Smart Load Balancing with Cloudflare Healthchecks: Efficient, Robust, and Cost-Effective

Cloudflare is far more than just a CDN provider. In addition to performance optimization and security features, the platform offers numerous tools that can be creatively used to address individual requirements in modern infrastructure setups—without necessarily relying on the paid Enterprise features.

At ayedo, we have done just that: We use Cloudflare not only for DNS management and traffic proxies but also for our own load balancing concept—without using Cloudflare’s official load balancer features, and with impressive cost efficiency.

Initial Situation: Distributed Infrastructure with HAProxy Workers

Our architecture is based on five independent HAProxy workers that process incoming traffic. User requests are received by Cloudflare’s reverse proxy (the famous orange cloud) and evenly distributed across the IP addresses of the workers.

The challenge: What happens if a worker fails?

Without intelligent routing, Cloudflare would continue to send traffic to an unreachable IP—with corresponding impacts on availability and performance. The logical solution would be to use Cloudflare’s load balancing feature. However, this feature is charged based on the number of DNS queries—an expensive option with high traffic volumes.

The Challenge: Failover and Availability Without Cost Explosion

A worker failure means that the associated IP must be manually or automatically removed from the DNS zone. The goal was to establish a system that:

• reliably detects when a worker goes offline,
• automatically reacts to this status,
• and at the same time does not incur ongoing costs per DNS query.

Our Solution: Smart Healthchecks Instead of Expensive Load Balancing

The solution is based on a combination of Cloudflare Healthchecks, Webhooks, cloudflared, and a custom-developed Custom Controller for DNS management. And the best part: Everything works with the Cloudflare Pro Plan ($20/month).

Here’s How It Works in Detail:

1. Healthchecks Monitor the Availability of Workers:

   Cloudflare regularly checks if each worker is reachable. This feature is part of the Pro Plan and can be configured separately for each IP address.

2. Webhook Notification on Failure:

   As soon as a healthcheck fails, a defined webhook is triggered. This webhook runs through a Cloudflare Tunnel (cloudflared) and reaches our infrastructure securely and directly.

3. Custom Controller Reacts to Healthcheck Events:

   Our custom controller receives the notification and automatically removes the affected IP address from the DNS zone—fully API-driven. This prevents Cloudflare from sending further traffic to that worker.

4. Recovery Upon Return:

   As soon as Cloudflare reports the next successful healthcheck, our controller recognizes the availability and reintegrates the IP address automatically. Traffic flows again as usual across all available workers.

Near-Realtime Reaction Through DNS with Proxy Mode

Thanks to Cloudflare proxies (orange cloud enabled), changes to DNS entries become effective almost in real-time. There is no waiting time due to TTLs or caching—the redirection to active workers occurs immediately after the adjustment.

Result: Fail-Safe Without Additional Costs

This architecture brings several advantages:

• High availability through automatic switching during failures
• Minimal operating costs, as no load balancing feature needs to be booked
• Flexibility through the completely custom controller
• Easy scalability, as additional workers only need to be integrated through healthcheck definition and DNS addition

Outlook: From Internal Solution to Service

What initially began at ayedo as an internal optimization approach is increasingly developing into a scalable platform component. In the future, we plan to offer this solution as an independent, easily integrable service—especially for companies that need high availability but are not willing to purchase load balancing at overpriced query costs.

Conclusion

Cloudflare offers a powerful toolkit—provided it is used creatively. Our setup demonstrates that even complex tasks like load balancing can be solved with intelligent automation and API-first thinking, without buying into expensive billing models.

We focus on robust, transparent, and cost-effective solutions—and this philosophy is exactly what our approach embodies.