kgess-mirror/cloudflare-docs
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflare-docs.git synced 2026-01-16 23:11:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 65

docs update (#27144)

Browse source 
* docs update

add tunnel/lb docs

* Apply suggestions from code review

* Apply suggestions from code review

---------

Co-authored-by: angelampcosta <92738954+angelampcosta@users.noreply.github.com>
This commit is contained in:
ncrouch-cflare 2025-12-16 11:11:30 -05:00 committed by GitHub
parent 996b6750c2
commit fc703eb44d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 84 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/content/docs/load-balancing/private-network/index.mdx
View file

@ -4,10 +4,10 @@ title: Private Network Load Balancing
sidebar:
order: 6
head: []
description: Use Private Network Load Balancing to load balance traffic between servers within a
description:
Use Private Network Load Balancing to load balance traffic between servers within a
data center or between private applications, and eliminate the need for
hardware appliances.
---
Private Network Load Balancing enables you to load balance traffic between servers within a data center ([endpoint steering](/load-balancing/understand-basics/traffic-steering/origin-level-steering/)) and between private applications. This helps you eliminate the need for hardware appliances and facilitates the migration of your infrastructure to the cloud, providing advantages such as elastic scalability and enhanced reliability.
@ -19,7 +19,7 @@ Private Network Load Balancing supports not only public IPs but also virtual IPs
This page assumes a certain level of familiarity with how the Cloudflare Load Balancing solution works. For an introductory overview refer to [Load Balancing components](/load-balancing/understand-basics/load-balancing-components/).
:::
***
---
## Off-ramps
@ -29,17 +29,17 @@ Since traffic steering decisions or failover mechanisms rely on the health infor
### Tunnel
Currently, to be able to connect to private IP origins, Cloudflare load balancers require a [Cloudflare tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) with an associated [virtual network (VNet)](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/).
Currently, to be able to connect to private IP origins, Cloudflare load balancers require a [Cloudflare tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) with an associated [virtual network (VNet)](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/). If you are connecting to your endpoints using a [published application route](/cloudflare-one/networks/connectors/cloudflare-tunnel/routing-to-tunnel/public-load-balancers) a VNet is not necessary.
Once the endpoint and virtual network (VNet) tunnel association is configured, Cloudflare can determine not only the tunnel health but also the health of the corresponding virtual or private IP targets.
Refer to [Set up Private Network Load Balancing with WARP-to-Tunnel](/load-balancing/private-network/warp-to-tunnel/) for a detailed guide.
Refer to [Set up Private Network Load Balancing for Public traffic to Tunnel](/load-balancing/private-network/public-to-tunnel/) for a detailed guide.
### Magic WAN
Private Network Load Balancing supports off-ramping traffic for Magic WAN tunnels, such as GRE, IPSec or CNI tunnels. For more information refer to the [Set up Private Network Load Balancing with Magic WAN](/load-balancing/private-network/magic-wan/).
***
---
## On-ramps
@ -49,14 +49,14 @@ Private Network Load Balancing on-ramps, on the other hand, refer to secure path
When using [Spectrum](/spectrum/) as an on-ramp and [Magic WAN](/load-balancing/private-network/#magic-wan) as an off-ramp the [proxy protocol](/spectrum/how-to/enable-proxy-protocol/) setting in Spectrum is not supported.
:::
***
---
## Use cases
* **Requests originating from the public Internet and directed to a private/internal service**: You can route requests from the Internet to your internal services on internal IPs - such as accounting or production automation systems - using [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/).
- **Requests originating from the public Internet and directed to a private/internal service**: You can route requests from the Internet to your internal services on internal IPs - such as accounting or production automation systems - using [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/).
* **Intelligent traffic routing**: Benefit from failover for your private traffic and have the ability to monitor the health of these IP targets directly, rather than load balancing to a tunnel and only monitoring the health of the tunnel itself.
- **Intelligent traffic routing**: Benefit from failover for your private traffic and have the ability to monitor the health of these IP targets directly, rather than load balancing to a tunnel and only monitoring the health of the tunnel itself.
* **Host applications on non-standard ports**: Easily specify and route traffic to applications hosted on private IP addresses using non-standard ports, allowing greater flexibility in service configuration without requiring changes to existing infrastructure.
- **Host applications on non-standard ports**: Easily specify and route traffic to applications hosted on private IP addresses using non-standard ports, allowing greater flexibility in service configuration without requiring changes to existing infrastructure.
* **Public and Private Load Balancers**: Public LBs can direct Internet traffic to private IP addresses, supporting all L7 products like WAF and API Shield. Private LBs direct traffic originating from private networks to private IP addresses and require an on-ramp like WARP or Magic WAN.
- **Public and Private Load Balancers**: Public LBs can direct Internet traffic to private IP addresses, supporting all L7 products like WAF and API Shield. Private LBs direct traffic originating from private networks to private IP addresses and require an on-ramp like WARP or Magic WAN.

