There are a lot of people out there talking about the DDoS as well, some of them are talking about 400+ Gbps:
So, not only did CloudFlare not help on the pages that were truly static, it was actually making everything worse across the board. Hitting the same site with my direct.* DNS cut from 1.2s+ to under 500ms.
CopperEgg and others also kept reporting that my site was down or otherwise super slow when on CloudFlare. I'm not sure if this is because of throttling or something else that might have been in place with the CF service, but either way I was often unable to reproduce the "down"/"more than 6s" that CopperEgg kept reporting.
In short, I think CloudFlare's services sound good in theory, but I'm not sure they have figure out all the issues with scaling and performance yet. So, I cut them out... and certainly not going to be paying any time soon.
You raise a great point about reliability however. The above example was a personal project so I don't really lose much if there's the odd down-time here and there. I'd love to recommend this for the enterprise-level clients where I work but the idea of a point of failure out of one's direct control is a bit alarming, and I am surprised and disappointed to see them succumb to a DDOS that affects what (I assume?) was their entire network - even paying customers.
I notice even now my homepage is taking seconds to load, when usually it responds instantly. My guess is that they're prioritizing access at this stage due to the DDOS, if it's still ongoing.
They manage so much stuff that any downtime they have will make a lot of people unhappy. It already happened once (http://oneurl.me/cloudflare-broke-the-internet)
Looks like it's related: https://twitter.com/CloudFlareSys/status/432997463562022912
Routers shouldn't speak HTTP. People who don't know how to use blackhole communities have no business controlling them.
What's a "blackhole community"? (I did Google, but found email messages from 2003 on page one. Surely there are better references?)
You'd grant your customers the ability to null route traffic from IP blocks (/24 or larger, because ain't nobody got memory to route blocks smaller than that in IPv4) so they wouldn't saturate their links with useless traffic. There was a discussion on the North American Network Operators Group (NANOG) mailing list a few weeks ago.
Disclaimer: I have operated large-scale networks for over a decade.
Every carrier worth its salt will already let you use blackhole communities to mitigate attacks. You tag it, it gets dropped at the edge of your upstreams networks. Simple and effective. You don't need a web service or middleware for any of this.
Also, a route and netmask (generally) take exactly the same amount of memory regardless of the size of the network you're covering.
Like if some one wants to get a site down today so people can't vote.
And cloudflare does not really have anything like that. Their customers yes, them no.
The same reason anyone ever DDOSes anything: because they're assholes.