So I currently rent data center space which includes 100Mbps (95th%) on a 1Gbit drop in a full rack with 4kW of power for about $500/month. Interconnects within the building (an IX where CloudFlare resides) I think cost maybe $100 a month or in that range.
Since CloudFlare apparently doesn’t charge for peering, does that mean I can rent the fiber for $100/mo and get a interconnect into CloudFlare’s backbone, and gain access to publically routable unmetered 10GBe with my own IP cloaked behind CloudFlare?
Obviously at some point they have to charge for bandwidth, maybe I’m just wildly misunderstanding the offering, but where does pricing come in?
> Since CloudFlare apparently doesn’t charge for peering, does that mean I can rent the fiber for $100/mo and get a interconnect into CloudFlare’s backbone, and gain access to publically routable unmetered 10GBe with my own IP cloaked behind CloudFlare?
They don't charge for peering with their network but you won't get access to the Internet.
Pricing is packaged with existing Cloudflare products; this isn't a standalone offering.
If you're already using existing Cloudflare products, this is a potential upgrade, or you can bundle it with the purchase of other Cloudflare products, but you can't get just the interconnect alone.
That solution, yes, but this is specifically peering for origins that are behind their proxy defense product. They won't route traffic that's not destined for their IP ranges. Further, they'll probably only advertise their backend ranges so you won't even be able to get the front of other CF-hosted sites.
I can see how this can be quite successful. On the one hand, private interconnect from your DC to a nearby Cloudflare PoP can be cheaper per Mbps or Gbps of bandwidth provisioned and hence can help reduce your overall network bandwidth costs. But on the other hand, you have to pay Cloudflare for their services and since they are bundling a lot of complex services they can justify charging a lot more than what a typical ISP's fees per Mbps of Internet would be.
If they succeed in attracting a lot customers to ride on their private network across any geography, over time their network will have the same jitter performance issues like Internet. If they grow too big, then they would have effectively privatized large parts of the Internet. That cannot be good for anyone.
I really love this offering and I don't think it gets enough attention. We are an on-prem company and we use CloudFlare. Our users pay for that latency (in time) for us to traverse our IP providers to get to a CF pop. Since all our traffic goes over CF, directly connecting makes a lot more sense. I'm going to investigate further for the latency benefits.
I've also backhauled lots of IP over the years and it can be a real pain. Fiber cuts are common, keeping redundant wave service or dark fiber drives up the cost, and in the end, its often cheaper to hand off to an IP providers meshed network, then to backhaul any distance for latency.
Generally, peering is how we connect with network providers like ISPs. CNI is for Cloudflare customers. Technically, they're trying to accomplish the same thing. Logistically, the way they're done could be the same — through a private network interface (a piece of fiber between our network and our peer or customer's) — or could be different (e.g., we'd be more likely to connect to a peer over an Internet Exchange (IX) where we'd be more likely to connect with a customer over a cloud network exchange). We generally hadn't offered peering or any other way to directly connect to Cloudflare's network to anyone but our largest customers in the past. CNI opens up who can take advantage of this faster, more secure, more consistent path much more broadly.
It's fantastic that Cloudflare is offering this. You might want to reconsider calling it CNI, or at least clarify that CNI is just an umbrella term for PNI and/or public peering. I'm the person that handles the PNI/IX stuff and after reading the article but before reading your comment I wasn't 100% sure if CNI was something Cloudflare specific (which we wouldn't immediately adopt) or PNI/public peering at an IX (which we would).
Due to the focus on security, I'm curious about customer isolation here. When you do interconnect with a cloud provider, it's traditionally into a VPC. Does cloudflare have a similar concept in play?
How, for example, am I prevented from setting up a CDN configuration and/or EdgeWorker that talks to someone else's "private" (or non-internet routable) IP addresses? From the article it sounds like edge nodes have routeability to them, so is there some additional layer of packet encapsulation/tagging or something performed by proxy server?
Specific isolation mechanisms depend on what products a customer is using. In general, there is additional encapsulation happening as data is ingested and before it's sent onward to customers.
An ISP is an Internet Service Provider. Cloudflare wants people to use their services and boasts that these are "safe" because you're not "directly exposed" to the Internet. In other words, they're proprietary.
The problem with all of this, regardless of whether Cloudflare is good or evil, is that it's a huge tie-in. Once companies are using some or all of Cloudflare's offerings, they're stuck. Should Cloudflare go down, there's nothing anyone can do but wait.
Also, when companies have deployed proprietary, non-standard solutions, moving will be expensive and arduous, and Cloudflare will jack up prices.
They're not becoming an ISP at all. They're becoming a service provider, sure, but of proprietary stuff intended to lock people in to using them and only them.
