If your website is well-coded and administered, does CloudFlare offer any performance benefit? (leaving aside security for now)
If a page is static, then CloudFlare can cache it. But if you set your cache headers appropriately, and use efficient serving code like nginx, I imagine serving static content is pretty darn cheap.
If a page is dynamic, then how can CloudFlare really speed it up? You don't want them serving stale pages to users. So it has to hit your server every time, in which case the user might as well hit your server. In that case, I don't really see how CloudFlare improves things.
Am I misunderstanding how CloudFlare works? It seems like if you follow typical performance tips like [1] then most of CloudFlare's benefit is eliminated.
I guess [1] does tell you to use a CDN. You can save end user network latency for cached static pages, since they cache them in multiple geographic locations. But if you have a simple site with 1 .js and 1 .css file per page, and compress and minify everything, I wonder if it's worth it.
1. SSL is terminated near the user - the multiple round trips to do a TLS handshake for a user in Sydney will never leave the city, instead of having to traverse the pacific.
2. Static content is served locally from their CDN. Same thing, your JPEG served to a guy mombasa is coming from a few miles away, not half a world away.
3. If your clients are using old browsers without keepalive, CloudFlare will still keep connections alive from their local endpoint to your servers - making the new-connection cost only occur on the first couple of hops.
4. For dynamic content you can use a special proxy they created which keeps a synchronized cache with the far end so it can ships diffs. If you generate a page thats mostly similar to another page it can just send "Same As Cache Object 124567 except Line 147 says "Welcome chubot" instead of "Welcome orionhenry". A significant percentage of dynamic responses can traverse the world as a single TCP packet.
5. Their devs are really ruthless about keeping the crypto certs as small as possible, with the goal of all handshakes taking a single packet per step.
> If a page is static, then CloudFlare can cache it. But if you set your cache headers appropriately, and use efficient serving code like nginx, I imagine serving static content is pretty darn cheap.
With the static content it's not the cost of serving it, it's the fact that Cloudflare is serving it from a large bunch of distributed servers that are likely to offer far lower latency to the end-user than your servers. With modern web pages often containing hundreds of objects, this can make a big difference to page load times.
If all your customers are in one geography this is less of an issue, but if you have a global audience this can make a huge difference.
I was using CloudFlare on a site that has a wide overseas following with a lot of visitors from different continents. I was getting a lot of complaints that the site was terribly slow. When I went back to just serving the site directly from it's server in Atlanta, the complaints ceased.
> if you set your cache headers appropriately, and use efficient serving code like nginx, I imagine serving static content is pretty darn cheap
If the website is serving content (i.e. articles, images, movies, you know, the normal use-case) then most people visiting a page will be first time visitors on that page. The cache headers you mention are only good for returning visitors and even so, the local cache is not reliable on mobile phones where the cache is being purged regularly to make room. Consider that there are mobile web developers that have decided to not use JQuery for this reason, even though JQuery is probably the most cached piece of JS in the world.
Also serving content from a properly configured Nginx doesn't help with network latency. Say, if your server is in the US and your visitors are in Japan or China, then the added network latency can be measured in seconds. The problem gets even worse for HTTPS connections because of that handshake. And consider that Google found an extra .5 seconds of latency in delivering their search result costs them a 20% drop in traffic, or that for Amazon 100ms of added latency costs them 1% in sales.
> If a page is dynamic, then how can CloudFlare really speed it up?
Even if the page contains dynamic content, you always have static content that you want to serve from a CDN.
You also forgot probably the biggest benefit for us - bandwidth ends up being freaking expensive and if you get a lot of traffic, then a CDN can save you a lot of money.
we use it on our image heavy startup. reduces the load on the server by a fair margin, and since images are loaded on S3 it also reduces the operating cost quite a bit
additionally it's geolocated, so we get that for free, which is nice.
That being said, I've seen CloudFlare cutting down DNS lookup from 800ms to 60ms for a tiny website.
