Websites nowadays should best be jack of all trades services. Extremely fast, secure against attackers, packed with lots of the most amazing features. This is not easy to accomplish. We could try to lock in dozens of web developers for weeks and not let them out before they offer a fitting solution or, we should look for other ways. The start-up Cloudflare from San Francisco offers one of these “other ways” and its quite disruptive. Their solution: Route all your traffic through our servers, we’ll take care of the rest. Sounds easier than it actually is.
Cloudflare and Router-Rules That Should Better Not Have Been Applied
One thing beforehand: If you are a frequent tech-news consumer you might be astonished to read us talk about a service, promising security, stability and comfort, that just recently engulfed almost 800,000 websites in the abyss. The outage lasted “only” one hour, but this is not what we call stable security, do we? Cloudflare went ahead and applied a bad rule to all its edge routers at once, obviously without thorough testing. All these routers ate up their resources and then seized to function. Apocalypse now. A fault confessed is half redressed. Let’s hope they learn from that disaster and will never let avoidable faults like these happen again.
As this is mainly some kind of human failure, the principles of the service should not be put to question for that reason. In fact, Cloudflare really tries its best to have your website shine in the brightest light available. It caches content, catches attacks, optimizes code and has useful apps for different needs at stake.
The Modus Operandi Behind The Cloud
Cloudflare’s developers aimed for an all-round carefree package for websites. After a single installation, any relevant task should be taken over by their systems. The idea was simple: We push our servers as as man in the middle between visitor and website. This way nothing, not a single request can come round us and we are in the pilot’s seat.
Cloudflare explains itself in 90 seconds
Interestingly, it was failure safety which got declared a major feature of the platform as a whole. Today, 23 data centers around the world are on the Cloudflare mission. Via Anycast routes to the data centers are offered with only the geographically nearest actually accepting the call.
This system offers several advantages. Latency is low as requests are always served from a geographically near service. Theoretically failure safety is high. If one data center goes offline, there is still another one now becoming the nearest, so that Anycast can do its job.
A sophisticated infrastructure is not all. Cloudflare wants to integrate any task that might possibly have to be dealt with when it comes to serving web-content. For that reason, Cloudflare even has its own host of nameservers – offering quite a solid performance. These nameservers have to be used for your web-projects. And it is the installation of these servers that is already the biggest complication there is, though it really is none ;-)
From then on, things happen automagically – configurable via a web interface. Images are cached and delivered via a CDN, sourcecode gets optimized. It only takes one click to enable a complete IPV6 support, even if your server is connected via IPV4 only. Small apps offer additional functionality, third-party developers offer some, too.
Main aspect behind the Cloudflare concept is: Security. On a worldwide scale more and more attacks on websites are counted. Numbers are growing constantly. DDoS attacks have forced even the biggest sites to their knees. Securing your own server requires a lot of effort, if it is possible at all.
Cloudflare promises, that the concept of providing an additional layer between your visitors and your webserver works as a protective shield. This seems to work pretty well, as Cloudflare takes pride in publishing information on more or less massive attacks at its servers and how they resisted successfully. This part of securing your website seems to work – at least does the service provide the technical resources in sufficient quantity and quality.
Installation: a Snap Compared to Other Services
We would not be surprised if the installation of such an elaborate service would be difficult, would we? We need not be, as the installation in fact is a snap and can be accomplished in a mere five minutes of your life-time. Maybe even faster.
If you just want to nose in a little: Reduced to its basic functionality the service does not set you back one single penny. You can have your website driven free of charge, if you suffice using the fundamental features. I know I could. Try it. Sign up and add your own domain, subdomains alone are not accepted, as the whole routing is taken over by Cloudflare. Still you can have subdomains handled, too.
Now Cloudflare loads the recent DNS entries of your site. Usually this works flawlessly. You should check the results before you accept to have them changed, nevertheless. You might be wondering why not all of your service is reachable afterwards, if you don’t. Clicking the cloud symbol lets you choose whether there is a certain subdomain you’d want to have enhanced.
That’s about it. During the next step, your personal DNS servers for the given domain are shown. Then, after zone-updates worldwide, which can still take some time, but not as much as they took in the 90s, all requests for your domain are routed to Cloudflare. No need to modify any settings at this point, the default configuration does a good job, though it can also easily be modified, if you are into that. Things couldn’t be much simpler, Einstein would leap for joy, probably.
Problems and Limitations
Doesn’t that sound good? Free of sorrows after a mere five minute installation. Too good to be true, you claim? Well, unfortunately you are right. Cloudflare is revolutionary, but not the ultimate, inescapable solution. It has its definite limitations.
First, let’s talk about the obvious. As Cloudflare sits between your visitor and your webserver, requests double. The visitor polls Cloudflare, Cloudflare polls your webserver. Response times don’t quicken that way. This is a structural problem, which can be dealt with to a certain extent, but has to be stood in general. In a common environment you’ll probably not really notice, but you can easily measure it.
According to my own measurements the response time can easily reach a stable 1600ms, which is quite a lot. Moreover Cloudflare is already known for more or less regular outages, such as the one mentioned above. There are customers who tell stories about having been offline for at least some minutes every day throughout the better part of a year. And there are others who claim that they didn’t benefit at all from the service. Instead they noticed a major loss of performance right from the start. On top you should always consider the risks of handing over the keys to your virtual home to a third party. If you do, you should always make sure to have a double-bottom strategy, even with (broken) promises of a 100% availability. If you take all these advices to heart, Cloudflare can be fun.
In a follow-up to this article we will take a closer look at the Cloudflare infrastructure, also covering the double-bottom advice.
How about your experiences with Cloudflare? Can you recommend it or would you advise to refrain from it? I’m interested in all your stories…
The article was written by Adrian Bechtold
and first published in our German sister publication Dr. Web Magazin.