1. AWS (Amazon Web Services)
  2. DNS
  3. Networking

Understanding AWS Load Balancer Routing with Cloudflare and Different Clients

Written by Posted on Less than 0 min read
0

When deploying web applications on AWS using multiple Network Load Balancers (NLBs), understanding how traffic is routed across different clients—such as browsers (Chrome, Edge, Firefox, Safari) and mobile apps (React Native-based)—is essential. This article explores how routing works when using Cloudflare DNS with and without the proxy feature enabled.

1. Overview of Routing Mechanisms

When a client (browser or app) accesses a domain, the request follows these key steps:

  1. DNS Resolution: The client queries a DNS resolver (e.g., Cloudflare, Google DNS 8.8.8.8, or the system resolver) to resolve the domain to an IP address.
  2. IP Selection: If multiple A records exist (pointing to different AWS NLBs), the DNS resolver returns all of them, and the client chooses one.
  3. Connection Establishment: The client connects to the chosen IP, which could be either:
    • A Cloudflare edge server (if proxy is enabled).
    • A direct AWS NLB IP (if proxy is disabled).
  4. Load Balancing: The AWS NLB distributes traffic to its registered backend instances.

2. Routing with Cloudflare Proxy Enabled

When Cloudflare’s proxy (orange cloud ☁️ in DNS settings) is enabled:

  1. DNS Resolution: Clients receive Cloudflare’s anycast IPs, not the actual AWS NLB IPs.
  2. Cloudflare Edge Routing:
    • Requests are routed to the nearest Cloudflare edge server based on latency and location.
    • Cloudflare applies caching, security filtering (WAF, DDoS protection), and optimizations.
  3. Forwarding to AWS NLBs: Cloudflare forwards dynamic requests to the backend AWS NLBs based on its internal load-balancing mechanism.

Advantages of Cloudflare Proxy:

✅ Faster performance via Cloudflare’s edge caching

✅ Improved security (hiding backend IPs, DDoS protection, WAF)

✅ Optimized global traffic routing

3. Routing with Cloudflare Proxy Disabled

If Cloudflare proxy is not enabled (gray cloud ☁️ in DNS settings):

  1. DNS Resolution: Cloudflare’s DNS returns the public IPs of AWS NLBs directly.
  2. Client-Side IP Selection:
    • If multiple A records exist, the client picks an IP via round-robin or random selection.
    • Some clients (e.g., Chrome) may prioritize the first IP in the list.
  3. Direct Connection to AWS NLB: The client connects directly to the chosen AWS NLB.
  4. AWS Load Balancing: The NLB distributes traffic to backend servers.

Key Differences Without Proxy:

❌ No caching or performance optimizations.

❌ AWS NLBs’ public IPs are exposed.

❌ Clients rely on DNS resolvers for load distribution.

4. Routing Behavior for Different Clients

Client TypeDNS HandlingFailover HandlingCloudflare Proxy Support
Web Browsers (Chrome, Edge, Firefox, Safari)Uses system DNS resolverRetries another IP if first failsFully supported
React Native Apps (Axios, Fetch API)Uses system DNS (unless custom DNS is implemented)Requires explicit retry logicFully supported
IoT/Custom ClientsMay cache DNS for longer durationsSome may not retry on failureDependent on implementation

Key Considerations for React Native Apps:

  • Implement manual retry logic in case the first connection fails.
  • Use Cloudflare proxy to reduce backend load and latency.
  • If Cloudflare proxy is disabled, configure short DNS TTLs for quick failover.

5. Summary of Best Practices

🔹 Use Cloudflare Proxy for Enhanced Security & Performance: Hide AWS backend IPs, enable caching, and improve traffic routing.

🔹 Ensure AWS Load Balancers Have Health Checks: Prevent routing traffic to unhealthy instances.

🔹 Optimize React Native Apps for Network Failures: Implement connection retries and fallback mechanisms.

🔹 Consider AWS Global Accelerator: For better proximity-based routing when not using Cloudflare.

By implementing these strategies, you can ensure high availability, better security, and improved performance for web and mobile clients accessing your AWS infrastructure.

Conclusion

Understanding how Cloudflare DNS interacts with AWS Network Load Balancers across different clients is critical for optimizing application performance and reliability. Whether you enable Cloudflare’s proxy or not, configuring your infrastructure correctly ensures a seamless user experience across web browsers and mobile applications.

Member since
Result-driven IT Professional with over 8 Years of experience in Software Development, Cloud Computing, DevOps, and IT Infrastructure Management. Proficient in designing scalable architectures on AWS (EC2, RDS, S3, IAM, Lambda, Route 53, CloudFormation), Azure (AD, M365, Virtual Machines), and Cloudflare (WAF, Zero Trust). Skilled in automating CI/CD pipelines using Jenkins, GitHub Actions, and Bitbucket Pipelines, and managing infrastructure with Kubernetes, Terraform, and Ansible. Proven achievements include reducing AWS operational costs by 40%, scaling high-traffic WordPress systems, implementing Zero-Trust security, and upgrading ERP systems. Experienced in performance optimization, database tuning, disaster recovery planning, network security audits, and IT project leadership.
Do you like RavikantDk's articles? Follow on social!

Related articles

  1. AWS (Amazon Web Services)

Enabling NAT Gateway for Private Subnets in AWS

In Amazon Web Services (AWS), instances within a private subnet cannot access the internet directly. However, a NAT (Network Address Translation) Gateway allows these instances to securely send outbound traffic (e.g., downloading updates, accessing APIs) while remaining inaccessible from external sources. This guide will walk you through the step-by-step process of setting up a NAT […]
Written by
  1. AWS (Amazon Web Services)

Setting Up AWS CloudWatch Alarm for EC2 CPU Usage with Email Alerts

Introduction Monitoring EC2 instances is crucial for ensuring optimal performance and preventing issues like underutilization or overloading. AWS CloudWatch allows users to track metrics and set up alarms to trigger notifications based on predefined conditions. In this guide, we’ll walk through setting up a CloudWatch alarm to send email alerts when an EC2 instance’s CPU […]
Written by
Next
No Comments
Leave a comment Cancel
Comments to: Understanding AWS Load Balancer Routing with Cloudflare and Different Clients

Your email address will not be published. Required fields are marked *

Attach images - Only PNG, JPG, JPEG and GIF are supported.

Login

Welcome to ITUptodate
Brief and amiable onboarding is the first thing a new user sees in the theme.
Read Smart, Save Time
Pick all the topics you are interested in to fill your homepage with stories you'll love.

Join ITUptodate