CloudFlare in 2015 — Bringing Railgun, Virtual DNS, & Universal SSL to the Masses

CloudFlare Bringing Railgun Virtual DNS and Universal SSL to the Masses

TL: DR; CloudFlare has long been the gold standard of security, web performance, and high availability. Ever eager to push the limits of technology, CloudFlare is now offering free Universal SSL, Railgun dynamic caching, and Virtual DNS. With not one but three awesome improvements, if you haven’t already taken a close look at CloudFlare, you certainly should.

In this modern age of short attention spans, high demand, and growing security concerns, having your website always online and running as fast as possible is a big deal.

While picking a great web host can go a long way in determining the success of your website, their business model is generally focused on centralizing servers to a few locations. If you really want your website to have a global presence and to be insulated from online attacks and spikes in traffic, you want to leverage the power of a global network.

CloudFlare Logo

CloudFlare, the web performance and security company

Already powering five percent of the Web’s overall traffic is CloudFlare, a performance and security service that lives in the Cloud. CloudFlare has built out a huge global network that boasts a CDN (Content Delivery Network), a web content optimization platform, proactive firewall and security measures, Virtual DNS, free Universal SSL, analytics, apps, and more.

CloudFlare Co-Founder and CEO Matthew Prince

Matthew Prince
CloudFlare CEO and Co-Founder

We had the honor of sitting down with CloudFlare’s Co-Founder and CEO, Matthew Prince, to learn more about the amazing leaps forward that CloudFlare has been able to achieve in almost five short years.

We covered speeding up dynamic websites with Railgun, Virtual DNS to improve DNS security and performance, doubling the amount of encrypted sites on the web with Universal SSL, CloudFlare’s mission to help build a better Internet, how CloudFlare is disrupting the networking hardware market, and the humble beginnings of CloudFlare.

Blazing Fast Dynamic Websites with CloudFlare Railgun

If there are little things on a web page that change, typical caching systems don’t account for this and require a full dynamic regeneration of the content.

CloudFlare Railgun allows caching down to the individual elements that make up a page, so only the minimal amount of dynamic processing needs to take place resulting in an average 200 percent performance boost.

With Railgun, the connection between an origin server and the CloudFlare network is selected to be as fast as possible. Utilizing similar techniques to those found in compressing high-quality video, Railgun is able to achieve a 99.6 percent compression ratio for web elements that would previously not be cacheable.

CloudFlare Without and With Railgun

CloudFlare Railgun brings unheard-of performance increases to dynamic websites not possible before.

Typically only available to CloudFlare users spending more than $200/month, web hosts that have partnered with CloudFlare can offer this amazing tool to their customers for free to help differentiate them from the competition.

One of the biggest problems for web hosts is the churn rate of customers leaving their service. By partnering with CloudFlare, a web host can help improve their ability to maintain customers by providing great value on top of their main hosting package.

Secure, Fast, Globally-Distributed DNS with CloudFlare Virtual DNS

Launched just a week ago, the CloudFlare Virtual DNS service provides an elegant solution to the increasing security and performance issues of maintaining a DNS infrastructure.

CloudFlare Virtual DNS Saves Bandwidth

CloudFlare Virtual DNS helps cut down on resources while providing quicker DNS lookups.

Traditionally web hosts have a few physical name servers to handle all DNS queries, typically integrated tightly with the control panel system they’ve chosen.

With the scale of DNS attacks today, and also just the overall importance of DNS speed for web performance, CloudFlare realized it was critical to have a fast and secure DNS service.

“Hosts have a really hard time changing how their DNS is provisioned, and if you’re a mid-sized host that has 100,000 customers that all have their domains pointed at NS1.mid-sized-host.com, going out and asking all customers to change to something else is just a non-starter and a really risky proposition,” Matthew explained.

cPanel and other control panels have the application logic tied in with the idea of having a physical name server box on the same network, so attempting to work with APIs to have DNS records updated remotely can get tricky.

CloudFlare looks at a host’s existing DNS infrastructure, and instead of attempting to change the way it works, that existing infrastructure simply sits behind CloudFlare’s Virtual DNS service.

This allows hosts to keep the same workflow while using CloudFlare’s global network to help deflect DNS attacks and signficantly increase the performance of their DNS infrastructure.

