Professional Documents
Culture Documents
CloudFlare Technical Presentation2019
CloudFlare Technical Presentation2019
15% 10M
Global HTTP
Internet requests Requests/second
25 Tbps
Network capacity
165+ 185+
Data centers Internet
globally Exchanges
Cloudflare 101
AWS
Americas
Consumers
GCP
Europe
Consumers
Consumers
Asia
Every data center performs every task
Integrated stack of
security, performance
and reliability services
Rate
DNS DDoS TLS Firewall CDN WAF Argo
Limiting
Rapid onboarding,
easy configurations
Origin Server
Cloudflare solves today’s internet challenges.
Edge Apps
PLATFORM compute platform
Argo
Rate Smart Load Origin
DNS DDoS SSL/TLS Firewall CDN WAF Routing Balancing
Server
Limiting
Cloudflare Security
DDoS Protection
Secure Registrar
Our enterprise-class DDoS protection
Registering your domain through
network has 20 times more capacity than
Cloudflare is the most secure way to
the largest DDoS attack ever recorded.
protect your trademark from
Operating at the network edge, it protects
domain hijacking.
against all forms of DDoS attacks.
SSL
HTTPS is a must-have for modern Other:
websites, and Cloudflare makes it easy to ● Keyless SSL
configure SSL. No need to worry about ● DNSSEC
installation issues, expiring certificates, or ● Rate Limiting
optimizing your SSL settings. ● Custom firewall rules
● Authentication on the EDGE
● and more...
Cloudflare Security: Life of a Request
Features: Performance
SSL CDN
Modern SSL isn’t just for security—it can Moving content physically closer to visitors with
actually improve the performance of your our CDN is one of easiest way to improve the
website by leveraging features like OCSP performance of your website and reduce load
stapling, session resumption, HTTP/2, and TLS on your web servers.
1.3.
Dedicated SSL Certificates
Website Optimization With a few clicks within the CloudFlare
Cloudflare lets you automatically enable the
dashboard, you can easily and quickly issue
latest in web technologies. Our web
new certificates, securely generate private keys
optimization features cover everything from
and more.
mobile image optimization to aggressive GZIP
and HTTP/2.
Other:
DNS ● Websockets
● Railgun
Cloudflare is one of the fastest managed DNS
● HTTP/2
providers in the world. The same 100 data ● Mirage
center network that powers our CDN ● Mobile Optimization
dramatically speeds up domain resolution for ● Page Rules
your website’s visitors. ● and more...
Cloudflare Web Performance
Load Balancing
CDN/Caching Reduce latency by
Global Network Reduce travel distance routing requests to the
DNS for content by serving nearest origin server
151+ data centers with an Fast resolution of through geo-steering
Railgun
Anycast network brings from Cloudflare’s Accelerate dynamic
DNS lookups makes data centers instead of
content to users anywhere response times faster content by compressing
origin servers origin payloads
Origin Server
Webpage
Other:
China Network
● IPv6
Cloudflare’s China service optimizes Internet
● Always Online
connections in mainland China, dramatically
● Virtual DNS
improving the viewing experience for visitors
● and more...
in China.
Ba Lo
la ad
nc
in
g
More information
https://www.cloudflare.com/load-balancing/
Features: Insight
Other:
Enterprise Logs ● Analytics
For enterprise customers, we can provide ● Apps
consolidated logs from around the world. ● and more...
These are very rich, containing detailed
information about every request and
response.
Threats
When we identify requests that are threats,
we log them and block them. That means we
not only protect your site, but also provide
insight into the malicious activity we’re seeing.
Cloudflare Workers
The Network is the
ComputerTM
Improved Security Posture
Apply custom security rules and filtering logic.
Users HTTP in, HTTP out, arbitrary code in between. Origin / APIs
1 2 3 4
Microservice Built on
Basic Routing / Advanced Routing /
Cloudflare
Header Modification Rewrites / Caching
By building a service on
Let’s them swap to and Even more effective use
Cloudflare Workers (e.g.
benefit from Cloudflare of the cache to improve
a full auth service) orgs Multiple Serverless
where they might not user experience and
get to improve dev Microservices or
have been able to further reduce costs and
velocity with quick Apps not necessarily
before. operational overhead.
deploys / isolated logic. Tied to Core CF
By using Workers,
Set Custom TTLs or Authorization / Application Built on customers benefit from
Cache Keys Authentication top of Cache the developer
Let’s them more By checking for things Cache heavy productivity gains and
effectively use the cache like existence of a cookie applications become platform speed of
to improve user or header Cloudflare can much simpler to serverless.
experience and reduce respond faster to architect and maintain
costs. unauthed users making becoming
things faster and
reducing load.
Cloudflare Stream
● All-in-one solution: No integration work necessary, allowing you to focus
on creating the best video experience, not managing different services for
each of those solutions.
How It Works
How It Works
1 Install the Cloudflare 2 The Cloudflare Warp 3 All requests sent to the 4 Requests then route 5 Cloudflare connects
Warp daemon on a daemon establishes a application first pass over optimized transit back to the server over
server that is either persistent encrypted through the Cloudflare using Argo Smart the tunnel, even while
NAT’ed or behind a virtual tunnel with the data center closest to Routing to the the server remains
firewall and does not nearest Cloudflare data the visitor Cloudflare data center hidden
have a public IP address center connected to the tunnel
Cloudflare SSL for SaaS
Branded Visitor Experiences Rapid SSL Deployments
Full brand recognition for end users through a Cloudflare immediately transmits new certificate
1. Purchases requests, propagating them to the edge and
CNAME’d vanity URL.
SSL certificate bringing HTTPS online in less than 2 minutes on
from authority average.
SSL SSL
SFTP
1 Mitigate DDoS for TCP Protocols and Ports
SMTP Cloudflare Spectrum proxies all non-HTTPS TCP traffic through
SSH the same 120+ cloudflare data centers, ensuring protection
against DDoS attacks targeting layers 3 and 4 across open
ports.
SFTP
Encrypted
TCP Traffic SMTP 2
SSH
Client
Encrypt Non-HTTP/S TCP Traffic
Cloudflare Spectrum encrypts non-HTTP/S TCP traffic with
Universal SSL to protect against snooping of data in transit.
SFTP
10.0.0.1
SMTP
3
IP SSH
10.0.0.1
Client Block Traffic by IP or IP Range
Spectrum integrates with Cloudflare’s IP Firewall so that traffic
from specific IP or IP ranges can be dropped at the edge
Configuring Cloudflare
Customer & Cloudflare: Customer & Cloudflare: Cloudflare: Customer & Cloudflare:
● Orientation and ● Training session and ● Confirm proper setup ● Quarterly account
Introduction overview of all reviews
features Customer & Cloudflare:
Customer: ● Configure test Customer:
● Create CloudFlare Customer: environment ● Setup custom error
account ● Configure original ● Perform testing pages
● Import SSL visitor IP address ● Review contact and
certificates ● Ensure Cloudflare is Customer: escalation procedures
● Import DNS zone not rate limited or ● Enable Cloudflare DNS
data blocked ● Enable Cloudflare
HTTP proxy
Operation, Support & SLA
24/7/365 Support Role-based Account Access
We hope you never run into issues with For assistance with on-boarding,
Cloudflare, but incase you do, our 24/7/365 optimization, and technical support, our
email and emergency phone support hotline Enterprise customers receive named
is here to help. solutions and success engineers.
Other:
● PCI Compliance
● Enterprise IP ranges
● and more...
Thank you!