Set up private IPs with Tunnel
Consider the following steps to learn how to configure Private Network Load Balancing solution, using Cloudflare Tunnel as the off-ramp to securely connect to your private or internal services.
The specific configuration steps can vary depending on your infrastructure and services you are looking to connect. If you are not familiar with Cloudflare Tunnel, the pages linked on each step provide more guidance.
- Create a tunnel.
- Deploy the tunnel to connect to your data center.
- Create a virtual network and assign it to the tunnel you configured in the previous steps.
To create a virtual network:
- Within the Zero Trust dashboard ↗, go to Settings > WARP Client and find the Virtual networks setting.
- Select Add new or Manage > Create virtual network to create virtual networks.
- Define your virtual network name and select Save.
To assign the virtual network to the tunnel:
- Go to Networks > Tunnels.
- Select the tunnel you created in the previous steps and select Configure.
- Under Private Network, select Add a private network.
- Specify an IP range under CIDR and select the virtual network under Additional settings.
- Select Save private network.
To create a virtual network:
To assign the virtual network to the tunnel:
Once you have Cloudflare tunnels with associated virtual networks (VNets) configured, the VNets can be specified for each endpoint when you create or edit a pool. This will enable Cloudflare load balancers to use the correct tunnel and securely reach the private IP endpoints.
The specific configuration will vary depending on your use case. Refer to the following steps to understand the workflow.
- Create the Load Balancing monitor according to your needs.
- Create the pool specifying your private IP addresses and corresponding virtual networks.
You can create a pool within the load balancer workflow or in the Pools section of the dashboard:
-
Go to Traffic > Load Balancing.
-
Select Manage Pools and then Create.
-
For your pool, enter the following information:
- A name (must be unique)
- A description to provide more detail on the name
- A choice for Endpoint Steering, which affects how your pool routes traffic to each endpoint
-
For each endpoint, enter the following information:
- A name (must be unique)
- The endpoint address or associated hostname
- (Optional) A Virtual Network. Required when the endpoint has a private IP address.
- A Weight
- (Optional) A hostname by clicking Add host header
-
Repeat this process for additional endpoints in the pool.
-
(Optional) Set up coordinates for Proximity Steering on the pool.
-
On the pool, update the following information:
- Health Threshold:
The Health Threshold is the number of healthy endpoints for the pool as a whole to be considered Healthy and receive traffic based on pool order in a load balancer. Increasing this number makes the pool more reliable, but also more likely to become unhealthy.
- Monitor: Attach a monitor
- Health Monitor Regions: Choose whether to check pool health from multiple locations, which increases accuracy but can lead to probe traffic to your endpoint
- Pool Notifications: You can set up new alerts - and view existing alerts - to be notified when pools are enabled or disabled, or pools or endpoints have changes in their health status.
- Health Threshold:
-
When finished, select Save.
To get a list of your current virtual networks, use the List virtual networks API operation.
Enable virtual/private IP support by adding the virtual_network_id
field to the origins in you API request. Refer to the Cloudflare Load Balancer API documentation for more information on how to create a pool using the API.
Consider the following example for updating an existing Load Balancer pool with a Virtual IP origin using cURL.
- Create the load balancer, specifying the pool and monitor you created in the previous steps, as well as the desired global traffic steering policies and custom rules.