WHITEPAPER

Optimize web performance

and reliability with load
balancing best practices
Cloudflare | Optimize web performance and reliability 2

Executive Summary

Every year, enterprises lose millions of dollars to website sluggishness and

downtime — most of it in the form of lost revenue. Slow or unavailable sites and
apps also negatively impact internal productivity and degrade search engine
rankings. These performance and reliability problems can be caused by numerous
factors, including:

• Overworked or unhealthy servers

• Geographic distance between end users and servers
• Slow DNS resolution times
• Distributed denial of service (DDoS) attacks
• The type of device a visitor uses to access the Internet.

Load balancers mitigate latency and availability problems by uniformly dispersing

web traffic across a network of servers, ensuring that no single server becomes
overwhelmed and that web assets will still be available even if one server fails.
Traditionally, companies deployed physical load balancers in data centers, but as
computing moves into the cloud, enterprises are gravitating towards more flexible,
less costly, and easier-to-use cloud-based load balancing solutions.

However, not all cloud-based load balancing solutions are created equal. A
robust solution will integrate with a global content delivery network (CDN) and
offer features such as global geolocation-based routing, DDoS resiliency, layers
3 and 4 load balancing functionality, analytics capabilities, and near real-time
failover. It will also seamlessly integrate into the multi-cloud and hybrid cloud data
environments that most businesses have today.
Cloudflare | Optimize web performance and reliability 3

Causes of latency and downtime

Latency and downtime have significant In the past few years, users have also become
negative impacts on the business. Companies more distributed with the expansion of remote
can experience latency and downtime due work. What was previously considered east-
to various causes west traffic within corporate environments is
now moving north-south as it traverses the
Unevenly distribute internet to reach remote users. This transition
places additional load on the infrastructure and
server workloads extends the round trip distance traffic travels
Overutilized servers run more slowly as from the user to the servers and back, adding
requests compete for limited resources. An latency.3
overburdened server can reduce website
and application performance or render them Site and application complexity
completely unavailable
The Internet has undergone multiple stages
Effective load balancing distributes workloads of evolution, and each iteration adds more
uniformly across a network of servers, which complexity to websites and applications.
can significantly improve performance. For Modern websites are bulkier than ever, with
example, total page size steadily climbing since 2011.4
one SaaS company’s customers were having
Video conferencing, online games, and similar
issues with latency across different regions
online services also add to the size and
globally. However, after deploying Cloudflare
complexity of websites and applications. These
Load Balancing, they experienced an immediate
applications consume significant bandwidth and
improvement in latency and saw a 2-3 second
are latency-sensitive, placing additional load
improvement in page load times.1
and pressure to deliver on corporate networks
and infrastructure.
Geographic distance
Global Internet penetration is exploding.
In January 2023, 64.4% of the world’s
population
was connected, and over one hundred million
people connected for the first time in 2022.2

The globalization of the Internet has multiple

impacts on network performance. As the
number of active users grows, the available
bandwidth per user decreases, causing delays.
Cloudflare | Optimize web performance and reliability 4

Device type Server health

Over 60% of web traffic is from mobile devices,5 Servers can fail for a variety of different
and about half of mobile users expect apps to reasons.
respond in two seconds or less.6 Designing and If a server crashes, then the application(s)
optimizing websites and applications for mobile and web pages hosted on it may become
devices is a necessity. unavailable to users.

The emergence of 5G mobile networks does not Users are also consuming more video content,
guarantee high-speed, unconstrained network and, in today’s world, if something goes viral,
access for mobile users. Customer conversion a large amount of traffic can render your
rates depend on the ability to rapidly deliver services unresponsive. Adding load balancing
content on mobile devices. solutions and redundancy into IT infrastructure
is essential to protect against legitimate traffic
Slow DNS resolution taking down applications just like a DDoS attack
would.
DNS resolvers translate domain names toIP
addresses, providing computers with the Load balancing solutions should monitor server
information necessary to route a request for a health to maintain application availability.
web asset. DNS resolution is a vital first step to Otherwise, traffic may inadvertently be routed
accessing online resources, and optimizing it is to a server that is experiencing problems,
vital to maximizing performance. resulting in long delays or outages for users.

