SlideShare a Scribd company logo

IDNOG3-Jimmy-CloudFlare

Jimmy Lim
Jimmy Lim

This document discusses Cloudflare's global network and the process of building and managing over 80 points of presence (PoPs). It outlines Cloudflare's global distributed network and anycast routing system, and describes the benefits this architecture provides including performance, resiliency, and mitigating attacks. It then details the strategic planning, challenges, and solutions involved in continuously deploying new PoPs around the world at a rate of one per week.

1 of 32
Download to read offline
Jimmy Halim IDNOG3 jhalim@cloudflare.com Jakarta, 28 July 2016 Building & Managing 80+ PoPs
Overview of CloudFlare
● 4+ million zones/domains ● 43+ billion DNS queries/day ● How? ○ Orange cloud ○ Global distributed network in 80+ locations Still growing fast! ○ Anycast routing Protect and accelerate any website online
Benefit of orange cloud ● Direct visitors to the nearest entry point ○ Fast! ■ Lesser hops ■ Reduced latency ■ Improved performance ● Save bandwidth! ○ Lesser requests to origin ■ Typically 50% of the resources on any given web page are cacheable ○ Mitigate malicious visitors or DDoS ■ Stop them before get to the origin web server ● Resiliency ○ 80+ locations!
Grey cloud vs orange cloud
Building like crazy
1 new PoP per week!
Strategic Planning ● Agreement/Negotiation ● Location ○ Peering Exchanges ○ Cost ○ Support ● Size ○ Traffic analysis ■ Number of Racks ■ Equipment types ■ Transits/Peering Exchanges ● How many? ● How big are the pipes?
Challenges ● Installation ○ Regulation ■ Import policy ○ Transits ■ Different carriers have different setup/policies ○ Language barriers ● Human factors ○ Configuration errors! ■ Anycast ● Traffic turnup ○ How to ensure it is not impacting ■ No outages please!
Solutions ● Out of band network is a must! ○ Acting as last resort ○ Upgrade/downgrade ○ Maintenances ● Configuration template ○ Auto configuration ■ Anycast! ○ Peer review ● Global Network Engineering ○ Round the clock deployment ■ Reduced bottleneck
Testing with providers ● Circuit testing ○ Point to point extended ping test ■ Test all physical ports ○ Failover Testing ■ Redundancy ● Do not create a blackhole instead! ● Use testing prefix ○ Global versus domestic ■ RIPE Atlas measurement ■ Public route servers ○ Good related BGP configuration ■ It does what is supposed to do
Traffic Turnup ● Do not send all prefixes at 1 go! ○ Start with few prefixes ○ Check the routing to these few prefixes ■ Global traffic analysis ● No big drop of traffic in other location ● Traffic comes from the right countries ○ Monitor for 24 hours ■ Confirms there are no anomalies observed ● On the new location ● Globally ○ Announce all prefixes ■ In batches ■ Repeat the same steps above!
Traffic Turnup ● Get the providers to be involved ○ Especially if it is a single homed ○ Inform them the schedule ■ Get them to understand what to expect ■ Troubleshoot and fix the problem faster! ○ Their users might be able to see problem faster
Managing 80+ PoPs
● 80+ locations ● 500+ transit/exchange ports ● 500+ network equipments ● Uncountable alerts! Challenges
Building Resilience Network ● Stable hardware and software ● Automatic configuration template/peer review ● Solid monitoring system ● Network automation ● Global network engineering
Hardware and Software ● Proper evaluation and testing ○ Fits requirement ○ Bugs free ○ Scalable ● Global standardization ○ Same models of hardware ○ Same software codes ● No mass software upgrade! ○ Small PoP first ○ Deploy in batches
Solid Monitoring System ● Reduced unwanted alerts ○ Only gets relevant alerts ○ Silence PoP/ports during maintenances ● Monitor the performance of transit providers ○ Detects packet loss on their backbone ○ Provides automatic related traceroutes ○ Actions based on severity ■ Disabling the PoP automatically ■ Disabling traffic on related transit provider automatically ■ Suggests on actions to do
Alerts Channel and Dashboard
Alerts Channel and Dashboard
Alerts Channel and Dashboard
Alerts Channel and Dashboard
Network Automation ● Open source recipe: napalm-salt ripe72-NetworkAutomation-SaltandNAPALM-MirceaUlinic-CloudFlare
Network Automation | NAPALM-Salt (examples) ● salt "edge*" net.cli "show version" ● salt -G "os:junos" net.cli "show chassis hardware” ● salt -G "os:iosxr" net.arp ● salt-run net.find [target_device] ● salt-run net.find [mac_address] ● salt-run bgp.neighbors [bgp_asn] ● salt [target_device] [anycast.disable | anycast.enable] ● salt [target_device] [transit.disable | transit.enable] [transit_name]
Network Automation | NAPALM-Salt (examples)
Global Network Engineering ● Follow the sun approach ○ San Francisco -> Singapore -> London -> San Francisco ● Doing all stuffs ○ Technical operations ○ Network engineering ○ Network expansion projects ○ New PoPs deployment ○ Peering stuffs ● Very fast response to network issues and escalation
Statistics
Indonesian’ Statistics
Q&A
IDNOG3-Jimmy-CloudFlare

