Cloudflare is a next-generation service which is a CDN(Content Delivery Network) , a WAF(Web Application Firewall), a DDoS(Distributed Denial-of-Service) service and also a DNS(Domain Name Server) and many more...
For the ones, who have not heard about Cloudflare, they are the company who owns the DNS 126.96.36.199
Which is well-known for its performance. According to DNSPerf , Cloudflare holds the lead in DNS Performance. Considering that the current websites contain various subdomain links of your main domain, Cloudflare DNS makes sense! On the top of DNS, Cloudflare also complies with DNSSEC
Here are the features of Cloudflare:
- Global Anycast Network
Anycast is smarter than Unicast, in many ways, especially when we consider having alternate paths + always accessing with the closest Edge(All Edges are identical with the same configuration). Most of the Internet traffic is unicast, which is a waste! Global anycast network of Cloudflare is already controlling %10 of the Global HTTP traffic with more than 185 Datacenter, which is growing rapidly and 10M request/sec.
- Cloudflare Services
Cloudflare has numerous services for the following purposes:
"Faster Internet" is a target for Cloudflare which is achieved with the following services:
Accelerating mobile app performance with a custom protocol and multiplexing
- Web Content Optimisation
Resizing images on-the-fly, reducing the payload sizes, optimising the binaries, optimising the static-content
Compressing origin payloads
- Smart Load Balancing
Benefiting from Geo steering and routing the traffic to the nearest origin
Optimising the route and connection keep-alives
Enterprise package contains great caching capabilities like:
- Prefetch: This happens ahead of Browser request
- Region: Configuring the specific regions for caching
- Custom cache keys: Based on Header/Cookie, caching different content for custom devices(Desktop, Tablet)
- Query String Sort: This increases the caching capability no matter which order the Query String comes with
Even faster than Akamai:
Storing the videos by encoding with different codecs using adaptive streaming
- DDoS (Distributed Denial-of-Service)
There are significant technical and non-technical advantages that Cloudflare have:
- Non-technical Advantage: It owns %10 worldwide Internet, which means a lot! By the help of the free-plan, the attacks being initiated, for example, by Botnets are detected at the closest source and blocked before spreading, which means you are lucky if you are reverse-proxied by Cloudflare!
- Technical Advantages:
- Powered by ML(Machine Learning) !
- Custom stack which is built to overcome the Linux Operating System limits
- Bypassing kernel and offloading to user-space for high-volume traffic
- Aggregating the traffic to develop automatic mitigation heuristics
There are various SSL options like Universal SSL where Cloudflare automatically generates the SSL for your domain or using your custom SSL certificates by choosing different modes like as Flexible, Full or Full(Strict)
- Rate Limiting
You can configure the threshold or define custom responses
- WAF(Web Application Firewall)
Fast, the fastest with <1ms. latency for the following rules:
- Cloudflare Managed Ruleset, which has dynamic rule-set which takes advantage of the Anycast network
- Custom rules, where you can set several actions like blocking or showing a CAPTCHA(works great for HTML based traffic) or simulating(just logging)
- Bot Mitigation
In existing trends of the internet-based businesses, we are can observe various types of bots for various reasons, which can be for content/price scraping of your competitor, Spam, Inventory Hoarding, Credit Card stuffing... We have experienced that fighting with those bots yourself, if that is not your core business, which is unlikely, moves your focus away from your core-business and also creates many false-positives!
Cloudflare benefits from its ML(Machine Learning) approach which runs on ~200M requests on GPU based clusters to distinguish bot and real user. And don't forget: Learning a pattern applies to all network which is working in Anycast mode!
So here are some exciting actions you can take against the bots:
- Rate Limit
- On-the-fly change the content/price :P
- Forward to somewhere else
Protecting and also accelerating IoT devices.
OSI Layer3/Layer4 DDoS protection for large scale Data Centers
This new-era remote access technology does not need any VPN ports to be opened which makes it easier to access your private resources from anywhere
- Argo Tunnel
Establishing an encrypted tunnel to the nearest PoP without any need to open a port on the firewall or a public IP.
Custom rules based on the geography
Can you imagine that your website will continue working even you shutdown your webservers? Try it and see!
Cloudflare gives you insights on every level like
- WAF events
- Rate Limiting requests
- DNS Queries
- Bandwidth savings
- Attacks Mitigated
- Attack origins and details
- Log access
- Geographical breakdown
- Search Engine Traffics
- Details Security Reporting
- Platform for Serverless: Workers
New-stack software is moving to decoupled architectures where you split your business into pieces, Microservices, functions, Serverless...
By delegating some of your functions to Workers:
- Increased overall speed, ~10ms. response times on the edges
- Reducing infrastructure costs
- Personalisation which happens on edge level
- Adding custom security and filtering on edges
The main advantage or Workers is speed, because of the Anycast network, the functions run on the nearest Edge, unlike to Cloud providers unicast Serverless services:
On the top of the above functions, from Infrastructure-as-code/DevOps dimension, you can develop all those with Terraform and commit to your code repository!
As a summary, if your core-business is not what Cloudflare is doing; in other words, if you are not a competitor of Cloudflare, then consider using it!