CloudFlare Virtual DNS Improves Security

CloudFlare Virtual DNS keeps your DNS infrastructure insulated from outside attacks.

Working with large web hosts like DigitalOcean, where Virtual DNS has been live for the last year, the performance and availability has been outstanding, handling more than 10,000 DNS queries per second, with 100 percent clean traffic.

As CloudFlare continues to build out their network, the DNS service will increase in performance and reliability. Since a host would still control the real DNS primary record authority, they can simply switch off the Virtual DNS service any time to revert back to the original DNS infrastructure.

Not only are hosting companies seeing the huge benefits that Virtual DNS can bring, but some top Fortune 500 companies have also started to utilize it to simplify their DNS infrastructure.

A More Secure Internet with Universal SSL

Launched back in September 2014, CloudFlare Universal SSL made a huge leap forward in security for the entire Internet.

“We think that all web traffic should be encrypted from the beginning, and we’re not alone with significant efforts from Mozilla, The Electronic Frontier Foundation, and others to try to make SSL free,” Matthew said.

There were only about two million encrypted sites prior to the launch of Universal SSL, and with CloudFlare having more than two million customers when they flipped the switch, they essentially doubled the total amount of encrypted sites on the Internet overnight.

CloudFlare Universal SSL

CloudFlare Universal SSL helped to double the total amount of encrypted websites overnight.

All customers who sign up with CloudFlare directly get a certificate issued by CloudFlare that is presented to the outside world with no need to set up anything on the customer’s end. This encrypts all traffic from the web browser to CloudFlare, and customers can even get a free certificate for their server to encrypt traffic from that point to CloudFlare as well.

CloudFlare wants to make SSLs as easy and inexpensive as possible, and Universal SSL also helps with the old problem of each SSL certificate needing to be run off a dedicated IP address.

CloudFlare’s Mission: To Help Build a Better Internet

“Our mission at CloudFlare is to help build a better Internet,” Matthew said.

When CloudFlare started back in 2009, Internet giants like Google had the resources to massively distribute the edge of their network around the globe. Therefore, they were able to offer better performance, security, and availability for their services.

CloudFlare envisioned themselves taking those tools and resources only available to Internet giants and making them available to everyone. CloudFlare wanted to start with the small businesses of the world and, in some cases, provide these tools for free. Before Cloudflare came along, it would have taken huge upfront investments in infrastructure and deployment to have access to this type of technology.

At its core, CloudFlare makes your modern website or application load as fast as possible, while decreasing the resources you need locally, saving on CPU and bandwidth, and making sure you’re secure from denial of service and hacking attacks with firewall and security services.

Without and With CloudFlare Enabled

CloudFlare helps protect your site from malicious traffic and speeds up the good traffic.

No matter what’s going on, if your website is behind CloudFlare’s network, it should stay online. Even if your web server crashes and goes offline, CloudFlare can continue to serve your website up to visitors until you’re back online.

All of this is also handled in a way that’s extremely easy for the end-user, with a typical setup time of around five minutes. In the worse case, a DNS change is needed, which can be avoided with hosts that are already partnered with CloudFlare, and there is no hardware to purchase or set up.

Once you’re on the CloudFlare network, it works like a community watch, where if one site is experiencing issues, such as an attack, that information can be shared across the CloudFlare network and start protecting other sites proactively.

Disrupting the Networking Hardware Market

There are a ton of networking challenges these days when it comes to infrastructure, and on top of that, there are a series of performance and security problems for which the old-school model of in-house hardware doesn’t work.

“The days of on-premise hardware for a lot of these problems are numbered,” Matthew said. “If you look at something like denial-of-service attacks, it used to be that a big denial-of-service attack was a couple hundred megabits per second of traffic, and that would knock something offline. Big attacks today are hundreds of gigabits per second, with the largest ones being up over 500 Gbits/s. The problem is that Cisco doesn’t make hardware that can handle that amount of traffic on any given port. If you’re trying to build a hardware solution, there are limitations to the actual chipset that keep you from achieving high-level filtering.”

Even if you could build up the hardware infrastructure to handle modern web attacks, most of the time that hardware would go underutilized when the network is not under attack.

“We’re adding a new data center a week over the course of 2015, so we’re only accelerating at the pace at which we’re turning out new facilities,” Matthew went on to say about CloudFlare’s aggressive global network expansion.

