CloudFlare is trying to fight DDoS attacks by designing its own gear

bottleneck

It’s not just the big boys like Google, Facebook and Netflix that are building their own gear these days. CloudFlare, the popular web-performance and security startup is also getting into the act with its own custom-built server and, possibly, switches.

CloudFlare Founder and CEO Matthew Prince detailed the problems the company is trying to solve in a blog post earlier this week. In a nutshell, although its network edge that spans 23 data centers is (usually) capable of handling most traditional DDoS attacks, there are a couple types of attacks that target different bottlenecks at the local area network level. In these cases, the 1 Gbps networks ports on CloudFlare’s servers can get overwhelmed, as can the processors themselves.

Of course, when you’re running a multitenant cloud-based service like CloudFlare is, these types of events take on a different urgency:

“Both these problems are annoying if it affects the customer under attack, but it is unacceptable it spills over and affects customers who are not under attack. To ensure that would never happen, we needed to find a way to both increase network capacity and ensure that customer attacks were isolated from one another.”

So, over the course of 2012, CloudFlare spent its time working on what it calls “Project Bondage.” Essentially, that meant configuring the individual ports to look and act like a single port capable of handling much more bandwidth, and then reworking the CloudFlare operating system to prevent external CPU-level attacks from affecting internal workloads.

But the company didn’t stop there. Prince wrote in the blog that CloudFlare’s next-generation servers feature 10 Gbps ports to significantly increase network bandwidth even without port bonding. In an email, he confirmed that rather than use off-the-shelf servers as it has been doing, CloudFlare’s “G4″ servers were designed in tandem with and built by Quanta, the same company that builds Facebook’s servers as well as servers for other large web companies.

CloudFlare still uses off-the-shelf Juniper switches but, Prince added, “[W]e’re tinkering.”

Feature image courtesy of Shutterstock user teflon_timmy.

loading

Comments have been disabled for this post