Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

How to Load Balance Site between GCP and AWS using Cloudflare?

cloud lb
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Learn how you can use Cloudflare load balancer (LB) to distribute traffic between AWS (Amazon Web Services) and GCP (Google Cloud Platform).

Most web applications require or do load balance between servers/services in the same data center.

However, if you are running mission-critical applications where uptime is needed all the time across the world, then you need a cloud load balancer.

Not just uptime but could be many other factors.

Ex:

  • Active-passive or active-active data center requirement
  • Disaster recovery plan
  • Taking advantage of multiple data centers to serve requests from the nearest location
  • Compliance

Cloudflare offers local and global load balancing options, which help route traffic to multiple data centers.

Some of the Cloudflare LB features are:

  • Health checks are inbuilt, so you can quickly take down a faulty server.
  • Trigger failover when health check fails
  • Reduce latency by routing traffic to the closest server
  • DNS level and support HTTP(S), TCP, and UDP
  • Session stickiness to ensure request goes to the same server

You can configure entire things either through the Cloudflare dashboard or API.

Technically, the following instructions apply to load balance on any cloud platform like Azure, DigitalOcean, Alibaba, etc. But I’ve chosen GCP and AWS for the demonstration.

cloudflare-lb

AWS & GCP Setup Details

I’ve provisioned one sever in GCP and AWS platform with the following.

  • Installed Nginx
  • Added index.html with custom text to show the page is being served from the respective server
  • Started Nginx, and the page is accessible from both servers
aws-gcp-test-page

Let’s move to Cloudflare to implement LB.

Activating Cloudflare Load Balancer

I’ve one available domain (bloggerflare.com), which I will use for this lab.

Note: Load balancer by Cloudflare is not FREE, and pricing starts at $5 per month.

I assume you already have an account with Cloudflare; if not, you can create and add the domain, as I explained in my previous post.

  • Log in to Cloudflare and select the domain where you want to enable balancing
  • Go to the traffic tab and enable load balancing.
cloudflare-enable-lb
  • Configure the features based on the requirement. I am proceeding with minimal configuration.
cloudflare-lb-setup

If you want requests to be redirected to the nearest location, then you got to enable Geo Routing.

  • Confirm the subscription and enable it.
cloudflare-lb-subscription

As you can see, you can get it started from $5 a month with two origin servers and a one-minute health check interval.

Infrastructure is so affordable now. 5 years back, can you imagine cloud load balancer for $5?

This indicates Cloudflare LB is activated and ready to be configured.

Creating Cloudflare LB

It will take a few seconds to confirm the subscription and take you back to the Traffic page.

  • Click Create Load Balancer
cloudflare-lb-activated
  • Enter the domain where you want to setup balancing.
  • Expand Session Affinity and select By Cloudflare Cookie if you need to enable session stickiness
cloudflare-create-lb
  • Enter a pool name, and it’s the origin (server where traffic should be redirected to)
cloudflare-lb-pool
  • Next, you can configure a health check.

A health check is essential. Cloudflare will stop sending traffic to the faulty origin when a health check fails.

  • If your origin is listening on port 80, then you can select HTTP or https for 443 port.
cloudflare-lb-enable-healthcheck

Cloudflare also lets you configure advanced health check settings such as:

  • GET or HEAD method
  • Expected HTTP status code
  • Content validation in the response body
  • Number of attempts before they consider healthy or unhealthy
  • Header name validation

And finally, save the configuration and deploy

cloudflare-lb-final-deploy
  • LB will perform a health check, and in a few seconds, you will see the status is healthy.
cloudflare-lb-healthy

Great, this concludes Cloudflare load balancer is ready to accept traffic from the world and forward it to the configured origin servers.

Testing Load Balancer

Let’s perform a basic test to see if it works.

  • First, try to access the domain.
page-from-gcp

Awesome!

LB forwarded a request to Google Cloud VM and got the response. I can see the request in Nginx.

162.158.167.174 - - [19/Dec/2017:10:25:41 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36"
  • Let me shut down Nginx on GCP and access the page again.
page-from-aws
  • And here you go. A requested page is served from AWS.

I can see LB took GCP pool member down.

cloudflare-lb-health-test

By default, Cloudflare IP will be shown in Nginx access logs, and if you need to restore client IP, then you can check out this guide.

Conclusion

Implementing a Cloudflare load balancer is straightforward and can get it started in less than 15 minutes. If you are looking for high availability between multiple data centers or origin servers, try it to see how it works.

Thanks to our Sponsors
More great readings on Cloud Computing
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder