If a page is static, then CloudFlare can cache it. But if you set your cache headers appropriately, and use efficient serving code like nginx, I imagine serving static content is pretty darn cheap.
If a page is dynamic, then how can CloudFlare really speed it up? You don't want them serving stale pages to users. So it has to hit your server every time, in which case the user might as well hit your server. In that case, I don't really see how CloudFlare improves things.
Am I misunderstanding how CloudFlare works? It seems like if you follow typical performance tips like [1] then most of CloudFlare's benefit is eliminated.
I guess [1] does tell you to use a CDN. You can save end user network latency for cached static pages, since they cache them in multiple geographic locations. But if you have a simple site with 1 .js and 1 .css file per page, and compress and minify everything, I wonder if it's worth it.
2. Static content is served locally from their CDN. Same thing, your JPEG served to a guy mombasa is coming from a few miles away, not half a world away.
3. If your clients are using old browsers without keepalive, CloudFlare will still keep connections alive from their local endpoint to your servers - making the new-connection cost only occur on the first couple of hops.
4. For dynamic content you can use a special proxy they created which keeps a synchronized cache with the far end so it can ships diffs. If you generate a page thats mostly similar to another page it can just send "Same As Cache Object 124567 except Line 147 says "Welcome chubot" instead of "Welcome orionhenry". A significant percentage of dynamic responses can traverse the world as a single TCP packet.
5. Their devs are really ruthless about keeping the crypto certs as small as possible, with the goal of all handshakes taking a single packet per step.
With the static content it's not the cost of serving it, it's the fact that Cloudflare is serving it from a large bunch of distributed servers that are likely to offer far lower latency to the end-user than your servers. With modern web pages often containing hundreds of objects, this can make a big difference to page load times.
If all your customers are in one geography this is less of an issue, but if you have a global audience this can make a huge difference.
So I guess the selling point of CloudFlare is that it's like a normal CDN, plus it offers security services like DDOS protection?
With a normal CDN, you don't change your DNS to point at their servers right? DNS points to your server, but you change your code to have <img src="" > and so forth pointing at their servers. To me that just seems a lot less invasive, but admittedly then you can't get the security features.
Since then I have been hesitant to use it again.
If the website is serving content (i.e. articles, images, movies, you know, the normal use-case) then most people visiting a page will be first time visitors on that page. The cache headers you mention are only good for returning visitors and even so, the local cache is not reliable on mobile phones where the cache is being purged regularly to make room. Consider that there are mobile web developers that have decided to not use JQuery for this reason, even though JQuery is probably the most cached piece of JS in the world.
Also serving content from a properly configured Nginx doesn't help with network latency. Say, if your server is in the US and your visitors are in Japan or China, then the added network latency can be measured in seconds. The problem gets even worse for HTTPS connections because of that handshake. And consider that Google found an extra .5 seconds of latency in delivering their search result costs them a 20% drop in traffic, or that for Amazon 100ms of added latency costs them 1% in sales.
> If a page is dynamic, then how can CloudFlare really speed it up?
Even if the page contains dynamic content, you always have static content that you want to serve from a CDN.
You also forgot probably the biggest benefit for us - bandwidth ends up being freaking expensive and if you get a lot of traffic, then a CDN can save you a lot of money.
There was a similar exercise done with hosted versions of jquery, but I can't remember who did it or find a link, I'm afraid.
additionally it's geolocated, so we get that for free, which is nice.
The problem I ran into was setting up a CNAME for an S3 bucket requires the bucket name to have periods in it, but https:// access no longer works for buckets with that naming convention[1]. So I ended up having to use CloudFront instead for my images.
[1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestri...
http://s21.postimg.org/8gn6f7i2f/cloudflare_com.png
Nothing to write home about :)
That being said, I've seen CloudFlare cutting down DNS lookup from 800ms to 60ms for a tiny website.
Another thing is that it depends if you're really concerned with visitors far from your server. I had some WordPress websites hosted in LA and with some really basic optimization page speed was almost as good as Google's home page.
Don't drink the paint, I guess :) It may not be worth it, it may be great. Test it. Of course, CF has other benefits too, it's not just about the page speed.
Don't get me wrong. I'm not claiming anything here. It's just a quick rant and a screenshot. Don't take it too seriously.
Other than that, it is becoming somewhat concerning just how much traffic goes through CloudFlare. Nothing against you CF guys. Just good ol' paranoia :)
EDIT: For most places CloudFlare does a great, well, amazing job and keeps the page speed down to <1s, often <500ms. But again, it really depends where your visitor are. Check the History tab here http://tools.pingdom.com/fpt/#!/blmbP5/http://cloudflare.com
As for dynamic page caching, CloudFlare offers a service called Railgun that only sends the diffs of a page when it's been changed, rather than the full page, and then re-hydrates it at the edge of their network before handing it off to end-users. Theoretically this would reduce network time by sending less traffic inside the network. I've never personally used it so I can't vouch for it, but it sounds neat.
The real question is: why would you leave aside security?
Any random can put any site behind their (very fully featured) free services and get free CDN, free antimalware, and free $other_services, with no seeming limits as to the amount of traffic you get. This has no impact on the target site. There are no ads or any other such. Their enterprise products only offer a few more features at a massive cost hike.
How are the bandwidth costs not eating them alive, and how are the free users being subsidized?
http://www.wired.com/2014/09/new-internet-security-tool-guar...
