
Cloudflare's new Argo feature billing surprise - vladr
A heads up for any other Cloudflare customers that have enabled Argo. This feature is supposed to improve performance due to better routing but what is not mentioned is that any abuse traffic, even explicitly blocked traffic is still counted against the $0.10 &#x2F; GB.<p>I had an attack come in a few days ago generating false traffic and blocked it via Cloudflare&#x27;s IP firewall. All traffic, including blocked, still counts towards billable per gigabyte bandwidth as confirmed by their support staff. They may sometime in the future separate the counts but for now the support recommendation is to disable Argo.
======
jgrahamc
Cloudflare CTO here. I'll look into this. Doesn't make sense we'd charge you
for traffic we filtered out.

~~~
foobarbazetc
But is Argo counting ingress as billable traffic? Can you elaborate on that?

~~~
jameskegel
To me, this makes or breaks the deal.

~~~
dknecht
This is definitely a bug and will be addressed.

------
nwrk
I don't get that. The traffic is BLOCKED at first PoP by WAF / Firewall.
Therefore NONE is hitting the backend usign Argo. *According to Cloudflare
docs / website

Why you are getting billed for something you are not using (attack is
mitigated by Firewall which is paid separately - page rules) ?

Can you please elaborate more. We been thinking to enable Argo too, but this
is just strange experience you are describing.

Thank you

~~~
vladr
The attack looks like a layer 7 flood of HTTP requests with random but normal
looking user agents. It is being mitigated using the firewall IP block in my
specific case as the person is using a single specific dedicated machine.

I was also pretty surprised to hear that these requests also count towards
bandwidth billing.

------
asadlionpk
I have been thinking of enabling this feature. Aside from this issue, does it
make visible difference in terms of performance?

~~~
mark242
For a large ecom site hosted primarily in the US, for our European customers
it cut TTFB almost in half.

~~~
foobarbazetc
How are you testing this?

I really wonder why we see the opposite result.

Is the site on AWS? Maybe that's the reason for this.

------
amingilani
Crude joke, but this so reminds me of the line from the movie Argo.
Specifically the joke[1] which later became synonymous with "break a leg"
during the movie.

Not that Cloudflare won't fix it, but while reading the post, I couldn't stop
hearing it in my head.

[1]:
[https://www.youtube.com/watch?v=MTjJTsrglDA&feature=youtu.be...](https://www.youtube.com/watch?v=MTjJTsrglDA&feature=youtu.be&t=15s)

------
Justin_K
General question on Argo - isnt "Argo" what CloudFlare should already be
doing? Why is it an extra charge?

------
redm
How is that any different from any other provider? If you have a link from an
ISP and block it at your router, security appliance, WAF, etc, you are still
charged for it. In this case, Cloudflare is going to be "charged" for it so
they attribute the cost to the destination IP.

I assume the same would be true with Argo disabled? If traffic comes in for
your IP, its going to be billed to you.

~~~
detaro
If I understand Argo correctly, you're basically paying extra for CloudFlare
to send the traffic from their first PoP to the backends through their own
network as much as possible instead over the public internet. The traffic to
the first PoP happens both with and without Argo, so it shouldn't add extra
cost over the normal plans.

The question then is if the traffic filtering does happen at the first PoP
(and thus wouldn't use resources inside the cloudflare network, which is what
you're paying the Argo fee for), or if it has to be sent on and is only
filtered later.

------
marksims
hi, i have similar issue and got a huge billing invoice today. i received a
billing of $3193.60 which is huge billing for argo. I do not recognize the
billing and will not accept it. Because the usage of bandwidths are from my
backend api of my website. not the frontend script. and i have set page rules
to bypass cloudflare system of my api.

argo should not charge for my api access, only the front end script access.
and your argo is experimental. how can you charge me for this huge amount? you
are kidding for a customer which spent monthly $20 of the whole system and
suddenly for $3193 for a new experimental feature. this is ridiculous, pls
cancel the billing and i have disabled your argo.

cloudflare should estimate the charge amount based on history bandwidth before
user enables argo. or this is a rip-off. this is too much money compares to
ordinary cloudflare charges. i will not pay the ridiculous invoice and cancel
all my service if you insist charging me for this amount.

~~~
jgrahamc
Please contact Cloudflare support

------
tyingq
Does cloudflare block the traffic as close to the end user as possible?
Curious if this is a case of "blocked traffic still uses a significant amount
of their resources" or just a billing software limitation.

~~~
vladr
The firewall logs for the blocked traffic show it is all being stopped from a
single PoP in France. I think this is just a billing limitation but one that
might have been put in place on purpose. I honestly hope they change this soon
as others are bound to experience similar scenarios.

------
mp3geek
Could cloudflare estimate the cost of Argo, from a previous months usage?