Recommended

MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016
Jimmy Lim
 
Managing Global Distributed Network
Managing Global Distributed NetworkManaging Global Distributed Network
Managing Global Distributed Network
Jimmy Lim
 
Technical Debt: An Anycast Story
Technical Debt: An Anycast StoryTechnical Debt: An Anycast Story
Technical Debt: An Anycast Story
APNIC
 
Infrastructure as Code with Terraform: Koombea TechTalks
Infrastructure as Code with Terraform: Koombea TechTalksInfrastructure as Code with Terraform: Koombea TechTalks
Infrastructure as Code with Terraform: Koombea TechTalks
Koombea
 
Yipit - AWS Start-Up Customer
Yipit - AWS Start-Up Customer Yipit - AWS Start-Up Customer
Yipit - AWS Start-Up Customer Amazon Web Services
 
Oslo Vancouver Onboarding
Oslo Vancouver OnboardingOslo Vancouver Onboarding
Oslo Vancouver Onboarding
Ben Nemec
 
Suny oct 2012_the_hypergrid_is_ready_for_you_
Suny oct 2012_the_hypergrid_is_ready_for_you_Suny oct 2012_the_hypergrid_is_ready_for_you_
Suny oct 2012_the_hypergrid_is_ready_for_you_Maria Korolov
 
Why we need open systems, and how to create them in the era of the Cloud (Ops...
Why we need open systems, and how to create them in the era of the Cloud (Ops...Why we need open systems, and how to create them in the era of the Cloud (Ops...
Why we need open systems, and how to create them in the era of the Cloud (Ops...
Igalia
 

Recommended

MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016
Jimmy Lim
 
Managing Global Distributed Network
Managing Global Distributed NetworkManaging Global Distributed Network
Managing Global Distributed Network
Jimmy Lim
 
Technical Debt: An Anycast Story
Technical Debt: An Anycast StoryTechnical Debt: An Anycast Story
Technical Debt: An Anycast Story
APNIC
 
Infrastructure as Code with Terraform: Koombea TechTalks
Infrastructure as Code with Terraform: Koombea TechTalksInfrastructure as Code with Terraform: Koombea TechTalks
Infrastructure as Code with Terraform: Koombea TechTalks
Koombea
 
Yipit - AWS Start-Up Customer
Yipit - AWS Start-Up Customer Yipit - AWS Start-Up Customer
Yipit - AWS Start-Up Customer Amazon Web Services
 
Oslo Vancouver Onboarding
Oslo Vancouver OnboardingOslo Vancouver Onboarding
Oslo Vancouver Onboarding
Ben Nemec
 
Suny oct 2012_the_hypergrid_is_ready_for_you_
Suny oct 2012_the_hypergrid_is_ready_for_you_Suny oct 2012_the_hypergrid_is_ready_for_you_
Suny oct 2012_the_hypergrid_is_ready_for_you_Maria Korolov
 
Why we need open systems, and how to create them in the era of the Cloud (Ops...
Why we need open systems, and how to create them in the era of the Cloud (Ops...Why we need open systems, and how to create them in the era of the Cloud (Ops...
Why we need open systems, and how to create them in the era of the Cloud (Ops...
Igalia
 