You are right. They are renting dumb fiber interconnects between their PoPs, their datacenters and to various IXs and then they are asking their customers to rent dumb fiber interconnects from their offices and datacenters to connect with nearest Cloudflare PoPs and then use their proprietary services within that network, usually to reach eyeball networks (the end user ISPs).
In this way, they slowly become the largest customer of transit ISPs and become the largest content providers for eyeball-ISPs. Once they get into this dominating position, they can pretty much command those ISPs on price and terms.
They're just a private, more efficient network than the internet. I wouldn't really call this proprietary lock-in - they just accept and deliver packets over IP. There should be lots of these networks (admittedly, there aren't...).
If anything, this Cloudflare Network Interconnect thing makes them less proprietary. Now you are on the same playing field as the services hosted inside their own network - you could, for example, set up your own network of datacenters and make your own CDN on top of the Cloudflare network.
> Magic Transit attracts customers’ IP traffic to our data centers by advertising their IP addresses from our edge via BGP. When traffic arrives, it’s filtered and sent along to customers’ data centers.
If they're passing traffic back and forth between the Internet and your datacenter through a direct connection you have to Cloudflare, then that doesn't seem to be very far away from CF being an ISP.
They already have the huge network, all you need is to set up a peering connection to them and have the CF enterprise plan and you can serve out traffic to the Internet via their network.
An image on the page has some weird text that seems to say milliseconds-squared: "The variation in delay of received packets (or jitter) decreased from 82.9ms² to 0.3ms²". Maybe they are quoting variance instead of standard deviation?
Would you rather drive from LA to SF by driving straight north? Or would you like to make a pit stop in Dallas first?
Same principle applies. Lower latency if you have a direct connection. It makes sense when you send a lot of traffic between the two locations and don’t want a lot of hops.
It's a similar concept, except for a couple of key things:
1) It's not virtual: it's a physical interconnect between two networks.
2) It doesn't allow for public internet connectivity out. So this is basically a way for customers to connect their networks to Cloudflare's to receive the benefits of our DDoS protection, firewalls, cache pulls, etc.
But it does allow for traffic to flow back from Cloudflare to a connected network over a dedicated link (which can, and often is private).
"As we continue to invest in our business, we have incurred net losses of $17.3 million, $10.7 million, and $87.2 million for 2016, 2017, and 2018, respectively. For the six months ended June 30, 2018 and 2019, our revenue increased from $87.1 million to $129.2 million, an increase of 48%, and we incurred net losses of $32.5 million and $36.8 million, respectively. "
The fact that they are injecting themselves into more and more basic internet infrastructure is genuinely scary.
That's a misunderstanding of how companies at this phase of growth work. They are only "loosing" money because they invest so much in growth. If they slowed down growth, they could be profitable (they have 78% gross margins), but over time, it creates more value to keep investing at this phase of things and become profitable later, when they're more mature and the land-grab phase is over.
I'm not sure I understand how that's different than what GP is saying.
Cloudflare is aggressively investing into growth during the 'land-grab' phase of development so that they can become one of, if not the, dominant player in regards to this kind of core Internet infrastructure. They view the 'land' of Internet infrastructure as a limited resource, and they want to own all of it.
I'm seeing a comparison to Amazon, but that doesn't make me feel better. Amazon's aggressive expansion has been a net negative for multiple segments of the market -- particularly e-books and audio books.
What makes Cloudflare's growth strategy less concerning when compared to companies like Amazon and Uber? Aren't they all still basically trying to become indispensable private monopolies within their given niches?
They make a profit of 30 million in 6 months before Sales and marketing expenses. So they charge more money than it costs to provide their services.
When you look at Sales/Marketing expenses it changes depending on your perspective (and underlying facts). It could be that they are spending ~60 million a year to get ~100 million NPV worth of customers. In that case, they're not losing money. They're making an investment that will return cash in future years. On the other hand, that 60 million could represent a bunch of discounts and incentives. Then they'd be selling $1 worth of stuff for $0.90 and once they stop doing that their market share evaporates.
Amazon has historically lost money yearly while investing in their business. A lot of Cloudflare's various new inroads offer a lot of areas they can charge money. My guess is they could turn on the profit faucet whenever they want to.
Of course, for that reason it may also be uncomfortable to jump on some Cloudflare products: Presumably some prices are going to go up sooner or later.
Since CloudFlare apparently doesn’t charge for peering, does that mean I can rent the fiber for $100/mo and get a interconnect into CloudFlare’s backbone, and gain access to publically routable unmetered 10GBe with my own IP cloaked behind CloudFlare?
Obviously at some point they have to charge for bandwidth, maybe I’m just wildly misunderstanding the offering, but where does pricing come in?