Another thing is that it depends if you're really concerned with visitors far from your server. I had some WordPress websites hosted in LA and with some really basic optimization page speed was almost as good as Google's home page.
Don't drink the paint, I guess :) It may not be worth it, it may be great. Test it. Of course, CF has other benefits too, it's not just about the page speed.
Don't get me wrong. I'm not claiming anything here. It's just a quick rant and a screenshot. Don't take it too seriously.
Other than that, it is becoming somewhat concerning just how much traffic goes through CloudFlare. Nothing against you CF guys. Just good ol' paranoia :)
EDIT:
For most places CloudFlare does a great, well, amazing job and keeps the page speed down to <1s, often <500ms. But again, it really depends where your visitor are. Check the History tab here http://tools.pingdom.com/fpt/#!/blmbP5/http://cloudflare.com
The biggest win from CDNs like CloudFlare as compared to just using properly-configured in-house servers is global distribution. Downloading a JS file from a server a mile from your house is a lot faster (often by hundreds of milliseconds) than downloading one from hundreds or thousands of miles away, and CloudFlare probably has a server a mile from your house. And it's prohibitively expensive to build your own global network that compares to CloudFlare's scale unless you're a very large company like Apple.
As for dynamic page caching, CloudFlare offers a service called Railgun that only sends the diffs of a page when it's been changed, rather than the full page, and then re-hydrates it at the edge of their network before handing it off to end-users. Theoretically this would reduce network time by sending less traffic inside the network. I've never personally used it so I can't vouch for it, but it sounds neat.
If you leave aside security, of course Cloudflare is not going to look like a great benefit. Security is what Cloudflare provides as a service. The "CDN" benefits are a nice consequence of the security, but CDNs and static caching can be had for pretty cheap.
The real question is: why would you leave aside security?
Silly question: How does CloudFlare make any money?
Any random can put any site behind their (very fully featured) free services and get free CDN, free antimalware, and free $other_services, with no seeming limits as to the amount of traffic you get. This has no impact on the target site. There are no ads or any other such. Their enterprise products only offer a few more features at a massive cost hike.
How are the bandwidth costs not eating them alive, and how are the free users being subsidized?
The consumer freemium model is probably negligible money in the grand scheme of things. Here is an article about how Cloudflare developed a keyless SSL tool to bring Goldman Sachs on as a client:
Downtime is expensive for large companies, including financial institutions. A DDOS that takes down the site could cause a dip in the stock price. CloudFlare technology (should) prevent DDOS and other basic security issues. It does this without appliances and without having access to private SSL keys.
Imagine the opportunity cost of a bank going offline, and you can start to understand just how much money CloudFlare stands to make from large corporations.
I pay them $20 a month. I needed HTTPS back in the days before that was part of their free plan and kept on with the paid plan.
I'm not sure what features the free plan lacks, but $20 a month isn't going to break the bank. I found their application firewall very useful for stopping spam registrations.
My guess is that if you need a CDN, it's highly likely that you will at least need their Pro plan, most likely a business plan. Other than geeks, I don't really see too many people consuming their free offering to a limit where it becomes a financial burden for them.
I wondered about this too, especially since their marketing makes a huge deal about how "We never charge for bandwidth" [1]. It turns out that enterprise plans don't exactly charge per-gigabyte like other CDNs, but the cost does increase based on your bandwidth usage.
There aren't a ton of explicitly called out features that require an enterprise deal, but I expect a customer of any significant size will be under one (or encouraged to do so). It's the only way to get an SLA and to modify the terms of your contract with them, among other things that businesses care about.
As a result of the difference in price between the plan types, I would speculate that the service is subsidized by the enterprise customers. However, the free or lower cost customers were probably essential to building their peering relationships before they had significant enterprise users, and that has a very direct relationship with their cost to serve traffic.
They have the answer about bandwidth here [1] and on some blog posts [2].
> We buy our bandwidth through the wholesale market, which means we're paying for the size of our pipe, not for each byte we serve through it. We also peer with other networks wherever possible in order to drive the cost of bandwidth as close to zero as possible.
