
Cloudflare Traffic Manager - IcyApril
https://www.cloudflare.com/traffic-manager/
======
bks
I am a customer of a competitive product, where we have a cluster of servers
on port 25 that need load balancing. Pretty simple setup - if port 25 goes
down for more than 2 minutes remove from DNS until it comes back online.

It's been incredibly stable and robust and a real life saver if you have gear
in multiple geographic data centers that are not all with one provider. The
competitors cost for the service is incredibly cheap hen you consider what it
does - but the BIG GOTCHA is you need to use their DNS in order to use the
load balancer.

And we move about 350 queries per second so the bill is pretty high (for our
sized company). The place that I should be able to get an immediate impact and
huge savings is that Cloudflare does DNS for "free".

I should be able to pay a modest but competitive rate for their traffic
manager, but with no QPS it will be huge.

I just spoke to sales in the UK and they don’t actually have a good definition
of the product yet. No pricing and really did not have their questions to ask
prospects yet.

That being said we are already using them for pseudo-Traffic Management
services we have a script tied to Pingdom.com that updates DNS from the port
monitoring and adds and removes records in just a few seconds.

~~~
kijin
It's okay for port 25 to go down for 2 minutes because standards-compliant
senders will retry when your server is back up.

It's not okay for a widely used web service to go down for 2 minutes until you
can update your DNS. Failover needs to happen within a few seconds, and most
importantly, _while the client is still connected to the load balancer_. You
can't do this using DNS with short TTL values.

~~~
zzzcpan
> Failover needs to happen within a few seconds, and most importantly, while
> the client is still connected to the load balancer. You can't do this using
> DNS with short TTL values.

No it doesn't and it's good enough. Humans are not stupid, they will try
again, web browsers will try other IPs too. For custom clients it's not even a
question, as they can implement transparent failover in the client itself.
Essentially this is all about web browsers.

The big problem with anycast routing is that you still have to rely on a
single AS/company and have a huge SPOF, that will fail from time to time. A
few hours of downtime every other year is as good as you can get, less than
that would be pretty much impossible for such architecture. So, if you need
anything better, you would have no choice but implement a DNS failover.

------
Toxton
I can't knock them for constantly adding features.

I know people don't like the psuedo-centralization and the hand wavy action
that their waf does...

yet they keep creating a strong value proposition that makes it so easy for
small-medium projects to get so many services for free (DNS, SSL, CDN) or
relatively cheap compared to competition (DDOS Mitigation).

I don't know of any other single service that does this at their price points,
is there one? (maybe aws with their offerings of waf, cloudfront, route 53
etc).

------
gagabity
It is shocking how many sites now use CloudFlare, I have recently switched
ISPs and aparently my new ISP is SPAMMER and BOT heaven so almost every site I
go to asks me to complete the Im Not A Robot Cloudflare reCapture. Really
makes the experience suck.

~~~
ohstopitu
what else would you use instead of CloudFlare?

~~~
gagabity
If I was operating a site? I dont think there is anything comparable at the
free cost. But what you can do is turn the sensitivity if the captcha
challenge down to 'Essentially Off' as detailed here
[https://support.cloudflare.com/hc/en-
us/articles/200170096-H...](https://support.cloudflare.com/hc/en-
us/articles/200170096-How-do-I-turn-the-CloudFlare-captcha-challenge-page-
off-) the default setting seems to be way too quick to throw up a captcha.

------
daviddumenil
This has been offered by their competitor Incapsula for some time under the
name 'Global Server Load Balancing'

[https://www.incapsula.com/load-balancing-
failover.html](https://www.incapsula.com/load-balancing-failover.html)

~~~
NetStrikeForce
And AWS Route 53:
[https://aws.amazon.com/route53/](https://aws.amazon.com/route53/) Or
Microsoft Traffic Manager: [https://azure.microsoft.com/en-
us/services/traffic-manager/](https://azure.microsoft.com/en-
us/services/traffic-manager/)

And possibly many, many other providers.

It would be interesting to know if there's some innovation here.

~~~
jgrahamc
Because Cloudflare uses Anycast there is no change in the public IP address
for a request that hits us. It will be routed to the nearest data center (of
which we now have 100 cities covered globally). The Traffic Manager product
controls how that traffic is the routed to the origin server (if the request
could not be served from cache).

As the active monitoring is performed from each location separately the
Traffic Manager applies its policies in each location and can automatically
route around connectivity problems in the Internet as well as origin server
problems. All without changing public DNS.

This allows us to do very fast failover and route changes because this is
independent of the propagation time for DNS on the public Internet. Solutions
based on changing DNS records are suboptimal.

~~~
kijin
Somewhat off topic, but since CloudFlare keeps mentioning "routing the nearest
data center" as one of its benefits...

I have a number of clients near ICN (Seoul) who have been happy with
CloudFlare for some time, but now the vast majority of their users are being
routed through LAX. Not Tokyo, nor Osaka, nor any of your other locations
throughout East Asia, but LAX all the way across the Pacific Ocean! This
detour adds about 300ms to every uncached request, and 150ms to every cached
request. All the time I spent helping my clients shave a few milliseconds off
their response times, now completely obliterated!

When the Pro plan ($20/mo) users contacted CloudFlare to find out what was
going on, they were told to upgrade to the Business plan ($200/mo). Some of
them did, but their users were still being routed halfway around the world.
When they contacted support again, they were told to consider upgrading to an
Enterprise plan. What is this, a cheap webhosting shop that tells people to
upgrade whenever they're having a problem?

I don't know what happened around late summer that suddenly made Korean and
Japanese locations off limits to all but the highest paying customers (local
ISPs demanding more money?) but whatever it is, it has made CloudFlare barely
usable where I live.

~~~
jgrahamc
That experience with support doesn't sound right at all. Please email jgc @
cloudflare so I can follow up with you on this.

~~~
gagax
This is definitely correct. Every Cloudflare pro plan site I know of now
routes to LAX for South Korean users. For business sites, going over a certain
amount of traffic, they also route to LAX for South Korean users.

I also have confirmed with Cloudflare support, that sites going over a certain
amount of traffic have to upgrade to Business -> Enterprise plan to keep South
Korean users to route to ICN (Seoul). This is causing huge continous
performance problems for nearly all Cloudflare sites in South Korea.

[http://www.todayhumor.co.kr/cdn-cgi/trace](http://www.todayhumor.co.kr/cdn-
cgi/trace) [http://www.ilbe.com/cdn-cgi/trace](http://www.ilbe.com/cdn-
cgi/trace) [http://www.issuein.com/cdn-cgi/trace](http://www.issuein.com/cdn-
cgi/trace)

All show loc=KR, while using a slow LAX colocation. The first two from what I
know, are business plan sites.

------
ddorian43
Since cloudflare staff is always in this forum:

This means like you can add several server ips and you get a load balancer?
And how many servers? And round-robin or something more smart? In what plans
will this be available and if at extra cost ?

Is there any alternative to this ? This may be the perfect thing for dedicated
providers that don't offer a loadbalancer.

~~~
jgrahamc
This allows you to create groups of servers (multiple servers per group) and
do load balancing across servers inside a group, failover between servers,
failover between groups (based on some threshold number of servers inside a
group having failed), geo-steering so that visitors from different parts of
the world hit different groups.

Today's announcement is currently only weighted round-robin within a group,
but additional algorithms will be supported.

~~~
ddorian43
What about the cost ? Your competitor on another comment has a "contact us"
price.

~~~
jgrahamc
In Early Access this is completely free. Pricing will be announced later.

