From docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/deploy-cloudflared-replicas/ we know that
By design, replicas do not offer any level of traffic steering (random, hash, or round-robin). Instead, when a request arrives to Cloudflare, it will be forwarded to the replica that is geographically closest. If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.
In our tests:
We’ve created a tunnel with token ABC, and a subdomain (https://gravatar-dev.webp.se) to that tunnel
We started two tunnel in DE and US(west) with the same token.
Using KeyCDN to test response
As a comparison, https://gravater.webp.se is hosted in DE, and is not using Tunnel as baseline:
From the image above we can see that in Amsterdam, the traffic is entering CF through AMS, but traffic is going to origin HIO(in US West), leading to a huge latency.(traffic should go through AMS → DE origin instead)
Cloudflare Tunnel replicas aren’t meant for geographic distribution, as you correctly mentioned from the docs, when traffic enters it’s assigned randomly to one of the available tunnels.
If you want actual traffic steering you need to use Load Balancers, with Tunnels as origins.
@matteo Indeed, but I don’t agree with [assigned randomly to one of the available tunnels]
As per docs it says
it will be forwarded to the replica that is geographically closest
And as a fallback
If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.
I fully understand the word “but there is no guarantee about which connection is chosen.”, but in my understanding this should at least provide some sort of geographically distribution?
(On my test if origin is in US west and traffic from US west can be stably routed to US west origins, while US east traffic will go randomly to US west or DE origins.
So could I understand that there might be some bug with [distance calculation] for cloudflare tunnel?
(Or might it be a feature to prevent users from using this for geographically distribution instead of using paid product Load Balancers?)
@n0vad3v you are right, the docs are not correct, and we will fix them.
Today, what is stated on the docs is partially true for a subset of features that Tunnel supports.
CDN traffic is exactly as described in the documentation. Soon, it will behave closely to what is described in the docs, but as stated, we can’t give that guarantee.
If you want to guarantee geo-graphically distribution of traffic you should use Load Balancers instead.
Thanks for reporting this, we will make sure that documentation is reviewed.
