https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/deploy-cloudflared-replicas/ we know that
By design, replicas do not offer any level of traffic steering (random, hash, or round-robin). Instead, when a request arrives to Cloudflare, it will be forwarded to the replica that is geographically closest. If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.
In our tests:
- We’ve created a tunnel with token ABC, and a subdomain (
https://gravatar-dev.webp.se) to that tunnel
- We started two tunnel in DE and US(west) with the same token.
- Using KeyCDN to test response
As a comparison,
https://gravater.webp.se is hosted in DE, and is not using Tunnel as baseline:
But when comparing those two subdomains:
From the image above we can see that in Amsterdam, the traffic is entering CF through AMS, but traffic is going to origin HIO(in US West), leading to a huge latency.(traffic should go through AMS → DE origin instead)
Another example is the test from US(west), this time we’ve moved US(west) node to US(east).
Traffic enters CF through SJC to origin HIO(US West), but the latency is 300+ms, but this should be under 80ms.
Cloudflare Tunnel replicas aren’t meant for geographic distribution, as you correctly mentioned from the docs, when traffic enters it’s assigned randomly to one of the available tunnels.
If you want actual traffic steering you need to use Load Balancers, with Tunnels as origins.
@matteo Indeed, but I don’t agree with [assigned randomly to one of the available tunnels]
As per docs it says
it will be forwarded to the replica that is geographically closest
And as a fallback
If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.
I fully understand the word “but there is no guarantee about which connection is chosen.”, but in my understanding this should at least provide some sort of geographically distribution?
(On my test if origin is in US west and traffic from US west can be stably routed to US west origins, while US east traffic will go randomly to US west or DE origins.
So could I understand that there might be some bug with [distance calculation] for cloudflare tunnel?
(Or might it be a feature to prevent users from using this for geographically distribution instead of using paid product Load Balancers?)
@n0vad3v you are right, the docs are not correct, and we will fix them.
Today, what is stated on the docs is partially true for a subset of features that Tunnel supports.
CDN traffic is exactly as described in the documentation. Soon, it will behave closely to what is described in the docs, but as stated, we can’t give that guarantee.
If you want to guarantee geo-graphically distribution of traffic you should use Load Balancers instead.
Thanks for reporting this, we will make sure that documentation is reviewed.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.