1

I recently set up cloudflare on a new site I'm about to launch. I ran some benchmarks with it on and with it off and the output is extremely troubling. Does this make sense to anyone?

Before when I ran the Apache benchmark utility with this: 

ab -kc 10 -t 10 http://<site_url>

I got an output of:

Requests per second: 94.79 [#/sec] (mean)

Now I get an output of

Requests per second: 18.32 [#/sec] (mean)

Just to make sure no new settings are conflicting with benchmark I ran it again with the hostname thats under cloudflare and the one thats not. Still got the same thing.

Is this releated to the way your geo located dns servers work and not a bottle neck in cloudflare?

I was thinking it would cache the js, css, and image files and leave the php scripts alone. But there seems to be something else going on that cause it to choke when i run a benchmark against the site.

Also a little disturbing is the output of the request time.

Here is with out cloadflare: 

Percentage of the requests served within a certain time (ms)
50% 104 
66% 109 
75% 112 
80% 114 
90% 121 
95% 129 
98% 142 
99% 150 
100% 158 (longest request)

This is with:

Percentage of the requests served within a certain time (ms)
50% 103 
66% 114 
75% 122 
80% 129 
90% 3076
95% 3093 
98% 3112 
99% 3128 
100% 9146 (longest request)

The only thing I can think of is the security stuff is blocking the multiple requests. If so, then as long as 'real' end users wouldn't notice I'm ok. Just trying to better understand how this will effect the site once its done and goes live.

Sathyajith Bhat
  • 286
  • 1
  • 5
  • 23
dbers
  • 158
  • 4

2 Answers2

1

Cloudflare uses a proxy server system to "optimize" your site: If your site is set up to be "optimized" then whenever you access that site from an internet browser, it will come up as cloudflare's IP. (Try pinging www.website.com that's used by cloudflare and maybe make a direct.website.com that's a direct to your IP. You'll notice that first, the IPs are different.

Pinging my website (www is direct, www1 is through Cloudflare, my ping times to the direct server are 12 ms avg. The ones through cloudflare (thus only pinging cloudflare's server) is 232 ms avg.) So the ping times with using cloudflare are often higher. Page load times are hopefully shortened, since much of the content on your site (if it's set in cloudflare's settings) is cached, and will load faster, if cloudflare's servers are faster and/or have better net connection than yours.

I personally don't think cloudflare's proxy option is good, though it is much more secure, it makes server logs illegitimate (only showing up under cloudflare's list of IPs). Some requests don't even appear since they are cached.

You are correct that cloudflare does block some of the multiple requests, if they are from the same IP and in a short amount of time, though I have no solid proof of this, I've noticed this trend too.

And maybe if you have a lot of options on the site enabled, it has to check for certain aspects, as noted by the options in the cloudflare config system. (Has to check against blacklist, has to proxy, has to look for google analytics, make sure the javascript and images is compressed, etc.

Overall opinion: use it if you need it otherwise just go direct.

U4iK_HaZe
  • 631
  • 5
  • 13
  • Thanks for the info. I switched my DNS back to my original servers. Since my current site is pretty fast, even under load, i'm going to wait till have actual issues. I was interested in the security part but not if my page requests can go from 0.1 seconds to 9 seconds. – dbers Sep 15 '11 at 16:06
1

I have this same problem with cloudflare. My browser will sometimes take 10-12 seconds just to connect to their server when direct does not have this issue.

Your best bet is to use mtr and check the hops to your site. You won't be able to look up the location of the ips and as far as I can tell you just have to guess as to the airport naming codes they use in their dns names. sfo - san fran, sjc - san jose, etc.

Contrary to what HaZe says you can get the actual IP if your visitors but you must set this up yourself. I'm using nginx and have the set_real_ip directive in place and it works fine.

Cloudflare's security seems to be ok, but even on the Low setting a few legitimate users have been blocked from viewing my site. Unfortunately being on cloudflare seems to make my site a lot more susceptible to DOS attacks as DDOSers seem to like to target them and their datacenters. My site was knocked offline for a a good 30 minutes or so due to an attack on one of their datacenters that they were not able to mitigate.

The support also seems sub-par. Upon asking about any of the above it's generally pulling teeth or a blanket "nothings wrong on our end check this wiki page" responses. For the most part you are better off figuring it out yourself, but for something as mission critical as this it is frustrating.

For $20/month you really can't beat it, especially if you are serving a lot of data as they will offload this for a fraction of the cost. Their block by country feature is also worth the $20/month in itself.

I certainly hope over the next year they are able to diversify their offerings and drop the CDN aspect of the business and focus on the security portion.

As for the blocking, under the control panel add whatever IPs you are testing to the whitelist and this should help.

pablo
  • 3,020
  • 1
  • 18
  • 23
  • Thanks for the info. I switched my DNS back to my original servers. Since my current site is pretty fast, even under load, i'm going to wait till have actual issues. I was interested in the security part but not if my page requests can go from 0.1 seconds to 9 seconds. – dbers Sep 15 '11 at 16:06