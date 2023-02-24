Types of load balancers

3 min read

With Cloudflare, you can choose between three types of load balancers:

​​ Layer 7 load balancing

Layer 7 load balancers direct traffic to specific servers based on information present in each HTTP/HTTPS request (HTTP headers, URI, cookies, type of data, etc.).

When a client visits your application, Cloudflare directs their request to a healthy origin server (determined by your traffic steering policy and origin weights).

Cloudflare performs layer 7 load balancing when traffic to your hostname is proxied through Cloudflare. In the Load Balancing dashboard, these load balancers are marked with an orange cloud.

In comparison to DNS-only load balancing, layer 7 load balancing:

Protects origin servers from DDoS attacks by hiding their IP addresses.

Offers faster failover and more accurate routing, which can otherwise be affected by DNS caching.

Integrates with other Cloudflare features such as caching, Workers, and the WAF.

Reduces authoritative queries against Cloudflare, which can potentially save money for customers with usage-based billing.

Supports customized session affinity and origin drain .

and . More accurately geo-locates traffic, using the data center associated with the user making the request instead of the data center associated with a user’s recursive resolver.

​​ DNS-only load balancing

DNS-only load balancers route traffic by returning specific IP addresses in response to a client’s DNS query.

When a client visits your application, Cloudflare provides the address for a healthy origin server (determined by your traffic steering policy and origin-level steering policy). However, Cloudflare relies on DNS resolvers respecting the short TTL to re-query Cloudflare’s DNS for an updated list of healthy addresses. If a client has a cached DNS response, they will go to their previous destination, potentially ignoring your load balancer.

Cloudflare performs DNS-only load balancing when traffic to your hostname is not proxied through Cloudflare. In the Load Balancing dashboard, these load balancers are marked with a gray cloud.

If your load balancer is attached to a hostname used for an MX or SRV record — and not an A , AAAA , or CNAME record — its proxy mode should be DNS-only.



In comparison to proxied, layer 7 load balancing, DNS-only load balancing:

Does not hide the IP addresses of your origin servers, leaving them vulnerable to DDoS attacks.

Performs slower failover and less accurate routing, because it has to rely on DNS resolvers and cache settings.

Cannot integrate with other Cloudflare features such as caching, Workers, and the WAF.

Increases authoritative queries against Cloudflare, which can potentially cost more for customers with usage-based billing.

Supports standard session affinity .

. Geo-locates traffic based on the data center associated with the ECS source address, if available. If not available, geo-locates based a user’s recursive resolver, which can sometimes cause issues with latency-based steering .

​​ Layer 4 load balancing

Layer 4 load balancers route traffic by forwarding traffic to certain ports or IP addresses.

Cloudflare currently only supports layer 4 load balancing as part of Cloudflare Spectrum. Since Spectrum operates at the TCP level, it does not have the information to support features like session affinity, custom rules, or caching.