73
src/content/docs/load-balancing/private-network/public-to-tunnel.mdx Normal file
View file

@ -0,0 +1,73 @@
---
pcx_content_type: how-to
title: Set up Private Network Load Balancing for Public traffic to Tunnel
sidebar:
order: 2
---
import { Render, TabItem, Tabs, APIRequest } from "~/components";
Consider the following steps to learn how to configure Private Network Load Balancing solution, using [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) as the off-ramp to securely connect to your private or internal services.
## 1. Configure a Cloudflare tunnel with an assigned virtual network
The specific configuration steps can vary depending on your infrastructure and services you are looking to connect. If you are not familiar with Cloudflare Tunnel, the pages linked on each step provide more guidance.
1. [Create a tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/#1-create-a-tunnel) to connect your data center to Cloudflare.
2. Create a [virtual network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/) and assign it to the tunnel you configured in the previous step.
<Tabs> <TabItem label="Dashboard">
To create a virtual network:
1. Within the [Zero Trust dashboard](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client** and find the **Virtual networks** setting.
2. Select **Add new** or **Manage** > **Create virtual network** to create virtual networks.
3. Define your virtual network name and select **Save**.
To assign the virtual network to the tunnel:
1. Go to **Networks** > **Tunnels**.
2. Select the tunnel you created in the previous steps and select **Configure**.
3. Under **Private Network**, select **Add a private network**.
4. Specify an IP range under **CIDR** and select the virtual network under **Additional settings**.
5. Select **Save private network**.
</TabItem> <TabItem label="cli">
To create a virtual network:
```sh
cloudflared tunnel vnet add <VNET_NAME>
```
To assign the virtual network to the tunnel:
```sh
cloudflared tunnel route ip add --vnet <VNET_NAME> <IP_RANGE> <TUNNEL_NAME>
```
</TabItem> </Tabs>
## 2. Configure Cloudflare Load Balancing
Once you have Cloudflare tunnels with associated virtual networks (VNets) configured, the VNets can be specified for each endpoint when you [create or edit a pool](/load-balancing/pools/create-pool/#create-a-pool). This will enable Cloudflare load balancers to use the correct tunnel and securely reach the private IP endpoints.
The specific configuration will vary depending on your use case. Refer to the following steps to understand the workflow.
1. [Create the Load Balancing monitor](/load-balancing/monitors/create-monitor/) according to your needs.
2. [Create the pool](/load-balancing/pools/create-pool/) specifying your private IP addresses and corresponding virtual networks.
:::note
- Currently, Cloudflare does not support entering the same endpoint IP addresses more than once, even when using different virtual networks.
- All endpoints with private IPs must have `virtual_network_id` specified.
:::
3. [Create the load balancer](/load-balancing/load-balancers/create-load-balancer/), specifying the pool and monitor you created in the previous steps, as well as the desired [global traffic steering policies](/load-balancing/understand-basics/traffic-steering/steering-policies/) and [custom rules](/load-balancing/additional-options/load-balancing-rules/).
:::caution[Spectrum limitations]
If you will use the load balancer with [Spectrum](/spectrum/), consider the applicable [limitations](/load-balancing/additional-options/spectrum/#limitations) on load balancing and monitoring options.
:::