You would be right if most of the small sites would need it, but the sites that use CDN usually have lots of traffic or at least bigger than average small blogging site.
for them, the paid option is a better one.
Half the internet is behind CloudFlare now. Since they can't easily "own" the Internet, they could as well own CloudFlare.
Not impressed and I hate all this hiding behind Cloudflare and other proxy services; most of the cases are just hipster/hype powered, rather than in actual need.
Is Amazon competing in this space? Since AWS is used heavily in the startup world, it seems like a no brainer to also provide cloudflare functionality, more so given that they have servers all over the world.
Well, that alone makes the move to CloudFlare even more unlikely at all. More huge investors means more control over what CF does and what CF will do with all the data they see flowing through. Bigest MITM just got bigger, at least financial wise.
Why Qualcomm? They make mobile chips. Are we going to see SoCs specially optimized for communicating with CloudFlare servers? That sounds like a potentially bad idea.
I'm guessing it's something like this: CloudFlare makes the Internet fast, which makes mobile Internet fast, which helps sell mobile phones, which use Qualcomm chips.
Both MS and QC have jointly invested in CDN mobile video streaming before like “DASH: Dynamic Adaptive Streaming for Better Mobile Video User Experience.”
Since Cloudflare has full China access the goal would be to take over the local streaming market I guess, sell Xiaomi or MS phones with streaming packages that likely MS will provide or lease out.
Sort of. CloudFlare is eating into the bottom third of Akamai's business. A skeptic on that might say that Akamai's is an enterprise, high-end solution, and that CloudFlare is for everything else - and so they don't really compete. My contention is that CloudFlare will climb upwards, taking ever great amounts of their business (as so often happens in tech).
Following this iOS Content Blocker furore, a CloudFlare-type service could be an ideal place from which to inject and serve ads; as opposed to the client-perf-sapping script tags the industry has been using so far.
Personally I dislike CloudFlare for the simple reason that they encourage site owners to use their lossless image optimisation service, which isn't lossless. Thus many images appear different than intended when hosted behind CloudFlare. I wrote about this earlier: https://news.ycombinator.com/item?id=10192587
Quote from their website.
The Lossless mode removes all the unnecessary bloat from an image file, such as the image header and meta data, without removing any image data. This means images will appear exactly the same as they would have before.
The last sentence is false, at least for images with color profiles on all non-mobile browsers. There are other possible minor cases.
So does Cloudflare now get around the slowness of passing through the Great Firewall? (Currently, I don't use CF and our website is slow from inside China.)
I'd love to see more transparency in the way Cloudflare, or CDNs in general, decide to cache or not cache your content. For example: Cloudflare publishes crawl frequencies in their pricing table but what do they actually do with that content? Push it to all their edges? I'd doubt that. I guess it's based on website traffic, your website pricing plan, ... but it seems quite arbitrary to me.
All of this is answered in their documentation [1] and admin console help text.
Most CDNs only cache in the local POP on the first request and respect the headers the origin sends. The crawl frequencies are for keeping things available if your origin is offline and depends on your plan as listed on the site.
I liked the CloudFlare concept (protecting good people) until I found it protects bad people as well: scammers, thieves, cybersquatters, phishing. CloudFlare makes it very difficult to contact the web host cloaked by CloudFlare.
CloudFlare is helping the scum of the Internet. They need to be held accountable for what they're serving, if they're not going to reveal who is hosting the site. If there's a way to find the originating IP of these scumbags, I would like to know. Obviously traceroute doesn't work because the IPs show up as CloudFlare.
The way I see it, CloudFlare should be required to publish who is hosting the websites they cloak. Otherwise you're encouraging a lawless Internet where anything goes without any consequences. I sincerely hope these larger companies address this problem.
I hope some journalists dig into this because I think there's a good story here. Maybe CloudFlare doesn't have the staff to review the activities of the sites they're protecting? That's a serious problem, in my opinion, because their cloaking technology is very effective.