CloudFlare Global Network Locations

Operating out of 31 datacenters worldwide, the CloudFlare network can quickly serve any geographic location.

CloudFlare realized they could take the functionality of firewalls, load balancing, high availability caching, and more and could build a global network on literally every inhabited continent. Then using this global network, they could dynamically allocate resources to where they were needed most at that time.

Building a Network Where Others Can’t

“We have effectively infinite capacity — not literally infinite — but we’re coming up on four terabits of capacity across the entire network that can be directed to scrub any attack — so many times larger than the largest attacks we see today,” Matthew said.

Some huge websites that drive an insane amount of daily traffic, like the community-driven news site, Reddit, sit behind CloudFlare’s vast global network to ensure availability at all times.

There aren’t many people in the hosting space that are going to build out this type of massively-distributed network, as most hosts focus on putting a lot of servers in one location to keep infrastructure manageable and cost effective.

CloudFlare needs to put tons of servers in many different locations, so they’ve become experts at things like getting a router through customs in South Korea or the best ways to interconnect in Chile. It’s unlikely that any single web host would become an expert in these types of higher-level global network-building.

As web hosting companies are looking to expand into new markets across the world, CloudFlare becomes a bridge to new potential customers without the web host having to invest heavily to build out their own network to these areas.

The Humble Beginnings of CloudFlare’s Global Dominance

Prior to setting off to improve the Internet, Matthew and other CloudFlare Co-Founder, Lee Holloway, started a project called Project Honey Pot. It was a system that allowed website owners to track the ways in which spammers harvested email addresses.

Thousands of websites from more than 185 countries contributed to the Project Honey Pot community, and one user request kept resurfacing: Don’t just track the bad guys. Stop them.

Moving Into the Web Hosting Space

While not initially setting out to change the hosting industry, CloudFlare realized people trying to put content online were frustrated with many performance and security struggles.

Before launching in the summer of 2010, the CTO of HostGator caught wind of what CloudFlare was up to and reached out. HostGator saw the solutions that CloudFlare could bring to the hosting industry and wanted to see if there was a way they could work together.

CloudFlare hadn’t even finalized their interface, so they didn’t think they were quite ready yet. HostGator was eager to at least start off by offering CloudFlare services to customers that were over CPU or bandwidth limits by allowing their support agents to configure it for customers without them even knowing.

CloudFlare was able to greatly help HostGator solve some of their problems, and HostGator became a strong advocate for CloudFlare’s services among other hosting companies.

At HostingCon 2010 in San Diego, CloudFlare wanted to get to know the hosting industry needs better. They wanted to show that they were here to help, so they rented limos to drive attendees from the airport to the convention center hotel in order to help reduce the travel stress of arriving in a new city.

CloudFlare Limo

Showing that they care about helping web hosts, CloudFlare rented limos for HostingCon 2010 attendees.

CloudFlare began to work with a wide range of hosts around the world, from the largest cloud platforms, like Amazon, Microsoft, Google, RackSpace, VMWare, and others, to some of the largest and well-known companies, like GoDaddy, 1&1 Internet, and Endurance Group.

Keeping true to their mission, CloudFlare also works with the smallest of web hosts as well.

CloudFlare Hosting Partners

Just a handful of CloudFlare’s many hosting partners that take advantage of CloudFlare’s amazing services

CloudFlare is really proud, not only of the great service they offer to web hosting customers, but also the extensive benefits they bring to the web hosts themselves.

If you enable CloudFlare across your entire customer base, you can offer a higher tier of hosting, for which you can charge more. Or you can offer the same class of hosting, but with reduced resource consumption. You could place more users on each box.

Final Thoughts on CloudFlare

In this global age, it’s more important than ever to distribute your network to avoid performance bottlenecks and increase security. CloudFlare has done a great service for the Internet community by blazing a trail showing what’s possible with a global network.

CloudFlare also enables web hosts of all sizes to greatly improve the services they provide, while cutting down on resources and costs.

Any website owner who would like to ensure their visitors have the fastest loading times, no matter where they are in the world, should seriously consider CloudFlare. Just going with the CloudFlare free plan increases speed and security and adds SSL encryption to your site.

Questions or Comments? Ask Jacob!

Ask a question and Jacob will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.