Not all DNS resolvers are optimized for Cyber attacks

speed, and many DNS providers take 20-120
milliseconds to resolve each DNS query.7 The Distributed denial-of-service (DDoS) attacks
fastest DNS providers will resolve queries in pose
under 20 milliseconds; Cloudflare DNS, for a significant threat to the health and availability
example, resolves queries in 8.92 milliseconds of online services. DDoS attacks flood web
on average.8 servers with spam requests, drowning out
legitimate traffic and potentially acting as a
While these numbers may seem insignificant, smokescreen to conceal other attacks.
it’s important to consider that rendering a single
page may require multiple HTTP and DNS The growing number of insecure Internet of
requests. Things (IoT) devices — a common target for
DDoS botnet malware — has contributed to a
For example, the average web page involves 71 rise in DDoS attacks. In Q4 2022, DDoS attacks
HTTP requests on desktops and 66 requests on increased 79% YoY.10
mobile.9 While some of these requests may be
for the same domain, each unique DNS request
adds latency.
Cloudflare | Optimize web performance and reliability 5

Duis eu metus quis tortor ullamcorper

pellentesque vel tristique nulla
Network latency and site load times have a significant impact on the customer
experience and conversion rates. In fact, delays as short as 100 milliseconds have
a measurable impact on consumer behavior.

Latency can have various negative impacts on the business. Common costs of
latency and downtime include:

Revenue Loss: Companies increasingly connect and provide services to their

customers via their websites. Downtime and latency can result in missed sales
opportunities when customers cannot reach an organization’s website or abandon
their cart due to slow page load times.

Customer churn: Slow page load times equate to lost sales. A page with a 1
second load time has a 3x higher conversion rate than one with a 5 second load
time.11

Lost productivity: Latency and downtime for internal applications also impact
employees’ productivity. For example, the average U.S. employee spends about 1
second waiting for an app per minute of usage.12 This equates to losing over 4 days
of work per year.

Brand visibility: Google uses page speed as a ranking factor for both desktop and
mobile search.13 Pages with slow load speed can harm brand visibility.

Legal and regulatory compliance: Providers of online services are likely bound by
service level agreements (SLAs) that include availability and uptime. Downtime and
latency can result in penalties and the potential for legal action.

Downtime is expensive for the business. While the average cost of downtime
is about $9,000 per minute,14 this varies based on industry and the size of the
business. For example, Facebook lost an estimated $90 million in a 14-hour outage
for a cost of over $107,000 per minute.15
Cloudflare | Optimize web performance and reliability 6

Understanding Load Balancing

Latency and downtime carry significant costs These legacy hardware-based load balancers
to an organization. A load balancer is a service had significant limitations.The challenges that
that sits between a network of origin servers they created include the following:
and the Internet and can help to mitigate
• Up-front costs: Load balancer appliances
these costs by evenly distributing across
must be purchased and installed before use.
multiple servers. This ensures application
This can be expensive, and all costs are
reliability, efficiency, and responsiveness by incurred upfront.
ensuring that individual servers do not become
overwhelmed by traffic spikes. • Scalability: Hardware-based solutions have a
set maximum capacity, and the load balancer
Why do we need load balancers? may become a bottleneck if the organization
experiences exceptional surges in traffic.
When an end user visits a web page, an origin As an organization’s bandwidth needs grow,
server receives and responds to this request. existing solutions must be augmented or
This involves processing the request, collecting replaced with new hardware.
the desired content, and sending it to be • Geographic limitations: Load balancer
rendered in the user’s browser. appliances can only be deployed in data
The number of requests that a single origin centers where companies can install physical
server can handle depends on the physical hardware. As a result, they can only manage
infrastructure and the code complexity. traffic to on-prem applications, not cloud-
However, the number of requests that a website based ones.
receives can outpace even the best hardware • Skill gaps: An in-house load balancer must
and most performant web application. If this largely be configured and operated by in-
happens, then requests may need to wait in a house personnel. Companies may struggle
queue — increasing latency — or are dropped to attract and retain employees with the
entirely. necessary skill sets.

A load balancer prevents individual servers from • Lack of flexibility: Hardware load balancers
falling victim to these issues. Load balancers sit are appliances connected to an organization’s
between the end user and a cluster of origin physical network infrastructure. This makes
servers and uniformly balance the load across it difficult for companies to adapt to
the server pool. By reducing the load on each changing requirements.
server, a load balancer improves website
performance and resiliency.

