer to [Common load balancer configurations](/load-balancing/load-balancers/common-configurations/). +## Public vs. Private Load Balancers + +Public Load Balancers are designed to handle traffic from the public internet. When deployed, they automatically receive a hostname, making them immediately accessible. These load balancers can direct traffic to a range of destinations, including public hostnames, public IP addresses, and private IP addresses. + +Private Load Balancers, in contrast, are meant for internal use within private networks. They do not automatically receive a hostname, but one can be assigned via Gateway Firewall Policies or through an internal DNS system. Private Load Balancers only accept traffic over a private network on-ramp, such as [Cloudflare WARP ](/warp-client/) or [Magic WAN](/magic-wan/). They are capable of forwarding traffic exclusively to private IP addresses. + ## Load balancing and existing DNS records For details about DNS records, refer to [DNS records for load balancing](/load-balancing/load-balancers/dns-records/). diff --git a/src/content/docs/load-balancing/private-network/index.mdx b/src/content/docs/load-balancing/private-network/index.mdx index eedd6cdfbe48903..ac80cd89f8680d6 100644 --- a/src/content/docs/load-balancing/private-network/index.mdx +++ b/src/content/docs/load-balancing/private-network/index.mdx @@ -54,3 +54,5 @@ Private Network Load Balancing on-ramps, on the other hand, refer to secure path * **Intelligent traffic routing**: Benefit from failover for your private traffic and have the ability to monitor the health of these IP targets directly, rather than load balancing to a tunnel and only monitoring the health of the tunnel itself. * **Host applications on non-standard ports**: Easily specify and route traffic to applications hosted on private IP addresses using non-standard ports, allowing greater flexibility in service configuration without requiring changes to existing infrastructure. + +* **Public and Private Load Balancers**: Public LBs can direct internet traffic to private IP addresses, supporting all L7 products like WAF and API Shield. Private LBs direct traffic originating from private networks to private IP addresses and require an on-ramp like WARP or Magic WAN. \ No newline at end of file diff --git a/src/content/docs/load-balancing/understand-basics/load-balancing-components.mdx b/src/content/docs/load-balancing/understand-basics/load-balancing-components.mdx index 7ddd2fc21e6f739..e978bd021a5bf97 100644 --- a/src/content/docs/load-balancing/understand-basics/load-balancing-components.mdx +++ b/src/content/docs/load-balancing/understand-basics/load-balancing-components.mdx @@ -14,10 +14,14 @@ This page provides a simplified overview of the three main components of the Clo For a hostname (`blog.example.com`) to resolve, the Domain Name System (DNS) must return an IP address, where the website or application is hosted (origin). -When you set up a load balancer, Cloudflare automatically creates an [LB DNS record](/load-balancing/load-balancers/dns-records/) for the specified hostname. This means that, according to a [priority order](/load-balancing/load-balancers/dns-records/#priority-order), instead of simply returning an IP address, the logic you introduced using the Cloudflare Load Balancing solution will be considered. +When you set up a public load balancer, Cloudflare automatically creates an [LB DNS record](/load-balancing/load-balancers/dns-records/) for the specified hostname. This means that, according to a [priority order](/load-balancing/load-balancers/dns-records/#priority-order), instead of simply returning an IP address, the logic you introduced using the Cloudflare Load Balancing solution will be considered. Note that you can use the root domain as a Load Balancer hostname. When doing so, make sure you enter the hostname without including the auto-generated dot that typically precedes your zone's name. +:::note +Private load balancers are not automatically associated with a hostname. Private load balancers are created with either a CGNAT IP address or a custom RFC-1918 IP address. +::: + ## Pools diff --git a/src/content/partials/load-balancing/dns-load-balancing-limitations.mdx b/src/content/partials/load-balancing/dns-load-balancing-limitations.mdx index