Have you thought about that beyond your knee-jerk reaction? One of the primary reasons for using cloudflare is resistance to denial of service attacks, and you want cloudflare to helpfully publish the real IP of the server CF is proxying for?
Scammers, thieves, phishing, and cybersquatting are weak or nonsensical reasons for demanding that CF reveal the IP they're proxying for. If a site is breaking the law, use the legal system to request the real server IP from cloudflare.
I suppose you're also against Tor, because it cloaks client-side evildoers like CF cloaks server-side evildoers?
I am a long-standing CF partner and supporter. This really does not fill me with happy, warm thoughts. I love the CF tech and offering, but am going to be forced to look around for alternatives.
[+] [-] chubot|10 years ago|reply
If a page is static, then CloudFlare can cache it. But if you set your cache headers appropriately, and use efficient serving code like nginx, I imagine serving static content is pretty darn cheap.
If a page is dynamic, then how can CloudFlare really speed it up? You don't want them serving stale pages to users. So it has to hit your server every time, in which case the user might as well hit your server. In that case, I don't really see how CloudFlare improves things.
Am I misunderstanding how CloudFlare works? It seems like if you follow typical performance tips like [1] then most of CloudFlare's benefit is eliminated.
I guess [1] does tell you to use a CDN. You can save end user network latency for cached static pages, since they cache them in multiple geographic locations. But if you have a simple site with 1 .js and 1 .css file per page, and compress and minify everything, I wonder if it's worth it.
[1] http://www.amazon.com/dp/0596529309
[+] [-] orionhenry|10 years ago|reply
2. Static content is served locally from their CDN. Same thing, your JPEG served to a guy mombasa is coming from a few miles away, not half a world away.
3. If your clients are using old browsers without keepalive, CloudFlare will still keep connections alive from their local endpoint to your servers - making the new-connection cost only occur on the first couple of hops.
4. For dynamic content you can use a special proxy they created which keeps a synchronized cache with the far end so it can ships diffs. If you generate a page thats mostly similar to another page it can just send "Same As Cache Object 124567 except Line 147 says "Welcome chubot" instead of "Welcome orionhenry". A significant percentage of dynamic responses can traverse the world as a single TCP packet.
5. Their devs are really ruthless about keeping the crypto certs as small as possible, with the goal of all handshakes taking a single packet per step.
[+] [-] adamt|10 years ago|reply
With the static content it's not the cost of serving it, it's the fact that Cloudflare is serving it from a large bunch of distributed servers that are likely to offer far lower latency to the end-user than your servers. With modern web pages often containing hundreds of objects, this can make a big difference to page load times.
If all your customers are in one geography this is less of an issue, but if you have a global audience this can make a huge difference.
[+] [-] brandon272|10 years ago|reply
Since then I have been hesitant to use it again.
[+] [-] bad_user|10 years ago|reply
If the website is serving content (i.e. articles, images, movies, you know, the normal use-case) then most people visiting a page will be first time visitors on that page. The cache headers you mention are only good for returning visitors and even so, the local cache is not reliable on mobile phones where the cache is being purged regularly to make room. Consider that there are mobile web developers that have decided to not use JQuery for this reason, even though JQuery is probably the most cached piece of JS in the world.
Also serving content from a properly configured Nginx doesn't help with network latency. Say, if your server is in the US and your visitors are in Japan or China, then the added network latency can be measured in seconds. The problem gets even worse for HTTPS connections because of that handshake. And consider that Google found an extra .5 seconds of latency in delivering their search result costs them a 20% drop in traffic, or that for Amazon 100ms of added latency costs them 1% in sales.
> If a page is dynamic, then how can CloudFlare really speed it up?
Even if the page contains dynamic content, you always have static content that you want to serve from a CDN.
You also forgot probably the biggest benefit for us - bandwidth ends up being freaking expensive and if you get a lot of traffic, then a CDN can save you a lot of money.
[+] [-] LoSboccacc|10 years ago|reply
additionally it's geolocated, so we get that for free, which is nice.
