Content Delivery Networks - What makes CloudFlare so special

"Give us five minutes and we'll get your website The San Francisco-based provider CloudFlare makes a grandiose promise on its own website. It should only take five minutes to register with CloudFare, select a corresponding tariff (plan) and upload the corresponding website to the provider. Under the condition, however, that the own Internet connection is also fast enough. But CloudFlare promises not only speed, but also advanced security solutions such as a "Web Application Firewall" or an "Advanced Denial of Service Attack Mitgation". All of this is made possible by the combination of two technologies: one is relatively new, the other as old as the Internet, and together they make an almost self-sufficient overall system.

Content Delivery Network - When the clouds become diffuse

Instead of a normal cloud service, for example as "Infrastructure as a Service", the so-called "Content Delivery System" works somewhat differently, because instead of being concentrated at a single point, Content Delivery Networks are diffusely distributed over several PoPs (Points of Presence) and form a network of diffusely arranged clouds. In concrete terms, this means 43 data centres in 32 countries for CloudFlare. However, it is not just a question of sheer size, but of the highest possible coverage of worldwide locations. In concrete terms, an inquiry from South Africa should not take longer than one from the USA due to its geographical location.

The Content Delivery Network works with a two-part distribution system. There are one or more source servers and a large number of "backbones" or replica servers that contain a copy of the available file. How often such a file is mirrored, that is, distributed within the replica servers, depends largely on the number of requests. If a file is only rarely requested, a few backbones may already be sufficient to meet the demand adequately. In addition: Not every backbone is "set" in the same way. Some are designed for efficiency, others for speed. The combination of both guarantees a distribution that is consistent in time and speed, regardless of active traffic.

Domain Name Server - The logical consequence

The second part of the distribution system is the domain name server. This takes care of resolving the supply chains assigned by the origin server via DNS-based request routing. As on the Internet, the backbones can be assigned unique IDs, which the DNS can use in its Database has stored. In order to process a request, the user must be redirected to a backbone, which requires information such as the ID and the IP. This is exactly the information that the DNS provides.

However, CloudFlare's DNS is not only used for this task, but also functions as a "normal" DNS, which is able to convert the domain names of websites into IPs. Although there are now many DNS that are not bound to Internet Service Providers such as openDNS or Google Public DNS, the operation of an own DNS increases the security of the websites stored via CloudFlare at least to a small extent, as it is possible to react faster to attacks that aim at a "Denial of Service".

The three pillars of security

Roughly speaking, the high security of CloudFlare is achieved through a three-pillar system, namely a web-based application firewall that is, so to speak, placed in front of the actual website, end-to-end SSL encryption based on proprietary or user-preferred protocols and algorithms, and DNSSEC (DNS-SECurity), a handshake system for DNS queries based on cryptographic signatures that works with multiple layers. Apart from that, the own DNS allows a much better early warning system for DDoS attacks through improved monitoring "at the source", since the "flare-up" of the traffic is noticed here before the actual website is affected.

Few competition

At the moment there is little serious competition for CloudFlare. While there are other vendors - even those from large companies - working with major brands and extensive implementation will make it difficult to take CloudFlare off the throne. But you don't just score points with empty phrases, but by combining a content delivery network and domain name server with all the associated advantages you have to create a system where speed and security are equally important.

Current articles