Downtime is expensive for large companies, including financial institutions. A DDOS that takes down the site could cause a dip in the stock price. CloudFlare technology (should) prevent DDOS and other basic security issues. It does this without appliances and without having access to private SSL keys.
Imagine the opportunity cost of a bank going offline, and you can start to understand just how much money CloudFlare stands to make from large corporations.
I'm not sure what features the free plan lacks, but $20 a month isn't going to break the bank. I found their application firewall very useful for stopping spam registrations.
There aren't a ton of explicitly called out features that require an enterprise deal, but I expect a customer of any significant size will be under one (or encouraged to do so). It's the only way to get an SLA and to modify the terms of your contract with them, among other things that businesses care about.
As a result of the difference in price between the plan types, I would speculate that the service is subsidized by the enterprise customers. However, the free or lower cost customers were probably essential to building their peering relationships before they had significant enterprise users, and that has a very direct relationship with their cost to serve traffic.
> We buy our bandwidth through the wholesale market, which means we're paying for the size of our pipe, not for each byte we serve through it. We also peer with other networks wherever possible in order to drive the cost of bandwidth as close to zero as possible.
1. https://www.cloudflare.com/features-cdn
2. https://blog.cloudflare.com/the-relative-cost-of-bandwidth-a...
They're an MITM service. They see your encrypted traffic in the clear. There has to be some way to monetize that. Why else would Google buy in?
Half the internet is behind CloudFlare now. Since they can't easily "own" the Internet, they could as well own CloudFlare.
Not impressed and I hate all this hiding behind Cloudflare and other proxy services; most of the cases are just hipster/hype powered, rather than in actual need.
It's sad that a single party has such power over such a large part of the internet. But of course, DDoS protection services inherently require large scale, so it's a tricky problem.
In theory, HTTP could have been the same way, if it wasn't for for complete lack of respect caching got once the web moved to dynamic database-driven designs and the temptation for middleboxes to overstep their remit.
Yes there are always issues with a single company being such a big part of the internet but this applies to many other large tech companies as well in all layers, many that are quite invisible to most online users.
But Incapsula, Akamai, Fastly as are good competitors too.
On the low/mid end, only https://Imperva.com and http://Sucuri.net compete with CloudFlare.
Since Cloudflare has full China access the goal would be to take over the local streaming market I guess, sell Xiaomi or MS phones with streaming packages that likely MS will provide or lease out.
CloudFlare is helping the scum of the Internet. They need to be held accountable for what they're serving, if they're not going to reveal who is hosting the site. If there's a way to find the originating IP of these scumbags, I would like to know. Obviously traceroute doesn't work because the IPs show up as CloudFlare.
The way I see it, CloudFlare should be required to publish who is hosting the websites they cloak. Otherwise you're encouraging a lawless Internet where anything goes without any consequences. I sincerely hope these larger companies address this problem.
I hope some journalists dig into this because I think there's a good story here. Maybe CloudFlare doesn't have the staff to review the activities of the sites they're protecting? That's a serious problem, in my opinion, because their cloaking technology is very effective.
Scammers, thieves, phishing, and cybersquatting are weak or nonsensical reasons for demanding that CF reveal the IP they're proxying for. If a site is breaking the law, use the legal system to request the real server IP from cloudflare.
I suppose you're also against Tor, because it cloaks client-side evildoers like CF cloaks server-side evildoers?
I'm not advocating a more or less anonymous Internet by criticizing CloudFlare.
PS: I enjoyed your comment and upvoted it.
https://news.ycombinator.com/item?id=10194724
At the very least, they should be revealing the IPs of these websites.
Incapsula or Sucuri are the ones that compete with a lower pricing.
So hopefully one of their competitors is able to get more competitive.
Doesn't seem like it has the "firewall" capabilities of CF.
Also found this: http://alternativeto.net/software/cloudflare/
Because of the size of the WordPress market, Sucuri.net might be a legit competitor.
Akamai and Incapsula are the only real competitors and, tbh, none of them are particularly "good" which is why CloudFlare has been so successful.
Sucuri is fine for a corporate blog or the like but it just really isn't usable for a high traffic site with alot of dynamic content.
Quote from their website.
The Lossless mode removes all the unnecessary bloat from an image file, such as the image header and meta data, without removing any image data. This means images will appear exactly the same as they would have before.
The last sentence is false, at least for images with color profiles on all non-mobile browsers. There are other possible minor cases.
I've also heard good things about https://www.fastly.com/
“The world is looking for their Android,” Prince says. “We’re the Android of cloud services.”
full disclosure: I start work for a competitor at the end of the month
I get your point that Android, broadly, is a competitor to Apple. But, I think he's not just highlighting that the world needs an Amazon alternative (it has several).
I think he's saying the world needs a more open ecosystem where they have the choice of best-of-breed components from different companies. And, in that world, you might be able to pick the world's best compute stack from one company, use Cloudflare as the world's best edge/networking stack, etc.
http://google.com/search?q=cache:http://www.forbes.com/sites...
Most CDNs only cache in the local POP on the first request and respect the headers the origin sends. The crawl frequencies are for keeping things available if your origin is offline and depends on your plan as listed on the site.
1. https://support.cloudflare.com/hc/en-us/articles/200168256-W...
Not for me.
http://www.marketwatch.com/story/fidelity-google-microsoft-b...