a year ago
Hello, just wondering how GeoIP routing works in conjunction with Cloudflare Tunnels. Is this possible?
18 Replies
a year ago
it is not possible right now, the cf tunnel will tunnel to any replica is any region due to how dns on the private network works
a year ago
routing to the closest deployment is specific to public traffic through our proxy
Thank you, that's what I figured. I'm guessing I would need to deploy the services separately in each region with their own local CF Tunnel service, then use a CF Load balancer to route to the closest tunnel etc.
Seems like switching over to the railway ingress would be a lot simpler.
The reasons for being on a CF Tunnel currently would be:
DDoS Protection
Unexposed Origin IPs
ZeroTrust access to specific pages/sections on our web services that can be placed behind Azure AD without having to integrate an entire SSO auth
What interests me most about multi-region is not placing the services closer to the user for performance, but failover.
a year ago
well if you dont actually care about multi region, just add multiple replicas to a single region
a year ago
but otherwise, yes the solution you mentioned is exactly what you would need to do
I care about multi-region for failover purposes, just not as much for performance
a year ago
replicas in the same region will have failover, at least as long as the cf tunnel service will try multiple replicas via their DNS results
a year ago
we have multiple hosts per region
Thinking more along these lines when the whole datacenter is down. Would be nice to just failover to a different region.
a year ago
Ah gotcha, yes we only use a single zone per region so if the GCP datacenter itself goes down, that can happen same as it did to Cloudflare.
Then sounds like you do want to implement the solution you mentioned!
a year ago
sounds good, anything else i can help with?
a year ago
!s
Status changed to Solved brody • about 1 year ago