
CloudFront vs CloudFlare - pajju
http://cloud.dzone.com/articles/cloudfront-vs-cloudflare-we
======
benatkin
The "We have a winner" makes me expect something substantive, but this post is
just the author rambling about a tentative choice he made.

~~~
1qaz2wsx3edc
I expected to see graphs and proofs. There were none. I did not read the
article.

------
xxdesmus
Just wanted to mention a tiny correction.

CloudFlare does have a single file purge option available:
<http://blog.cloudflare.com/introducing-single-file-purge>

Single file purge is also available via our API here:
<http://www.cloudflare.com/docs/client-api.html#s4.5>

I have mentioned this correction to the author as well.

------
eduardordm
Some cloudflare cons:

Cloudflare makes websites unavailable if you use services like unblock-us.com
(see below)

High amount of 404 I get from cloudflare when browsing /r/pics makes me wonder
who is to blame.

Cloudflare is short on locations.

Cloudfront is cheaper if you use SSL.

============

➜ ~ dig cloudflare.com

; <<>> DiG 9.8.3-P1 <<>> cloudflare.com ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<\- opcode: QUERY, status: SERVFAIL, id: 3675 ;; flags: qr rd ra;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;cloudflare.com. IN A

;; Query time: 4847 msec ;; SERVER: 208.122.23.22#53(208.122.23.22) ;; WHEN:
Sat Dec 1 18:42:43 2012 ;; MSG SIZE rcvd: 32

~~~
bartman
Even with Unblock-Us I can reach CloudFlare just fine here (Berlin, Germany):

; <<>> DiG 9.8.3-P1 <<>> @208.122.23.22 cloudflare.com ; (1 server found) ;;
global options: +cmd ;; Got answer: ;; ->>HEADER<<\- opcode: QUERY, status:
NOERROR, id: 12445 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0,
ADDITIONAL: 0

;; QUESTION SECTION: ;cloudflare.com. IN A

;; ANSWER SECTION: cloudflare.com. 300 IN A 173.245.60.249 cloudflare.com. 300
IN A 173.245.60.250 cloudflare.com. 300 IN A 173.245.61.248 cloudflare.com.
300 IN A 173.245.61.249 cloudflare.com. 300 IN A 173.245.61.250

;; Query time: 61 msec ;; SERVER: 208.122.23.22#53(208.122.23.22) ;; WHEN: Sun
Dec 2 01:24:29 2012 ;; MSG SIZE rcvd: 112

~~~
eduardordm
It looks like location influences results. Tried again at home , same results.
Tried on different ec2 instances: fine on us-east, no go on sa-east-1.

------
conradev
Here is a good submission by saurik, highlighting some of the risks involved
in using CloudFlare:

<http://news.ycombinator.com/item?id=4235893>

The blog post is titled "When 'Dumb Pipes' Get Too Smart"

------
drakaal
Article fails to mention that when CloudFlare has issues, they present
Captcha's to the Google Bot, and your site gets delisted.

Also fails to mention that if the CDN gives you an IP that is the same as a
Kiddy Porn site, or a pirate site that you could have Law Enforcement on your
doorstep (worst case) or be delisted by Google, or blocked by NetFilters.

CloudFlare is not worth the headache. Put a squid on Azure, Rack, AWS, or
Google Cloud Compute and you can have nearly the same features, for nearly the
same price. And not have any of the negatives.

~~~
vegardx
You can disable the captcha-feature, as far as I know, and this is just a way
to mitigate DDoS. You'd think Google would recognize that you were serving
your content via a CDN, it's not like it's something new or anything.

And I'm not buying into that you could have law enforcement on your doorstep.
How on earth would they tie it to you? The IP-adress is registered to
CloudFlare, not you. If they have the means to find a "kiddy porn"-site, they
also have the knowledge to see that it's distributed by a Content Delivery
Network.

Are you really comparing a globally distributed content delivery network with
a squid installed at one location on one provider?

CloudFlare might not be worth the headache, but for entirely different reasons
than you have listed.

~~~
moe
_You can disable the captcha-feature, as far as I know_

Cloudflare displays a cloudflare-branded error page when anything goes wrong.
That happens quite often, and as far as I know you can _not_ turn that off.
Oftentimes Cloudflare claims the "the backend is down" when the backend is, in
fact, serving fine (which I've verified on more than one occasion).

Furthermore Cloudflare significantly degraded both latency and availability
outside the US when we tested them, versus using the US origin. We've seen
their error-page and 'connection refused' errors spike into the 10% range
multiple times a day. Latency variance was pretty wild, with europe spiking
into the 500ms(!) range.

The only other CDN I've seen similarly atrocious performance from was MaxCDN.

If you're looking for a CDN to speed your site up (duh!) then I'd recommend to
go with one of the more established players. Cedexis provides a nice report
that tells you which CDNs perform best in your market;
<http://www.cedexis.com/country-reports> (I'm not affiliated with them, take
their figures with a grain of salt, do your own testing on an evaluation
account!)

~~~
donavanm
You seem to be using CloudFlare and CloudFront interchangeably. From context I
_think_ your talking about the "free cdn startup", not the AWS service. Could
you edit for clarity?

~~~
moe
Woops, thank you! Edited and corrected.

------
stock_toaster
Unfortunately, CloudFlare requiring root authority for a domain is simply a
non-starter for me (or $dayjob). However, I understand why they do it -- DoS
protection and ease of maintenance on their side.

I do wish they supported taking authority of a subdomain, or simply required a
CNAME like many CDNs.

~~~
xxdesmus
We do have a CNAME pointing option available for paying customers.