Legacy load balancers

Traditionally, load balancers were deployed in
on-premises data centers. Often, these were
implemented using dedicated hardware, but
virtualized options were also available. To
ensure resiliency, these devices were commonly
deployed in pairs so that the backup system
could take over if the primary one failed.
Cloudflare | Optimize web performance and reliability 7

Next Generation, Cloud-based

Load Balancers
The vast majority of companies are rapidly
moving to the cloud. 87% of organizations have
multi-cloud infrastructure, and 72% have hybrid
cloud environments that incorporate both public
and private clouds.16 A growing percentage of
corporate apps can no longer sit behind
hardware load balancers.

A robust standalone cloud-based load

balancer can be used in conjunction with
traditional hardware-based devices in hybrid
environments, as well as with load balancers
native to public clouds. the service provider performs much of the
configuration and management. This reduces
A standalone load balancer is a neutral, cloud- the overhead for the organization and its
agnostic layer that sits atop an enterprise’s need for specialized personnel.
hardware-based and public cloud-native load
balancers. The enterprise selects a primary • Flexibility: A standalone cloud load balancer
provider to direct all traffic to. When the load can easily be reconfigured or moved to
balancer detects a failure, it automatically support applications operating in a new
routes traffic to backup providers or regions. environment. This enables companies to
If the enterprise experiences outages or rapidly adapt to change and avoids vendor
intermittent network connectivity in a public lock-in.
cloud or its own infrastructure, the standalone • Resiliency: Cloud-based load balancers can
cloud-based load balancer automatically fails take advantage of the built-in resiliency and
over to healthy providers or servers. availability guarantees of the cloud. This
reduces the risk that an outage will take the
Virtualized load balancers can be deployed applications behind the load balancer offline.
in the cloud to manage traffic to these
applications. These cloud-based load balancers • Consolidation of Features: With a cloud
provide various benefits, including the following: based solution, after onboarding with
Load Balancing, it’s easy to add additional
• Virtually Unlimited Scalability: Cloud modules such as Web Application Firewall
load balancers have the advantages of (WAF), Bot Management, etc. as needed
cloud flexibility and scalability. Additional without any additional effort. With hardware
capacity can be quickly spun up as needed solutions, upgrades commonly require
to manage surges in traffic to corporate web either replacing the whole hardware device
applications. or adding physical modules or blades.
• Cost Savings with Usage-based billing:
These modifications can force companies
Cloud load balancers are commonly available to schedule maintenance downtime, which
under service-based models. Companies can leave customers without protection and
only pay for the capacity that they use rather negatively impact businesses.
than purchasing oversized appliances.
• Greater Geographic reach: Cloud load
balancers should ideally run on a network
with a global presence, putting them within
close reach of applications living anywhere.
• Ease of Configuration and management:
If a load balancer is offered as a service,
Cloudflare | Optimize web performance and reliability 8

What to look for when evaluating

cloud-based load balancing solutions
Cloud-based load balancing solutions can help an organization drive down latency
and downtime and decrease their impacts on the business. When evaluating load
balancing solutions, look for the following features.

Integration with a global content delivery network (CDN)

Load balancers and CDNs are both solutions designed to reduce latency and
improve availability. A CDN caches static content at the network edge, reducing
the distance that requests and responses need to travel. Additionally, by serving
content from distributed CDN servers, the load at the origin server is reduced.

Integrating load balancing with CDNs optimizes content delivery. The load
balancer distributes requests across CDN clusters and origin servers to optimize
performance and minimize bandwidth consumption.

Global geolocation-based routing

The geographic distance between the server and the end user has a dramatic
impact on the latency of the request and response. A load balancer should route
traffic to the nearest available infrastructure, minimizing the distance that it needs
to travel. For example, U.K. traffic should be directed to a data center in London,
not one in New York.

The load balancer should also offer optimized, fast DNS lookups. For example,
DNS queries should be directed to the nearest, healthy DNS server to minimize the
latency incurred by DNS lookups.
Cloudflare | Optimize web performance and reliability 9