[+] [-] hewhowhineth|10 years ago|reply
http://s21.postimg.org/8gn6f7i2f/cloudflare_com.png
Nothing to write home about :)
That being said, I've seen CloudFlare cutting down DNS lookup from 800ms to 60ms for a tiny website.
Another thing is that it depends if you're really concerned with visitors far from your server. I had some WordPress websites hosted in LA and with some really basic optimization page speed was almost as good as Google's home page.
Don't drink the paint, I guess :) It may not be worth it, it may be great. Test it. Of course, CF has other benefits too, it's not just about the page speed.
Don't get me wrong. I'm not claiming anything here. It's just a quick rant and a screenshot. Don't take it too seriously.
Other than that, it is becoming somewhat concerning just how much traffic goes through CloudFlare. Nothing against you CF guys. Just good ol' paranoia :)
EDIT: For most places CloudFlare does a great, well, amazing job and keeps the page speed down to <1s, often <500ms. But again, it really depends where your visitor are. Check the History tab here http://tools.pingdom.com/fpt/#!/blmbP5/http://cloudflare.com
[+] [-] reissbaker|10 years ago|reply
As for dynamic page caching, CloudFlare offers a service called Railgun that only sends the diffs of a page when it's been changed, rather than the full page, and then re-hydrates it at the edge of their network before handing it off to end-users. Theoretically this would reduce network time by sending less traffic inside the network. I've never personally used it so I can't vouch for it, but it sounds neat.
[+] [-] snowwrestler|10 years ago|reply
The real question is: why would you leave aside security?
[+] [-] beachstartup|10 years ago|reply
[+] [-] Karunamon|10 years ago|reply
Any random can put any site behind their (very fully featured) free services and get free CDN, free antimalware, and free $other_services, with no seeming limits as to the amount of traffic you get. This has no impact on the target site. There are no ads or any other such. Their enterprise products only offer a few more features at a massive cost hike.
How are the bandwidth costs not eating them alive, and how are the free users being subsidized?
[+] [-] philip1209|10 years ago|reply
http://www.wired.com/2014/09/new-internet-security-tool-guar...
Downtime is expensive for large companies, including financial institutions. A DDOS that takes down the site could cause a dip in the stock price. CloudFlare technology (should) prevent DDOS and other basic security issues. It does this without appliances and without having access to private SSL keys.
Imagine the opportunity cost of a bank going offline, and you can start to understand just how much money CloudFlare stands to make from large corporations.
[+] [-] chromaton|10 years ago|reply
I'm not sure what features the free plan lacks, but $20 a month isn't going to break the bank. I found their application firewall very useful for stopping spam registrations.
[+] [-] solutionyogi|10 years ago|reply
[+] [-] skuhn|10 years ago|reply
There aren't a ton of explicitly called out features that require an enterprise deal, but I expect a customer of any significant size will be under one (or encouraged to do so). It's the only way to get an SLA and to modify the terms of your contract with them, among other things that businesses care about.
As a result of the difference in price between the plan types, I would speculate that the service is subsidized by the enterprise customers. However, the free or lower cost customers were probably essential to building their peering relationships before they had significant enterprise users, and that has a very direct relationship with their cost to serve traffic.
[1] https://www.cloudflare.com/plans
[+] [-] manigandham|10 years ago|reply
> We buy our bandwidth through the wholesale market, which means we're paying for the size of our pipe, not for each byte we serve through it. We also peer with other networks wherever possible in order to drive the cost of bandwidth as close to zero as possible.
1. https://www.cloudflare.com/features-cdn
2. https://blog.cloudflare.com/the-relative-cost-of-bandwidth-a...
[+] [-] sagivo|10 years ago|reply
[+] [-] Animats|10 years ago|reply
They're an MITM service. They see your encrypted traffic in the clear. There has to be some way to monetize that. Why else would Google buy in?