------
idupree
CloudFront offers HTTPS (on their domain). For low volume sites, paying for
CloudFront is cheaper than paying at least $20/month for CloudFlare's HTTPS
(which is also on their domain unless you pay $200/month).

Note: For this CDN HTTPS to be useful, you also need to have your main site
URL have it, say, via a certificate from StartCom and a VPS or a good shared
hosting site. It is a good deed to offer HTTPS even on static sites because it
helps protect users' privacy (if they are using WiFi, Tor, or a sketchy ISP;
which is likely). If you're distributing software or code, having some sort of
signing -- HTTPS and/or GPG -- is critical to protect your users from
malicious MITMs; more users are going to verify HTTPS because they don't have
a choice about that one.

------
jhuckestein
I love CloudFront because it automatically fetches assets from my deployed
application and then caches them. I don't have to manually move stuff to S3 at
all! Can CloudFlare do something similar?

~~~
eli
Yes, AFAIK that's actually the only way CloudFlare works. You switch your DNS
to them so that your site resolves to one of their servers and CloudFlare
fetches pages and assets from your origin server.

------
TazeTSchnitzel
A lot of these comments seem misinformed. So, as a user of CloudFlare, let me
speak:

CloudFlare takes over your domain and reverse proxies your site, to your
control. They cache resources for you, selectively, to your complete control.
They have some security features, like presenting captchas to dodgy IPs. The
base service is completely free, albeit restrictive, but there are no
bandwidth caps. They also have "apps" that provide extra features, like
asynchronous JS loading, automatically adding Google Analytics to every page,
email scrambling, etc. Everything is customisable - if you want, you can
completely disable the security features, caching, apps, in fact, you can also
disable the reverse proxying for subdomains (which of course removes all the
CF benefits).

My web app, <http://ponyplace.ajf.me/>, has benefited greatly from being on
CloudFlare, since it has relieved the burden of serving most static content
from my server. It's a really great service, especially for the price. My only
complaint is that SSL usage on CloudFlare is pretty pricey.

~~~
latchkey
What do you mean by SSL usage? I pay $20/mo for the 'Pro' plan which is less
expensive than Google AppEngine pricing (my other option).

~~~
TazeTSchnitzel
But that means you can't encrypt the reverse proxy connection, IIRC.

------
robotkad
The other thing this article really fails to highlight is the DDOS mitigation
service Cloudflare provides.

Cloudflare are disrupting a very established and lucrative industry. Companies
like Prolexic charge a lot more for a lot less. Not to mention the whole "Are
you currently under attack?" bullshit they pull where they charge you
significantly more if you are currently a DDOS victim.

------
1SaltwaterC
Sometimes I'm asking myself the same thing: why pay Akamai the bill when
CloudFlare is so much cheaper. However, the cost of the unavailability is far
greater. I guess the old saying that nobody got fired for choosing IBM still
applies in a different form. It isn't bias. Just a business decision. Running
CF for personal stuff though. Guess it's a proper tryout.

------
youngtaff
The article is an Apples to Oranges comparison...

CloudFront is a content delivery network, CloudFlare is part content delivery
network, part front-end optimisation service.

What CloudFlare do it optimise the content so that it loads faster e.g. by
minifying JS/CSS, merging files etc. i.e. many of Steve Souders rules.

There are other services around which do much the same thing Google's
PageSpeedService, Strangeloop Networks, Torbit etc.

You could perhaps achieve much the same thing using mod_pagespeed, or Aptimize
etc. on your webserver and a CDN in front.

If you chose a CDN that allows you to push your dynamic pages through it e.g.
Fastly, then even the HTML delivery can be speeded up in many cases (even if
the CDN doesn't cache the HTML, which perhaps it could for many sites)

Real challenge that the article doesn't cover is where do CloudFront, and
CloudFlare have slow performance e.g. due to peering arrangements etc. That's
where multi-CDN providers (ala TurboBytes) can help

------
rohamg
I have set up and run cloudflare on all our sites, very happy with it. Super
easy to use and gives me piece of mind.

------
fsckin
I've been using CloudFlare for a site with >20m hits per month.

4TB of bandwidth saved in the last 30 days for a measly $20.

I do have small issues that arise, mostly false positives and occasional
outages, but nothing too bad at all.

Compared with the costs of any other CDN and I would be looking at a rather
large bill.

------
robotkad
I wonder if everyone is missing a piece of the Cloudflare pricing puzzle.

What if they have negotiated contracts with wholesale data providers where
they get a revenue share for any traffic they bring into the network? This
would mean that the more sites they have hosted, the more money they bring in
for their carrier (which they bill the downstream for) and in turn, the more
they make.

I dont not work for Cloudflare and have never worked in the carrier/hosting
biz, so this is just a theory. I am however, a very happy enterprise customer.

------
ajwinter
Having used CloudFlare for multiple sites I can say it's not for everyone. In
my experience it's great for sites running on shared servers and can really
pick up the speed of these sites. But on some of our larger sites it had the
effect of reducing the speed of our service. I think it's worth trying and
using for a few weeks at the very least as your experience may very.

------
kalleboo
I've avoided CloudFlare since it seems to good too be true, which means it
probably isn't. I've been burnt in the past with overselling - if I'm not
paying for the bandwidth, I'm also probably not getting it. In addition, I've
seen those CloudFlare captcha pages a few times, and they look really scummy,
like domain parking pages, full of ads.

~~~
xxdesmus
Paying customers can customize all the error/challenge pages with full
HTML/CSS to exactly match and brand their own site.