Unification of application A vendor-agnostic load balancer won’t replace

cloud vendors’ native load balancers or
delivery and security traditional hardware appliances. However, it can
Load balancer and CDN networks must be work in tandem with them so that multi-cloud
designed to address various security concerns. infrastructure functions smoothly.
For example, DDoS attacks pose a significant
threat to server health and availability. As a Automation and DevOps support
result, CDN networks should be scaled and
Load balancers are designed to distribute
secured to withstand even the largest DDoS
requests across a cluster of servers. With the
attack.
emergence of agile and DevOps processes
Another major concern for load balancers and and cloud computing, corporate applications
CDNs is compliance with privacy and security infrastructure may be constantly changing,
standards. For example, load balancers should making this a moving target.
support the use of TLS/SSL to encrypt customer
Relying on human operators to define and
data and authenticate web traffic.
implement configuration changes poses
significant risks to availability and performance.
Layers 3 & 4 load Load balancers should integrate automation
balancing functionality and DevOps support to ensure that changes
can be made rapidly at scale as corporate IT
DDoS attacks can operate at multiple layers of
infrastructure evolves.
the OSI model. Volumetric DDoS attacks flood a
web server with large volumes of traffic sent to
the ports that implement various services. For
Ease of use
example, DDoS attacks can target SMTP ports Configuration and management of load
to disrupt email or the custom ports used to balancing solutions can be a time-consuming
implement custom gaming protocols and other and resource-intensive task for skilled
online services. A load balancer should have personnel. A good cloud-based load balancer
protection against Layer 3/4 DDoS attacks and can be configured and set up in minutes and
sufficient capacity to maintain normal service should require minimal management. There
during these attacks. should be support for a graphical UI and
powerful APIs, and the solution should be
Near real-time failover easily reconfigurable to support evolving
business needs.
Cloud-based load balancers frequently rely on
public DNS, which is plagued by slow change
propagation, delaying failovers in the event of
Detailed Analytics
problems. A load balancer should use a DNS Load balancers’ location between end users and
resolver with short time-to-live (TTLs), ensuring applications is for collecting actionable business
that failover can occur in a matter of seconds. intelligence. Load balancers have visibility into
customer behavior, application performance,
Multi-cloud and hybrid cloud support security posture, and other operational insights.
A load balancing solution should capture these
Most companies have multi-cloud environments
analytics and integrate with your existing
or hybrid cloud environments. To avoid vendor
analytics provider.
lock-in, reduce complexity, and minimize
misconfigurations in multi-cloud and hybrid
environments, make sure the load balancing
solution is a neutral layer that can work both on-
premise and in any public cloud.
Cloudflare | Optimize web performance and reliability 10

Conclusion

Modern websites and applications will not perform properly or remain

consistently online without the use of a load balancer. A robust cloud-based
load balancer is a much better choice than a traditional
hardware-based solution.

In addition to being less expensive, easier to use, and scalable, a standalone

cloud-based load balancer augments both traditional hardware-based load
balancers as well as proprietary solutions offered by public cloud providers,
ensuring that web assets always remain available and performant.

Cloudflare’s global network and high-performance CDN help organizations

maximize availability and minimize latency.
Learn more about Cloudflare Load Balancing.
Cloudflare | Optimize web performance and reliability 11

References

1. https://www.cloudflare.com/case-studies/crisp/
2. https://datareportal.com/global-digital-overview
3. https://www.techwalla.com/articles/network-latency-milliseconds-per-mile
4. https://httparchive.org/reports/state-of-the-web#bytesTotal
5. https://gs.statcounter.com/platform-market-share/desktop-mobile/
worldwide/#yearly-2011-2022
6. https://techbeacon.com/sites/default/files/gated_asset/mobile-app-user-
survey-failing-meet-user-expectations.pdf
7. https://sematext.com/glossary/dns-lookup-time/
8. https://www.dnsperf.com/
9. https://httparchive.org/reports/state-of-the-web#reqTotal
10. https://blog.cloudflare.com/ddos-threat-report-2022-q4/
11. https://www.portent.com/blog/analytics/research-site-speed-hurting-
everyones-revenue.htm
12. https://www.apmdigest.com/the-impact-of-app-performance-on-productivity
13. https://developers.google.com/search/blog/2018/01/using-page-speed-in-
mobile-search
14. https://www.vertiv.com/globalassets/documents/reports/2016-cost-of-data-
center-outages-11-11_51190_1.pdf
15. https://www.ccn.com/facebooks-blackout-90-million-lost-revenue/
16. https://info.flexera.com/CM-REPORT-State-of-the-Cloud#view-report
© 2023 Cloudflare Inc. All rights reserved.
The Cloudflare logo is a trademark of Cloudflare. All other
company and product names may be trademarks of the respective
companies with which they are associated.

1 888 99 FLARE | enterprise@cloudflare.com | Cloudflare.com REV:BDES-4505.2023JUL13