IPv6 growth at Hurricane Electric’s AS6939
IPv6 growth at Hurricane Electric’s AS6939IPv6 growth at Hurricane Electric’s AS6939
IPv6 growth at Hurricane Electric’s AS6939
APNIC
 
Jumbo the Hadoop cluster bootstrapper
Jumbo the Hadoop cluster bootstrapperJumbo the Hadoop cluster bootstrapper
Jumbo the Hadoop cluster bootstrapper
Gauthier LEONARD
 
re:Invent 2018 recap
re:Invent 2018 recap re:Invent 2018 recap
re:Invent 2018 recap
Trent Hornibrook
 
Go frugal with web services
Go frugal with web servicesGo frugal with web services
Go frugal with web services
Daniel Fireman
 
Talend connect BE Vincent Harcq - Talend ESB - DI
Talend connect BE Vincent Harcq - Talend ESB - DITalend connect BE Vincent Harcq - Talend ESB - DI
Talend connect BE Vincent Harcq - Talend ESB - DI
Vincent Harcq
 
A Cheapskates Guide to AWS v2.0
A Cheapskates Guide to AWS v2.0A Cheapskates Guide to AWS v2.0
A Cheapskates Guide to AWS v2.0
Michael Soh
 
In-Store Analysis with Hadoop
In-Store Analysis with HadoopIn-Store Analysis with Hadoop
In-Store Analysis with Hadoop
Swiss Big Data User Group
 
Last Month in PHP - September 2016
Last Month in PHP - September 2016Last Month in PHP - September 2016
Last Month in PHP - September 2016
Eric Poe
 
LEXIA MÉXICO PyME
LEXIA MÉXICO PyMELEXIA MÉXICO PyME
LEXIA MÉXICO PyME
manu_facturas
 
Componentes de un ordenador
Componentes de un ordenadorComponentes de un ordenador
Componentes de un ordenador
Natii Atencio
 
Familia y Empresa: una alianza
Familia y Empresa: una alianza Familia y Empresa: una alianza
Familia y Empresa: una alianza Jaime Urcelay
 
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB sabinamora
 
Abhishek Patel Design Work Samples
Abhishek Patel Design Work SamplesAbhishek Patel Design Work Samples
Abhishek Patel Design Work Samples
Abhishek Patel LEED AP, IGBC AP
 
Presentación1
Presentación1Presentación1
Presentación1Héctor Alomnso
 
Losing the Document Battle? Alfresco, Drupal Combine for Solution
Losing the Document Battle? Alfresco, Drupal Combine for SolutionLosing the Document Battle? Alfresco, Drupal Combine for Solution
Losing the Document Battle? Alfresco, Drupal Combine for SolutionAcquia
 
Legislacion laboral
Legislacion laboralLegislacion laboral
Legislacion laboral
paovelandia12
 
Bigger Data For Your Budget
Bigger Data For Your BudgetBigger Data For Your Budget
Bigger Data For Your Budget
Hortonworks
 
Кафедра французской филологии
Кафедра французской филологииКафедра французской филологии
Кафедра французской филологии
ILMK
 
Customer data management - great tool for increasing sales
Customer data management - great tool for increasing salesCustomer data management - great tool for increasing sales
Customer data management - great tool for increasing sales
Максим Остархов
 
Sejarah perkembangan linguistik (ayu)
Sejarah perkembangan linguistik (ayu)Sejarah perkembangan linguistik (ayu)
Sejarah perkembangan linguistik (ayu)Watak Bulat
 
Student c
Student cStudent c
Student c
workrp80
 
Geopolitikfix2
Geopolitikfix2Geopolitikfix2
Geopolitikfix2
Dedep Tohpati
 

More Related Content

What's hot

IPv6 growth at Hurricane Electric’s AS6939
IPv6 growth at Hurricane Electric’s AS6939IPv6 growth at Hurricane Electric’s AS6939
IPv6 growth at Hurricane Electric’s AS6939
APNIC
 
Jumbo the Hadoop cluster bootstrapper
Jumbo the Hadoop cluster bootstrapperJumbo the Hadoop cluster bootstrapper
Jumbo the Hadoop cluster bootstrapper
Gauthier LEONARD
 
re:Invent 2018 recap
re:Invent 2018 recap re:Invent 2018 recap
re:Invent 2018 recap
Trent Hornibrook
 
