Recently, there are always buddies asking me, Cloudflare's high defense CDN can be used in China or not? Is the speed really as good as it is said to be? To be honest, I began to think about this problem five years ago, in the middle of the pit, paid tuition, and even because of the node pumping wind was almost sprayed into the sieve by the customer. Today I'll break up and talk about something real, and throw in some actual test data for your reference.
First dump conclusion: if you users all in the country, pure Chinese business, and extremely sensitive to the delay - then I advise you toDon't go into Cloudflare with your head in the sand.The first thing I'd like to do is to get a good deal on the DDoS. But if it's a cross-border business, or if you need to carry DDoS to the end of time, then it's really a cheap, big-bowl option.
Why is Cloudflare easy to use in China? The root cause is line scheduling, Cloudflare's Asian nodes are mainly concentrated in Tokyo, Singapore and Hong Kong, domestic access to a detour. I measured last month with the webmaster tool, telecom users run to Tokyo node average 180ms, Unicom a little better to 120ms, mobile is even more outrageous, occasionally can be assigned to Hong Kong direct connection, but the delay fluctuations with the electrocardiogram like.
The real-world data speaks for itself:I took the same static site on Cloudflare and a domestic “CDN5” to compare. I wrote a script in Python to send requests every half hour for a week:
The gap is almost catching up with the inter-provincial fugitives. What's even more disgusting is that during the evening rush hour, the latency of Cloudflare Hong Kong nodes can soar to 400ms+, and the page loading of a CSS can be stuck with three progress bars.
Cloudflare's free nodes are often load balanced, so if you're assigned to Los Angeles today, you may be assigned to Frankfurt tomorrow. I used the Dig command last year to track the resolution records, and within a week the same domain name was resolved out of 6 different IPs, belonging to North America, Europe and Asia. For domestic users, this is to open the blind box - draw to Japan nodes can tolerate, draw to the United States and the West directly into the PPT card.
But you're saying Cloudflare is worthless? That's not fair either.Its Anycast network anti-DDoS is really top notch. Last year, I had a project that was hit by a 300Gbps UDP flood, and it was automatically mitigated in 10 minutes after I threw it behind Cloudflare. Switching to a domestic vendor? I can't afford to pay a five-digit monthly fee for that kind of traffic. Moreover, their WAF rule base is updated very quickly, and the zero-day vulnerability often pushes the rules half a day earlier than the industry.
As for compliance... this is a deep pit. Cloudflare's domestic nodes are operated in cooperation with Baidu Cloud, but domain names must be filed for access. And the traffic routing mechanism is very mysterious: sometimes domestic users will be dispatched to the Baidu node, and sometimes somehow jump to the international node. I have measured the record domain name, about 70% request can fall in the domestic, the rest of the same drift to overseas.
If you have to mix domestic and foreign linesIf you're using a DNS server, try using a DNS split-line resolution. Domestic users should go to local providers like CDN5 or CDN07, while overseas users should go to Cloudflare, but pay attention to the problem of session consistency - users may lose their sessions due to node switching when they jump across borders, which was solved by using Nginx to make the session sticky:
Now talk about domestic alternatives. In addition to the well-known Tencent Cloud Aliyun, in fact, like “08Host” such niche vendors instead of surprise. They specialize in high defense lines, Ningbo BGP nodes can pressure to 30ms or less, and unlimited traffic. Price, the same protection specifications than the big manufacturers lower 40% or so, but the disadvantage is that the number of nodes is small, South China users may have to detour to Shanghai.
Finally, I'll give a storm theory:Choosing a CDN these days is like choosing a marriage partner - you can't just look at the family background (the number of features), but also the temperament (line quality).Cloudflare is an international superstar, but it doesn't work in China; domestic vendors look like local singers, but they'll be mute when they leave the country. My advice:
By the way, don't believe those tutorials about “one-click optimization of Cloudflare domestic speed”. Changing Hosts and choosing your own IPs doesn't work anymore. Nowadays, it's all about anycast network, and the nodes you choose manually may be covered by the routing policy in half an hour. I've tested more than a dozen so-called “optimized IPs”, and the average validity is less than two days.
There are no silver bullets on the Internet, and this is especially true of CDNs. The program that you feel fragrant today may collapse tomorrow because of the operator's one-size-fits-all approach. More testing, more preparation, more lying down - this is the survival philosophy of the old drivers.
