Networking

CloudFlare - Loading Faster

Last year, the development team for Ghost blog announced a partnership with Cloudflare. The goal was to improve the Ghost(Pro) infrastructure, making it faster and more secure. With a little tinkering, Cloudflare can be used with any Ghost blog. Technodabbler received this upgrade a couple of days ago.

But what are these changes?

What is CloudFlare?

Reading up on the product, CloudFlare's CEO posted a great description on Quora.

CloudFlare is designed to accelerate and secure any website. Our system works somewhat like a content delivery network (CDN), but is designed to be much easier to setup and configure.

In essence, CloudFlare acts as a proxy server in front of a website. By answering DNS requests for the site, it can redirect requests to its datacenters, located throughout the world. In the case of images and static files (Javascript, CSS, etc.), the content is cached by CloudFlare. Other requests are forwarded to the originating site. It might seem counterintuitive to proxy all requests, but given CloudFlare extensive dedicated network, proxied requests are often served faster.

{<2>}

CloudFlare's network is covers all continent, and is continuously growing.

{<3>}

Ups ...

Proxying all network traffic through CloudFlare's network has some important advantage. The caching is an obvious benefit, as static content can be served from the nearest data center. Having dealt with lattency issues in Europe and Asia, using a CDN-like infrastructure to distribute this content is very useful.

An important added benefit is that CloudFlare is able to analyse all in-bound traffic for malicious activity. If such activity is detected, it can be blocked before ever reaches the originating site. For example, DDOS attacks can be redirected and diffused through the CloudFlare network.

By proxying all traffic to a site, CloudFlare can also offer some alternative analytics on the network traffic itself. This is different from traditional analytics such as Google Analytics, which typically require the execution of Javascript code. CloudFlare

... and Downs

By proxying traffic through CloudFlare, the direct network connection with the client is lost. This means logging information on the webserver cannot be used for analytics. As an old-school system adminstrator, this loss of direct connection is also a bit unsettling, especially since it is given to a 3rd party. Malicious use of the CloudFlare network could be used to censor or change content provided by a website in a way that is very difficult to detect.

In addition, if an attack on another CloudFlare customer is strong enough to knock CloudFlare down, all sites protected by CloudFlare are down. This is a doomsday scenario, given the size of CloudFlare's network and the number of clients they have. If such an attack did happen, a good part of the Internet would not be available.

Although CloudFlare does offer CDN-like behavior with its caching, it does not replace a properly integrated CDN solution. CDN providers specialise in globally distributing files as fast as possible. In the hand of a skilled web developer, static content can be analyzed and cached in an optimal fashion. Such manual approach might be preferrable in website where performance is critical.

Possibilities

At its current stage of development, Ghost blog is not designed to be used in a multi-node scenario. Although such a setup is possible, the internal caching mecanism and they way content is managed does not work well in a multi-node scenario. This means that upgrading the web server (CPU, RAM, network connection, etc.) is the only method of dealing with increased or burst traffic.

CloudFlare offers different solution to help a Ghost blog deal with increased traffic. With CloudFlare caching static content, it is estimated that 40% to 60% of a site content will be served by CloudFlare. More aggressive caching rules can be added to serve additional read-only content from CloudFlare (which is not normally cached), at the expense of being able to update the same content in a timely manner. For business users, CloudFlare also offers Railgun, a technology which establishes a dedicated connection between CloudFlare and the originating web server, as to increase the speed to which un-cache content is retrieved.

{<4>}

Price

CloudFlare's pricing model is incredibly aggressive. The simplest plan is free and offers all the basic functionalites. However, analytics are only updated every 24 hours. This "free" plan is an incredible idea, as it provides CloudFlare with great accessibility to users wanting to try out the solution. Those users are then more likely to carry the solution into larger project.

Most websites with a moderate number users will want to opt for the "Pro" plan, which is only 20 USD a month. This provides increased speed and improved analytics. Other packages are also available, providing additional features. It is important to highlight that CloudFlare's package are feature-based and not related to the amount of traffic that site receives. In other word, CloudFlare costs will only increase if you require more features, not if the site becomes more popular.

Setup

Setting up CloudFlare is impressingly easy if you have experience registering domain names configuring DNS entries. A wizard will guide you through the steps of setting up your first CloudFlare setup. The first two screens ask for an email, a username, a password and the domain of the website to proxy.

CloudFlare will then scan the DNS entries of the provide domain, as it will be taking over DNS duties. You will be presented with a screen to confirm the detected DNS entries and add any missing ones.

{<5>}

The fourth screen in the wizard allows you to configure the CloudFlare's proxying behavior. If you are just trying out CloudFlare, be sure to select the free plan. The performance and security options are explained in the combo box themselves.

{<6>}

The final configuration step is to update the nameservers of the domain to CloudFlare's nameservers. The changes will take a bit of time to propagate, and SSL support for your site might be broken for a short moment if you use CloudFlare's SSL certificates.

In Practice

CloudFlare is a difficult solution to benchmark. At first glance, Technodabbler loads a bit faster. Benchmarking and monitoring solutions such as GTMetix and Pingdom also show a mild improvement, both in loading time and response time. However, a solution like CloudFlare best performs under heavy traffic coming from different locations. This is very difficult to test.

Regardless, the bandwidth savings alone justifies using CloudFlare. For a small to medium size blogs, benefits are obvious. Depending on your hosting provider, you might already be using CloudFlare without knowing it. Many providers have partnered with CloudFlare, either by integrating the solution or offering it to clients.

Larger blogs and websites can also benefit CloudFlare, but the integration should be properly evaluated. For example, proxying traffic through CloudFlare might violate some eCommerce security or compliance policy.

CloudFlare offers a solid product with agressive pricing. Although it does not replace a properly integrated CDN solution, it offers a simple and effective solution that is easy to integrate.

Author image

About Alexandre Denault

Veteran software developer and holds a PhD in Computer Science. Avid computer enthusiast (geek) who has been dabbling with technology ever since his Dad brought home an 8086 computer.