Subscribe to receive notifications of new posts:

Argo Tunnel: A Private Link to the Public Internet

2018-04-05

2 min read
Argo-Tunnel-2009

Photo from Wikimedia Commons

Today we’re introducing Argo Tunnel, a private connection between your web server and Cloudflare. Tunnel makes it so that only traffic that routes through Cloudflare can reach your server.

You can think of Argo Tunnel as a virtual P.O. box. It lets someone send you packets without knowing your real address. In other words, it’s a private link. Only Cloudflare can see the server and communicate with it, and for the rest of the internet, it’s unroutable, as if the server is not even there.

How this used to be done

This type of private deployment used to be accomplished with GRE tunnels. But GRE tunnels are expensive and slow, they don’t really make sense in a 2018 internet.

GRE is a tunneling protocol for sending data between two servers by simulating a physical link. Configuring a GRE tunnel requires coordination between network administrators from both sides of the connection. It is an expensive service that is usually only available for large corporations with dedicated budgets. The GRE protocol encapsulates packets inside other packets, which means that you will have to either lower the MTU of your origin servers, or have your router do packet fragmentation, leading to slower responses.

We wanted to find a way to emulate the same security of a GRE tunnel but without the expense or hassle. And at the same time maybe it could speed up connections instead of slowing them down. And with that direction, the team started to build Tunnel.

Deploy Quickly, Safely

Argo Tunnel is fast to install and run - it’s just three commands to expose a locally running web application:

$ install cloudflared // binaries available for Linux, Mac and Windows https://developers.cloudflare.com/argo-tunnel/downloads/
$ cloudflared login
$ cloudflared --hostname example.com http://localhost:8080

This can be run on any device from a Raspberry Pi, to a DigitalOcean droplet, to a hardware load balancer in your data center.

Netwrk is one of the companies using Argo Tunnel. Their Co-Founder and CTO Johan Bergström told us:

"I've been able to reduce the administrative overhead of firewalls, reduce the attack surface and get the added benefit of higher performance through the tunnel."

Argo Tunnel is Powered by Argo

One reason why traffic through Argo Tunnel gets a performance boost is that Tunnel is built on top of Argo, Cloudflare’s optimized smart routing (think Waze for the internet).

Tunnel is included for free for anyone that has Argo enabled.

In order for Tunnel to work we needed to get visitor traffic to reach one of the data centers closest to the origin. The right way to do this is by taking advantage of Argo. We decided it made sense to bundle Tunnel with Argo and include it at no additional cost. That way you get the best of both worlds: a secure, protected origin and the fastest path across the Internet to get to it.

Of course, we want you to one day be able to test out Tunnel without having to buy Argo, so we’re considering offering a free version of Tunnel on a Cloudflare domain. If you’re interested in testing out an early version in the future, sign up here.

What Happened to Warp

During the beta period, Argo Tunnel went under a different name: Warp. While we liked Warp as a name, as soon as we realized that it made sense to bundle Warp with Argo, we wanted it to be under the Argo product name. Plus, a tunnel is what the product is so it's more descriptive.

Get Started

To get started, download Argo Tunnel and follow our quickstart guide. If you’re curious how it works, you can also check out the source.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Argo Smart RoutingProduct NewsSpeed & ReliabilitySecurityCloudflare Tunnel

Follow on X

Dani Grant|@thedanigrant
Cloudflare|@cloudflare

Related posts

October 24, 2024 1:00 PM

Durable Objects aren't just durable, they're fast: a 10x speedup for Cloudflare Queues

Learn how we built Cloudflare Queues using our own Developer Platform and how it evolved to a geographically-distributed, horizontally-scalable architecture built on Durable Objects. Our new architecture supports over 10x more throughput and over 3x lower latency compared to the previous version....

October 09, 2024 1:00 PM

Improving platform resilience at Cloudflare through automation

We realized that we need a way to automatically heal our platform from an operations perspective, and designed and built a workflow orchestration platform to provide these self-healing capabilities across our global network. We explore how this has helped us to reduce the impact on our customers due to operational issues, and the rich variety of similar problems it has empowered us to solve....

October 08, 2024 1:00 PM

Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One

The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. ...