Go frugal with web services
Go frugal with web servicesGo frugal with web services
Go frugal with web services
Daniel Fireman
 
Talend connect BE Vincent Harcq - Talend ESB - DI
Talend connect BE Vincent Harcq - Talend ESB - DITalend connect BE Vincent Harcq - Talend ESB - DI
Talend connect BE Vincent Harcq - Talend ESB - DI
Vincent Harcq
 
A Cheapskates Guide to AWS v2.0
A Cheapskates Guide to AWS v2.0A Cheapskates Guide to AWS v2.0
A Cheapskates Guide to AWS v2.0
Michael Soh
 
In-Store Analysis with Hadoop
In-Store Analysis with HadoopIn-Store Analysis with Hadoop
In-Store Analysis with Hadoop
Swiss Big Data User Group
 
Last Month in PHP - September 2016
Last Month in PHP - September 2016Last Month in PHP - September 2016
Last Month in PHP - September 2016
Eric Poe
 

What's hot (8)

IPv6 growth at Hurricane Electric’s AS6939
IPv6 growth at Hurricane Electric’s AS6939IPv6 growth at Hurricane Electric’s AS6939
IPv6 growth at Hurricane Electric’s AS6939
 
Jumbo the Hadoop cluster bootstrapper
Jumbo the Hadoop cluster bootstrapperJumbo the Hadoop cluster bootstrapper
Jumbo the Hadoop cluster bootstrapper
 
re:Invent 2018 recap
re:Invent 2018 recap re:Invent 2018 recap
re:Invent 2018 recap
 
Go frugal with web services
Go frugal with web servicesGo frugal with web services
Go frugal with web services
 
Talend connect BE Vincent Harcq - Talend ESB - DI
Talend connect BE Vincent Harcq - Talend ESB - DITalend connect BE Vincent Harcq - Talend ESB - DI
Talend connect BE Vincent Harcq - Talend ESB - DI
 
A Cheapskates Guide to AWS v2.0
A Cheapskates Guide to AWS v2.0A Cheapskates Guide to AWS v2.0
A Cheapskates Guide to AWS v2.0
 
In-Store Analysis with Hadoop
In-Store Analysis with HadoopIn-Store Analysis with Hadoop
In-Store Analysis with Hadoop
 
Last Month in PHP - September 2016
Last Month in PHP - September 2016Last Month in PHP - September 2016
Last Month in PHP - September 2016
 

Viewers also liked

LEXIA MÉXICO PyME
LEXIA MÉXICO PyMELEXIA MÉXICO PyME
LEXIA MÉXICO PyME
manu_facturas
 
Componentes de un ordenador
Componentes de un ordenadorComponentes de un ordenador
Componentes de un ordenador
Natii Atencio
 
Familia y Empresa: una alianza
Familia y Empresa: una alianza Familia y Empresa: una alianza
Familia y Empresa: una alianza Jaime Urcelay
 
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB sabinamora
 
Abhishek Patel Design Work Samples
Abhishek Patel Design Work SamplesAbhishek Patel Design Work Samples
Abhishek Patel Design Work Samples
Abhishek Patel LEED AP, IGBC AP
 
Losing the Document Battle? Alfresco, Drupal Combine for Solution
Losing the Document Battle? Alfresco, Drupal Combine for SolutionLosing the Document Battle? Alfresco, Drupal Combine for Solution
Losing the Document Battle? Alfresco, Drupal Combine for SolutionAcquia
 
Legislacion laboral
Legislacion laboralLegislacion laboral
Legislacion laboral
paovelandia12
 
Bigger Data For Your Budget
Bigger Data For Your BudgetBigger Data For Your Budget
Bigger Data For Your Budget
Hortonworks
 
Кафедра французской филологии
Кафедра французской филологииКафедра французской филологии
Кафедра французской филологии
ILMK
 
Customer data management - great tool for increasing sales
Customer data management - great tool for increasing salesCustomer data management - great tool for increasing sales
Customer data management - great tool for increasing sales
Максим Остархов
 