[+] [-] Nux|10 years ago|reply
Half the internet is behind CloudFlare now. Since they can't easily "own" the Internet, they could as well own CloudFlare.
Not impressed and I hate all this hiding behind Cloudflare and other proxy services; most of the cases are just hipster/hype powered, rather than in actual need.
[+] [-] yalogin|10 years ago|reply
[+] [-] rajathagasthya|10 years ago|reply
[+] [-] chinathrow|10 years ago|reply
Not for me.
[+] [-] TorKlingberg|10 years ago|reply
[+] [-] kej|10 years ago|reply
[+] [-] pakled_engineer|10 years ago|reply
Since Cloudflare has full China access the goal would be to take over the local streaming market I guess, sell Xiaomi or MS phones with streaming packages that likely MS will provide or lease out.
[+] [-] justicezyx|10 years ago|reply
[deleted]
[+] [-] polskibus|10 years ago|reply
[+] [-] adventured|10 years ago|reply
[+] [-] rmdoss|10 years ago|reply
On the low/mid end, only https://Imperva.com and http://Sucuri.net compete with CloudFlare.
[+] [-] psior|10 years ago|reply
[+] [-] fweespeech|10 years ago|reply
So hopefully one of their competitors is able to get more competitive.
[+] [-] josefresco|10 years ago|reply
Doesn't seem like it has the "firewall" capabilities of CF.
Also found this: http://alternativeto.net/software/cloudflare/
Because of the size of the WordPress market, Sucuri.net might be a legit competitor.
[+] [-] duncans|10 years ago|reply
[+] [-] ck2|10 years ago|reply
http://google.com/search?q=cache:http://www.forbes.com/sites...
[+] [-] sudhirj|10 years ago|reply
[+] [-] pdknsk|10 years ago|reply
Quote from their website.
The Lossless mode removes all the unnecessary bloat from an image file, such as the image header and meta data, without removing any image data. This means images will appear exactly the same as they would have before.
The last sentence is false, at least for images with color profiles on all non-mobile browsers. There are other possible minor cases.
[+] [-] brownbat|10 years ago|reply
[+] [-] rebelde|10 years ago|reply
[+] [-] maartendb|10 years ago|reply
[+] [-] manigandham|10 years ago|reply
Most CDNs only cache in the local POP on the first request and respect the headers the origin sends. The crawl frequencies are for keeping things available if your origin is offline and depends on your plan as listed on the site.
1. https://support.cloudflare.com/hc/en-us/articles/200168256-W...
[+] [-] strangemix|10 years ago|reply
http://www.marketwatch.com/story/fidelity-google-microsoft-b...
[+] [-] pjbrunet|10 years ago|reply
CloudFlare is helping the scum of the Internet. They need to be held accountable for what they're serving, if they're not going to reveal who is hosting the site. If there's a way to find the originating IP of these scumbags, I would like to know. Obviously traceroute doesn't work because the IPs show up as CloudFlare.
The way I see it, CloudFlare should be required to publish who is hosting the websites they cloak. Otherwise you're encouraging a lawless Internet where anything goes without any consequences. I sincerely hope these larger companies address this problem.
I hope some journalists dig into this because I think there's a good story here. Maybe CloudFlare doesn't have the staff to review the activities of the sites they're protecting? That's a serious problem, in my opinion, because their cloaking technology is very effective.
[+] [-] harshreality|10 years ago|reply
Scammers, thieves, phishing, and cybersquatting are weak or nonsensical reasons for demanding that CF reveal the IP they're proxying for. If a site is breaking the law, use the legal system to request the real server IP from cloudflare.
I suppose you're also against Tor, because it cloaks client-side evildoers like CF cloaks server-side evildoers?
[+] [-] mdekkers|10 years ago|reply
[+] [-] simonsez10000|10 years ago|reply
[+] [-] astrowilliam|10 years ago|reply
[+] [-] eli|10 years ago|reply
I've also heard good things about https://www.fastly.com/
[+] [-] puppetmaster3|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] EugeneOZ|10 years ago|reply