Blog Post

CloudFlare is trying to fight DDoS attacks by designing its own gear

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

It’s not just the big boys like Google, Facebook and Netflix that are building their own gear these days. CloudFlare, the popular web-performance and security startup is also getting into the act with its own custom-built server and, possibly, switches.

CloudFlare Founder and CEO Matthew Prince detailed the problems the company is trying to solve in a blog post earlier this week. In a nutshell, although its network edge that spans 23 data centers is (usually) capable of handling most traditional DDoS attacks, there are a couple types of attacks that target different bottlenecks at the local area network level. In these cases, the 1 Gbps networks ports on CloudFlare’s servers can get overwhelmed, as can the processors themselves.

Of course, when you’re running a multitenant cloud-based service like CloudFlare is, these types of events take on a different urgency:

“Both these problems are annoying if it affects the customer under attack, but it is unacceptable it spills over and affects customers who are not under attack. To ensure that would never happen, we needed to find a way to both increase network capacity and ensure that customer attacks were isolated from one another.”

So, over the course of 2012, CloudFlare spent its time working on what it calls “Project Bondage.” Essentially, that meant configuring the individual ports to look and act like a single port capable of handling much more bandwidth, and then reworking the CloudFlare operating system to prevent external CPU-level attacks from affecting internal workloads.

But the company didn’t stop there. Prince wrote in the blog that CloudFlare’s next-generation servers feature 10 Gbps ports to significantly increase network bandwidth even without port bonding. In an email, he confirmed that rather than use off-the-shelf servers as it has been doing, CloudFlare’s “G4” servers were designed in tandem with and built by Quanta, the same company that builds Facebook’s servers as well as servers for other large web companies.

CloudFlare still uses off-the-shelf Juniper switches but, Prince added, “[W]e’re tinkering.”

Feature image courtesy of Shutterstock user teflon_timmy.

2 Responses to “CloudFlare is trying to fight DDoS attacks by designing its own gear”

  1. Cloudflare is a SaaS (IaaS) company so you might assume all their efforts go into the software components, but this demonstrates that significant competitive advantages can be built up through other areas too. In this case it’s custom built routers (involving both hardware and software) but other companies could do similar things in how hardware is deployed, OS tweaks, own design components or tools, etc.

    It’s a lot harder to copy these things so all goes towards making a company more competitive (and valuable).