Sejarah perkembangan linguistik (ayu)
Sejarah perkembangan linguistik (ayu)Sejarah perkembangan linguistik (ayu)
Sejarah perkembangan linguistik (ayu)Watak Bulat
 
Student c
Student cStudent c
Student c
workrp80
 
Geopolitikfix2
Geopolitikfix2Geopolitikfix2
Geopolitikfix2
Dedep Tohpati
 
Redaccion
RedaccionRedaccion
Redaccion
Luis Huerfano
 
Kenali bentuk asas huruf
Kenali bentuk asas hurufKenali bentuk asas huruf
Kenali bentuk asas huruf
Aiza Husna A Rahim
 
The Year Book PR.ONE
The Year Book PR.ONEThe Year Book PR.ONE
The Year Book PR.ONE
Ardiansah Danus
 
Bid’ah, apakah itu
Bid’ah, apakah ituBid’ah, apakah itu
Bid’ah, apakah itu
Muhsin Hariyanto
 
Memahami Bacaan Shalat
Memahami Bacaan ShalatMemahami Bacaan Shalat
Memahami Bacaan Shalat
Azizi Ahmad
 
Career
CareerCareer
Career
Ali Smith
 

Viewers also liked (20)

LEXIA MÉXICO PyME
LEXIA MÉXICO PyMELEXIA MÉXICO PyME
LEXIA MÉXICO PyME
 
Componentes de un ordenador
Componentes de un ordenadorComponentes de un ordenador
Componentes de un ordenador
 
Familia y Empresa: una alianza
Familia y Empresa: una alianza Familia y Empresa: una alianza
Familia y Empresa: una alianza
 
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
Una Igualdad Merecida; Jacinta Martínez Sánchez 4ºB
 
Abhishek Patel Design Work Samples
Abhishek Patel Design Work SamplesAbhishek Patel Design Work Samples
Abhishek Patel Design Work Samples
 
Presentación1
Presentación1Presentación1
Presentación1
 
Losing the Document Battle? Alfresco, Drupal Combine for Solution
Losing the Document Battle? Alfresco, Drupal Combine for SolutionLosing the Document Battle? Alfresco, Drupal Combine for Solution
Losing the Document Battle? Alfresco, Drupal Combine for Solution
 
Legislacion laboral
Legislacion laboralLegislacion laboral
Legislacion laboral
 
Bigger Data For Your Budget
Bigger Data For Your BudgetBigger Data For Your Budget
Bigger Data For Your Budget
 
Кафедра французской филологии
Кафедра французской филологииКафедра французской филологии
Кафедра французской филологии
 
Customer data management - great tool for increasing sales
Customer data management - great tool for increasing salesCustomer data management - great tool for increasing sales
Customer data management - great tool for increasing sales
 
Sejarah perkembangan linguistik (ayu)
Sejarah perkembangan linguistik (ayu)Sejarah perkembangan linguistik (ayu)
Sejarah perkembangan linguistik (ayu)
 
Student c
Student cStudent c
Student c
 
Geopolitikfix2
Geopolitikfix2Geopolitikfix2
Geopolitikfix2
 
Redaccion
RedaccionRedaccion
Redaccion
 
Kenali bentuk asas huruf
Kenali bentuk asas hurufKenali bentuk asas huruf
Kenali bentuk asas huruf
 
The Year Book PR.ONE
The Year Book PR.ONEThe Year Book PR.ONE
The Year Book PR.ONE
 
Bid’ah, apakah itu
Bid’ah, apakah ituBid’ah, apakah itu
Bid’ah, apakah itu
 
Memahami Bacaan Shalat
Memahami Bacaan ShalatMemahami Bacaan Shalat
Memahami Bacaan Shalat
 
Career
CareerCareer
Career
 

Similar to IDNOG3-Jimmy-CloudFlare

Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016
Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016
Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016
Netgate
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
Jimmy Lim
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
CTruncer
 
OpenFlow @ Google
OpenFlow @ GoogleOpenFlow @ Google
OpenFlow @ Google
Open Networking Summits
 
Architecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worstArchitecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worst
Cotap Engineering
 
Build real time stream processing applications using Apache Kafka
Build real time stream processing applications using Apache KafkaBuild real time stream processing applications using Apache Kafka
Build real time stream processing applications using Apache Kafka
Hotstar
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practice
Jimmy Lim
 