cd0c65492d6d705..a2dcf673e368518 100644 --- a/src/content/partials/load-balancing/dns-load-balancing-limitations.mdx +++ b/src/content/partials/load-balancing/dns-load-balancing-limitations.mdx @@ -11,3 +11,4 @@ In comparison to proxied, layer 7 load balancing, DNS-only load balancing: * Increases authoritative queries against Cloudflare, which can potentially cost more for customers with usage-based billing. * Does not support [session affinity](/load-balancing/understand-basics/session-affinity/). * Geo-locates traffic based on the data center associated with the ECS source address, if available. If not available, geo-locates based on a user's recursive resolver, which can sometimes cause issues with [latency-based steering](/load-balancing/understand-basics/traffic-steering/steering-policies/dynamic-steering/). +* Does not support [Private Network Load Balancing](/load-balancing/private-network/). diff --git a/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx b/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx index 9ab9ea3e4cf92ca..a3712307e82c770 100644 --- a/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx +++ b/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx @@ -11,3 +11,4 @@ In comparison to DNS-only load balancing, layer 7 load balancing: * Reduces authoritative queries against Cloudflare, which can potentially save money for customers with usage-based billing. * Supports customized [session affinity](/load-balancing/understand-basics/session-affinity/) and [endpoint drain](/load-balancing/understand-basics/session-affinity/#endpoint-drain). * More accurately geo-locates traffic, using the data center associated with the user making the request instead of the data center associated with a user's recursive resolver. +* Supports Private IP addresses with [Private Network Load Balancing](/load-balancing/private-network/). diff --git a/src/content/partials/load-balancing/load-balancer-create.mdx b/src/content/partials/load-balancing/load-balancer-create.mdx index 0b62ac533f3f58d..9003167c1c4219f 100644 --- a/src/content/partials/load-balancing/load-balancer-create.mdx +++ b/src/content/partials/load-balancing/load-balancer-create.mdx @@ -9,33 +9,35 @@ To create a load balancer in the dashboard: 2. Select **Create Load Balancer**. -3. On the **Hostname** page: +3. On the **Load Balancer Setup** page select the type of Load Balancer. + +4. On the **Hostname** page: * Enter a **Hostname**, which is the DNS name at which the load balancer is available. For more details on record priority, refer to [DNS records for load balancing](/load-balancing/load-balancers/dns-records/). * Toggle the orange cloud icon to update the [proxy mode](/load-balancing/understand-basics/proxy-modes/), which affects how traffic is routed and which IP addresses are advertised. * If you want [session-based load balancing](/load-balancing/understand-basics/session-affinity/), toggle the **Session Affinity** switch. -4. Select **Next**. +5. Select **Next**. -5. On the **Add a Pool** page: +6. On the **Add a Pool** page: * Select one or more existing pools or [create a new pool](/load-balancing/pools/create-pool/#create-a-pool). * If you are going to set [traffic steering](/load-balancing/understand-basics/traffic-steering/steering-policies/standard-options/) to **Off**, re-order the pools in your load balancer to adjust the fallback order. * If needed, update the [**Fallback Pool**](/load-balancing/understand-basics/health-details/#fallback-pools). * If you choose to set traffic steering to **Random**, you can set [Weights](/load-balancing/understand-basics/traffic-steering/steering-policies/standard-options/#random-steering) (via the API) to your pools to determine the percentage of traffic sent to each pool. -6. Select **Next**. +7. Select **Next**. -7. On the **Monitors** page: +8. On the **Monitors** page: * Review the monitors attached to your pools. * If needed, you can attach an existing monitor or [create a new monitor](/load-balancing/monitors/create-monitor/#create-a-monitor). -8. Select **Next**. +9. Select **Next**. -9. On the **Traffic Steering** page, choose an option for [Traffic steering](/load-balancing/understand-basics/traffic-steering/steering-policies/) and select **Next**. +10. On the **Traffic Steering** page, choose an option for [Traffic steering](/load-balancing/understand-basics/traffic-steering/steering-policies/) and select **Next**. -10. On the **Custom Rules** page, select an existing rule or [create a new rule](/load-balancing/additional-options/load-balancing-rules/). +11. On the **Custom Rules** page, select an existing rule or [create a new rule](/load-balancing/additional-options/load-balancing-rules/). -11. Select **Next**. +12. Select **Next**. -12. On the **Review** page: +13. On the **Review** page: * Review your configuration and make any changes. * Choose whether to **Save as Draft** or **Save and Deploy**. diff --git a/src/content/partials/load-balancing/load-balancer-definition.mdx b/src/content/partials/load-balancing/load-balancer-definition.mdx index 814c92aafadc60b..7c7f1e2775cb3b6 100644 --- a/src/content/partials/load-balancing/load-balancer-definition.mdx +++ b/src/content/partials/load-balancing/load-balancer-definition.mdx @@ -3,4 +3,4 @@ --- -A load balancer distributes traffic among pools according to [pool health](/load-balancing/understand-basics/health-details/) and [traffic steering policies](/load-balancing/understand-basics/traffic-steering/steering-policies/). Each load balancer is identified by its DNS hostname (`lb.example.com`, `dev.example.com`, etc.). +A load balancer distributes traffic among pools according to [pool health](/load-balancing/understand-basics/health-details/) and [traffic steering policies](/load-balancing/understand-basics/traffic-steering/steering-policies/). Each load balancer is identified by its DNS hostname (`lb.example.com`, `dev.example.com`, etc.) or IP address. diff --git a/src/content/partials/load-balancing/session-affinity-definition.mdx b/src/content/partials/load-balancing/session-affinity-definition.mdx index e82e0bb3cf6a5e7..457703c7c032ae8 100644 --- a/src/content/partials/load-balancing/session-affinity-definition.mdx +++ b/src/content/partials/load-balancing/session-affinity-definition.mdx @@ -6,3 +6,7 @@ When you enable session affinity, your load balancer directs all requests from a particular end user to a specific endpoint. This continuity preserves information about the user session — such as items in their shopping cart — that might otherwise be lost if requests were spread out among multiple servers. Session affinity can also help reduce network requests, leading to savings for customers with usage-based billing. + +:::note +Session Affinity is only supported by Public Load Balancers. +::: From e0638b7b760e58b25d88f65faf82530222174e82 Mon Sep 17 00:00:00 2001 From: angelampcosta <92738954+angelampcosta@users.noreply.github.com> Date: Wed, 30 Apr 2025 17:31:44 +0100 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> --- src/content/docs/load-balancing/load-balancers/index.mdx | 4 ++-- src/content/docs/load-balancing/private-network/index.mdx | 2 +- .../load-balancing/layer-7-load-balancing-benefits.mdx | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/content/docs/load-balancing/load-balancers/index.mdx b/src/content/docs/load-balancing/load-balancers/index.mdx index e6e129f5635b541..65b39f5883c7eeb 100644 --- a/src/content/docs/load-balancing/load-balancers/index.mdx +++ b/src/content/docs/load-balancing/load-balancers/index.mdx @@ -24,9 +24,9 @@ For suggestions, refer to [Common load balancer configurations](/load-balancing/ ## Public vs. Private Load Balancers -Public Load Balancers are designed to handle traffic from the public internet. When deployed, they automatically receive a hostname, making them immediately accessible. These load balancers can direct traffic to a range of destinations, including public hostnames, public IP addresses, and private IP addresses. +Public Load Balancers are designed to handle traffic from the public Internet. When deployed, they automatically receive a hostname, making them immediately accessible. These load balancers can direct traffic to a range of destinations, including public hostnames, public IP addresses, and private IP addresses. -Private Load Balancers, in contrast, are meant for internal use within private networks. They do not automatically receive a hostname, but one can be assigned via Gateway Firewall Policies or through an internal DNS system. Private Load Balancers only accept traffic over a private network on-ramp, such