We have two servers: one on the US West Coast and another in the UK. Our site is served through Cloudflared tunnels from both servers.
The US server connects to the Cloudflare LAX data center with a latency of 2 ms (excellent). The UK server connects to the London data center with a latency of 5 ms (very good).
As expected, most end users connect to the Cloudflare data centers closest to them.
Now for the weird part: users in LA connect to Cloudflare’s LAX data center, but the tunnel forwarding their requests is assigned randomly. About half the time, the request is forwarded to our nearest edge server and the response comes back in a few milliseconds. The other half of the time, it’s routed all the way to the UK, which makes no sense. The same thing happens for users in the UK—the tunnel sometimes sends their traffic to the US server instead. That’s just plain silly. Is it by design and is there a way to fix it?
We tested this by creating a dynamic page that responds with the edge server name. Then requested this page from multiple locations including the servers themselves. And we observed that the page requested from the UK server half the time was produced by the LA server and visa versa. This is 100% reproducible on all our tunnels 100% of the time
We just created a new test environment, the URL is https://atstart.org/
After a test from several location I observed again the complete randomness of server assignment.
I’m not sure of how your tunnels are configured, but I had a similiar situation when I first implemented Cloudflared tunnels. We have two cloud data centers, one on the west coast (WC) and the other on the east coast (EC). I configured a single tunnel and had a connector from each data center configured on the tunnel. The connectors were correctly connecting to the closest data centers. However, I noticed when traffic was hitting the tunnel, it was randomly routing through different connectors. Therefore, traffic destined for the WC DC would randomly route through the EC connector and then route though our SD-WAN to our WC DC. My expectation was traffic destined for the WC DC would route through the connectors closest to the WC DC and vice versa for the EC DC. To solve, I created two different tunnels, one for the WC DC and the other for the EC DC. Each tunnel contains two connectors for redundancy. Using Gateway resolver policies, I was able to direct DNS queries to the appropriate tunnel where the resource was located.
Thanks for the info! Using Gateway resolver policies, did you retain the automatic failover protection implicit with using a single tunnel from different locations?