Monitoring and automation
Monitoring and automationMonitoring and automation
Monitoring and automation
Ricardo Bánffy
 
Keeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersKeeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your Customers
Cloudflare
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @Zynga
Mike Belshe
 
Architecting for the Cloud: Hoping for the Best, Prepared for the Worst
Architecting for the Cloud: Hoping for the Best, Prepared for the WorstArchitecting for the Cloud: Hoping for the Best, Prepared for the Worst
Architecting for the Cloud: Hoping for the Best, Prepared for the Worst
martincozzi
 
Computer network (7)
Computer network (7)Computer network (7)
Computer network (7)
NYversity
 
Kraken mesoscon 2018
Kraken mesoscon 2018Kraken mesoscon 2018
Kraken mesoscon 2018
joeyzhang1989928
 
University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)
Mike Belshe
 
haproxy_Load_Balancer.pptx
haproxy_Load_Balancer.pptxhaproxy_Load_Balancer.pptx
haproxy_Load_Balancer.pptx
crezzcrezz
 
haproxy_Load_Balancer.pdf
haproxy_Load_Balancer.pdfhaproxy_Load_Balancer.pdf
haproxy_Load_Balancer.pdf
crezzcrezz
 
Skydive 31 janv. 2016
Skydive 31 janv. 2016Skydive 31 janv. 2016
Skydive 31 janv. 2016
Sylvain Afchain
 
PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)
David Timothy Strauss
 
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Martin Spier
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0
Mike Belshe
 

Similar to IDNOG3-Jimmy-CloudFlare (20)

Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016
Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016
Traffic Shaping Basics with PRIQ - pfSense Hangout February 2016
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
OpenFlow @ Google
OpenFlow @ GoogleOpenFlow @ Google
OpenFlow @ Google
 
Architecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worstArchitecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worst
 
Build real time stream processing applications using Apache Kafka
Build real time stream processing applications using Apache KafkaBuild real time stream processing applications using Apache Kafka
Build real time stream processing applications using Apache Kafka
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practice
 
Monitoring and automation
Monitoring and automationMonitoring and automation
Monitoring and automation
 
Keeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersKeeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your Customers
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @Zynga
 
Architecting for the Cloud: Hoping for the Best, Prepared for the Worst
Architecting for the Cloud: Hoping for the Best, Prepared for the WorstArchitecting for the Cloud: Hoping for the Best, Prepared for the Worst
Architecting for the Cloud: Hoping for the Best, Prepared for the Worst
 
Computer network (7)
Computer network (7)Computer network (7)
Computer network (7)
 
Kraken mesoscon 2018
Kraken mesoscon 2018Kraken mesoscon 2018
Kraken mesoscon 2018
 
University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)University of Delaware - Improving Web Protocols (early SPDY talk)
University of Delaware - Improving Web Protocols (early SPDY talk)
 
haproxy_Load_Balancer.pptx
haproxy_Load_Balancer.pptxhaproxy_Load_Balancer.pptx
haproxy_Load_Balancer.pptx
 
haproxy_Load_Balancer.pdf
haproxy_Load_Balancer.pdfhaproxy_Load_Balancer.pdf
haproxy_Load_Balancer.pdf
 
Skydive 31 janv. 2016
Skydive 31 janv. 2016Skydive 31 janv. 2016
Skydive 31 janv. 2016
 
PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)
 