as [Cloudflare WARP ](/warp-client/) or [Magic WAN](/magic-wan/). They are capable of forwarding traffic exclusively to private IP addresses. +Private Load Balancers, in contrast, are meant for internal use within private networks. They do not automatically receive a hostname, but one can be assigned via Gateway Firewall Policies or through an internal DNS system. Private Load Balancers only accept traffic over a private network on-ramp, such as [Cloudflare WARP](/warp-client/) or [Magic WAN](/magic-wan/). They are capable of forwarding traffic exclusively to private IP addresses. ## Load balancing and existing DNS records diff --git a/src/content/docs/load-balancing/private-network/index.mdx b/src/content/docs/load-balancing/private-network/index.mdx index ac80cd89f8680d6..89ce5bc377c22e9 100644 --- a/src/content/docs/load-balancing/private-network/index.mdx +++ b/src/content/docs/load-balancing/private-network/index.mdx @@ -55,4 +55,4 @@ Private Network Load Balancing on-ramps, on the other hand, refer to secure path * **Host applications on non-standard ports**: Easily specify and route traffic to applications hosted on private IP addresses using non-standard ports, allowing greater flexibility in service configuration without requiring changes to existing infrastructure. -* **Public and Private Load Balancers**: Public LBs can direct internet traffic to private IP addresses, supporting all L7 products like WAF and API Shield. Private LBs direct traffic originating from private networks to private IP addresses and require an on-ramp like WARP or Magic WAN. \ No newline at end of file +* **Public and Private Load Balancers**: Public LBs can direct Internet traffic to private IP addresses, supporting all L7 products like WAF and API Shield. Private LBs direct traffic originating from private networks to private IP addresses and require an on-ramp like WARP or Magic WAN. \ No newline at end of file diff --git a/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx b/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx index a3712307e82c770..9dfc53ccb56e590 100644 --- a/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx +++ b/src/content/partials/load-balancing/layer-7-load-balancing-benefits.mdx @@ -11,4 +11,4 @@ In comparison to DNS-only load balancing, layer 7 load balancing: * Reduces authoritative queries against Cloudflare, which can potentially save money for customers with usage-based billing. * Supports customized [session affinity](/load-balancing/understand-basics/session-affinity/) and [endpoint drain](/load-balancing/understand-basics/session-affinity/#endpoint-drain). * More accurately geo-locates traffic, using the data center associated with the user making the request instead of the data center associated with a user's recursive resolver. -* Supports Private IP addresses with [Private Network Load Balancing](/load-balancing/private-network/). +* Supports private IP addresses with [Private Network Load Balancing](/load-balancing/private-network/). From 2db3b69e8aa8474681e3fd00fd5688bc6d0c049d Mon Sep 17 00:00:00 2001 From: angelampcosta <92738954+angelampcosta@users.noreply.github.com> Date: Wed, 30 Apr 2025 17:59:10 +0100 Subject: [PATCH 3/4] Update src/content/docs/load-balancing/load-balancers/dns-records.mdx --- src/content/docs/load-balancing/load-balancers/dns-records.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/load-balancing/load-balancers/dns-records.mdx b/src/content/docs/load-balancing/load-balancers/dns-records.mdx index dc854a4510142ad..4d7c05c820d3f93 100644 --- a/src/content/docs/load-balancing/load-balancers/dns-records.mdx +++ b/src/content/docs/load-balancing/load-balancers/dns-records.mdx @@ -9,7 +9,7 @@ head: --- -When you [create a load balancer](/load-balancing/load-balancers/create-load-balancer/), Cloudflare automatically creates an LB DNS record for the specified **Hostname**. This functionality allows you to use a hostname with or without an existing DNS record. Private load balancers do not receive an automatic DNS record. Instead, you can configure a hostname using your internal DNS system or by applying a Gateway Firewall override. +When you [create a load balancer](/load-balancing/load-balancers/create-load-balancer/), Cloudflare automatically creates an LB DNS record for the specified **Hostname**. This functionality allows you to use a hostname with or without an existing DNS record. Private load balancers do not receive an automatic DNS record. Instead, you can configure a hostname using your internal DNS system or by applying a [Gateway Firewall override](/cloudflare-one/policies/gateway/dns-policies/#override) to a hostname. ## Supported records From 41a4b4e0f8d790dbd753f8fb600f4a2b897c6841 Mon Sep 17 00:00:00 2001 From: Angela Costa Date: Mon, 5 May 2025 10:29:29 +0100 Subject: [PATCH 4/4] Adds more info to create a public and a private lb --- .../load-balancing/load-balancer-create.mdx | 43 +++++++++++++++++-- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/src/content/partials/load-balancing/load-balancer-create.mdx b/src/content/partials/load-balancing/load-balancer-create.mdx index 9003167c1c4219f..0eddd6c4f2e92bb 100644 --- a/src/content/partials/load-balancing/load-balancer-create.mdx +++ b/src/content/partials/load-balancing/load-balancer-create.mdx @@ -3,18 +3,23 @@ --- -To create a load balancer in the dashboard: +To create a Public or a Private load balancer in the dashboard: -1. Go to **Traffic** > **Load Balancing**. +### Create a Public load balancer -2. Select **Create Load Balancer**. +1. Go to **Load Balancing** and select **Create load balancer**. -3. On the **Load Balancer Setup** page select the type of Load Balancer. +2. On the **Load Balancer Setup**, select **Public load balancer** + +3. Choose the website to which you want to add this load balancer. 4. On the **Hostname** page: * Enter a **Hostname**, which is the DNS name at which the load balancer is available. For more details on record priority, refer to [DNS records for load balancing](/load-balancing/load-balancers/dns-records/). + * From the **Data Localization** dropdown, select the [region](/data-localization/how-to/load-balancing/#regional-services) you would like to use on your domain. * Toggle the orange cloud icon to update the [proxy mode](/load-balancing/understand-basics/proxy-modes/), which affects how traffic is routed and which IP addresses are advertised. + * Add a description for your load balancer. * If you want [session-based load balancing](/load-balancing/understand-basics/session-affinity/), toggle the **Session Affinity** switch. + * If you want [Adaptive Routing](/load-balancing/understand-basics/adaptive-routing/), toggle the **Adaptive Routing** switch. 5. Select **Next**. @@ -41,3 +46,33 @@ To create a load balancer in the dashboard: 13. On the **Review** page: * Review your configuration and make any changes. * Choose whether to **Save as Draft** or **Save and Deploy**. + +### Create a Private load balancer + +1. Go to **Load Balancing** and select **Create load balancer**. + +2. On the **Load Balancer Setup**, select **Private load balancer** + +3. Associate your load balancer with either a Cloudflare private IP or a specified IP address and create a description for your load balancer. + +4. On the **Add a Pool** page: + * Select one or more existing pools or [create a new pool](/load-balancing/pools/create-pool/#create-a-pool). + * If you are going to set [traffic steering](/load-balancing/understand-basics/traffic-steering/steering-policies/standard-options/) to **Off**, re-order the pools in your load balancer to adjust the fallback order. + * If needed, update the [**Fallback Pool**](/load-balancing/understand-basics/health-details/#fallback-pools). + * If you choose to set traffic steering to **Random**, you can set [Weights](/load-balancing/understand-basics/traffic-steering/steering-policies/standard-options/#random-steering) (via the API) to your pools to determine the percentage of traffic sent to each pool. + +5. Select **Next**. + +6. On the **Monitors** page: + * Review the monitors attached to your pools. + * If needed, you can attach an existing monitor or [create a new monitor](/load-balancing/monitors/create-monitor/#create-a-monitor). + +7. Select **Next**. + +8. On the **Traffic Steering** page, choose an option for [Traffic steering](/load-balancing/understand-basics/traffic-steering/steering-policies/) and select **Next**. + +9. Select **Next**. + +10. On the **Review** page: + * Review your configuration and make any changes. + * Choose whether to **Save as Draft** or **Save and Deploy**.