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0
 

IDNOG3-Jimmy-CloudFlare

  • 1. Jimmy Halim IDNOG3 jhalim@cloudflare.com Jakarta, 28 July 2016 Building & Managing 80+ PoPs
  • 3. ● 4+ million zones/domains ● 43+ billion DNS queries/day ● How? ○ Orange cloud ○ Global distributed network in 80+ locations Still growing fast! ○ Anycast routing Protect and accelerate any website online
  • 4. Benefit of orange cloud ● Direct visitors to the nearest entry point ○ Fast! ■ Lesser hops ■ Reduced latency ■ Improved performance ● Save bandwidth! ○ Lesser requests to origin ■ Typically 50% of the resources on any given web page are cacheable ○ Mitigate malicious visitors or DDoS ■ Stop them before get to the origin web server ● Resiliency ○ 80+ locations!
  • 5. Grey cloud vs orange cloud
  • 7. 1 new PoP per week!
  • 8. Strategic Planning ● Agreement/Negotiation ● Location ○ Peering Exchanges ○ Cost ○ Support ● Size ○ Traffic analysis ■ Number of Racks ■ Equipment types ■ Transits/Peering Exchanges ● How many? ● How big are the pipes?
  • 9. Challenges ● Installation ○ Regulation ■ Import policy ○ Transits ■ Different carriers have different setup/policies ○ Language barriers ● Human factors ○ Configuration errors! ■ Anycast ● Traffic turnup ○ How to ensure it is not impacting ■ No outages please!
  • 10. Solutions ● Out of band network is a must! ○ Acting as last resort ○ Upgrade/downgrade ○ Maintenances ● Configuration template ○ Auto configuration ■ Anycast! ○ Peer review ● Global Network Engineering ○ Round the clock deployment ■ Reduced bottleneck
  • 11. Testing with providers ● Circuit testing ○ Point to point extended ping test ■ Test all physical ports ○ Failover Testing ■ Redundancy ● Do not create a blackhole instead! ● Use testing prefix ○ Global versus domestic ■ RIPE Atlas measurement ■ Public route servers ○ Good related BGP configuration ■ It does what is supposed to do
  • 12. Traffic Turnup ● Do not send all prefixes at 1 go! ○ Start with few prefixes ○ Check the routing to these few prefixes ■ Global traffic analysis ● No big drop of traffic in other location ● Traffic comes from the right countries ○ Monitor for 24 hours ■ Confirms there are no anomalies observed ● On the new location ● Globally ○ Announce all prefixes ■ In batches ■ Repeat the same steps above!
  • 13. Traffic Turnup ● Get the providers to be involved ○ Especially if it is a single homed ○ Inform them the schedule ■ Get them to understand what to expect ■ Troubleshoot and fix the problem faster! ○ Their users might be able to see problem faster
  • 15. ● 80+ locations ● 500+ transit/exchange ports ● 500+ network equipments ● Uncountable alerts! Challenges
  • 16. Building Resilience Network ● Stable hardware and software ● Automatic configuration template/peer review ● Solid monitoring system ● Network automation ● Global network engineering
  • 17. Hardware and Software ● Proper evaluation and testing ○ Fits requirement ○ Bugs free ○ Scalable ● Global standardization ○ Same models of hardware ○ Same software codes ● No mass software upgrade! ○ Small PoP first ○ Deploy in batches
  • 18. Solid Monitoring System ● Reduced unwanted alerts ○ Only gets relevant alerts ○ Silence PoP/ports during maintenances ● Monitor the performance of transit providers ○ Detects packet loss on their backbone ○ Provides automatic related traceroutes ○ Actions based on severity ■ Disabling the PoP automatically ■ Disabling traffic on related transit provider automatically ■ Suggests on actions to do
  • 19. Alerts Channel and Dashboard
  • 20. Alerts Channel and Dashboard
  • 21. Alerts Channel and Dashboard
  • 22. Alerts Channel and Dashboard
  • 23. Network Automation ● Open source recipe: napalm-salt ripe72-NetworkAutomation-SaltandNAPALM-MirceaUlinic-CloudFlare
  • 24. Network Automation | NAPALM-Salt (examples) ● salt "edge*" net.cli "show version" ● salt -G "os:junos" net.cli "show chassis hardware” ● salt -G "os:iosxr" net.arp ● salt-run net.find [target_device] ● salt-run net.find [mac_address] ● salt-run bgp.neighbors [bgp_asn] ● salt [target_device] [anycast.disable | anycast.enable] ● salt [target_device] [transit.disable | transit.enable] [transit_name]
  • 25. Network Automation | NAPALM-Salt (examples)
  • 26. Global Network Engineering ● Follow the sun approach ○ San Francisco -> Singapore -> London -> San Francisco ● Doing all stuffs ○ Technical operations ○ Network engineering ○ Network expansion projects ○ New PoPs deployment ○ Peering stuffs ● Very fast response to network issues and escalation
  • 28.
  • 29.
  • 31. Q&A