[HN Gopher] CloudFront vs. Cloudflare, and how to reduce respons...
___________________________________________________________________
CloudFront vs. Cloudflare, and how to reduce response times for
both
Author : akshaykumar90
Score : 131 points
Date : 2022-10-20 14:45 UTC (8 hours ago)
(HTM) web link (www.foxy.io)
(TXT) w3m dump (www.foxy.io)
| rafaelturk wrote:
| IMO Perfomance wise CloudFront and Cloudfront are quite similar.
|
| I've migrated from CloudFront+AWS WAF to just CloudFlare given
| Cloudflare's superior (100x better) WAF/Firewall/DDOS protection
| at a lower cost
| zoover2020 wrote:
| Out of curiosity, what makes Clousflare's WAF so much better?
| jedifans wrote:
| The ability to scan the whole of a request body rather than
| just the first 8kB.
| hnov wrote:
| TLDR, adding an "edge" in front of your application incurs a
| connection setup cost which can be 2-3x RTT and is especially
| noticeable when you don't have a large QPS and are in a region
| like APAC where geographically close networks often have high
| latencies between each other. Both Argo and OriginShield seem to
| pool more aggressively, often going cross-datacenter to avoid
| hitting origin which sometimes saves this setup cost by
| coalescing onto warm connections, but only sometimes (notice how
| spiky their Argo graphs are, the p90 request is probably no
| faster than before).
| collaborative wrote:
| Surely the cost is offset by cached responses?
| Drybones wrote:
| I'd like to see more detailed comparisons between providers like
| Akamai, Fastly, CDN77, KeyCDN, StackPath, etc
| cagenut wrote:
| now do fastly
| alberth wrote:
| If you host on Cloudflare Pages, does enabling Argo have any
| benefit?
| LukeLambert wrote:
| No, Argo optimizes the route of traffic from the edge (your
| closest Cloudflare data center) to the origin (the server
| hosting your website). With Pages, everything is served from
| the edge.
| caseydm wrote:
| Anybody using Cloudflare to cache an API that serves JSON?
| Thinking about setting that up.
| pier25 wrote:
| If you're using the CDN by default it won't cache dynamic URLs.
| I'm 99% sure it will cache static .json files though, if that
| can work for you.
|
| You can also create "page rules" using wildcards to cache
| dynamic URLs. Eg: /api/*
|
| Another option is to use Workers to fetch from origin and
| interact with the cache with more control.
| yamtaddle wrote:
| Depending on what you're doing with it, that may technically be
| against the TOS on _any_ of their "self-serve" plans,
| including the paid ones. You might get away with it anyway,
| especially if your traffic is low, but you'd be rolling the
| dice.
| Matheus28 wrote:
| If it's consumed by a web app, doesn't it make it okay?
| Otherwise any api behind cloudflare would be violating the
| TOS...
|
| > 2.8 Limitation on Serving Non-HTML Content The Services are
| offered primarily as a platform to cache and serve web pages
| and websites. Unless explicitly included as part of a Paid
| Service purchased by you, you agree to use the Services
| solely for the purpose of (i) serving web pages as viewed
| through a web browser or other functionally equivalent
| applications, including rendering Hypertext Markup Language
| (HTML) or other functional equivalents, and (ii) serving web
| APIs subject to the restrictions set forth in this Section
| 2.8. Use of the Services for serving video or a
| disproportionate percentage of pictures, audio files, or
| other non-HTML content is prohibited, unless purchased
| separately as part of a Paid Service or expressly allowed
| under our Supplemental Terms for a specific Service. If we
| determine you have breached this Section 2.8, we may
| immediately suspend or restrict your use of the Services, or
| limit End User access to certain of your resources through
| the Services.
| yamtaddle wrote:
| _Probably_ OK, but access it from Electron (let alone
| fully-native apps) and now you may not technically not be
| OK anymore-- _is_ that functionally equivalent to a web
| browser? Hard to say. And much of the benefit of web APIs,
| versus just serving pages and HTML fragments, is being able
| to serve those kinds of heterogenous clients, or to allow
| access to 3rd parties, and who knows _what_ they might use
| to access it, so... yeah, you can push low-usefulness
| (browser-only, first-party-use-only) web APIs through
| Cloudflare and you 're likely in the clear, but go beyond
| that and it gets murky fast.
|
| And even then, the web API thing is subject to the rest of
| the restrictions in that same section ("serving web APIs
| subject to the restrictions set forth in this Section 2.8")
| so "serving video or a disproportionate percentage of
| pictures, audio files, _or other non-HTML content_ is
| prohibited " (emphasis mine) meaning that if too much of
| your traffic is JSON or protobufs or what have you, they
| _could_ send you a nastygram or simply cut you off, though
| they might _choose_ not to.
|
| Personally, I'd not rely on Cloudflare's free or $20 plans
| past MVP/experimentation or hobbyist use, precisely because
| the terms are restrictive and vague. Too risky. Then again,
| what can you expect for nothing-to-peanuts prices?
| ComputerGuru wrote:
| We do that with CloudFront. Default is no cache, but some API
| responses specifically enable caching in the response headers
| (mainly the version check API).
| avereveard wrote:
| I did. If you need eviction, things get either suboptimal,
| complicated or costly. If you don't need that the only other
| thing to watch out is the upload size limit, and we'll only if
| that is ever relevant to you. You might want a direct endpoint
| for these.
| throwthere wrote:
| The conclusion is for an origin server halfway across the world
| from your users, CloudFront with Origin Shield is basically
| equivalent to CloudFlare with Argo (latency).
|
| The other takeaway is AWS documentation is kind of dodgy for some
| services. But basically everyone knows that already.
| bushbaba wrote:
| Now that CloudFront has greatly improved its performance, what's
| the pitch for using CloudFlare over it?
| stevewatson301 wrote:
| Origin shield is quite pricey; Argo tiered caching is free.
|
| (The article discusses Argo smart routing, but in my experience
| Argo tiered caching has lead to the same kind of performance
| gains this article talks about).
| ceejayoz wrote:
| Cloudflare's significantly cheaper in many cases.
| nixcraft wrote:
| Price is the main difference between AWS CloudFront/Fastly and
| CF. In most cases, CF prices are fixed, like $200 for business
| or $20 for the pro plan. If you like fixed prices VMs from
| Linode or DO, chances are high that you will like Cloudflare
| too. Of course, advanced addons features like CF Argo and CF
| Bot management cost more money at Cloudflare too.
| TurningCanadian wrote:
| Using CF as an initialism for Cloudflare when talking about
| CloudFront and Cloudflare is really confusing -- especially
| because Cloudflare doesn't capitalize the F but CloudFront
| does.
| ignoramous wrote:
| > _especially because Cloudflare doesn 't capitalize the F
| but CloudFront does._
|
| They used to: _CloudFlare becomes Cloudflare_ (2016),
| https://archive.is/v1C1H
| tchalla wrote:
| These initialisms are getting out of hand, to be honest.
| jgrahamc wrote:
| CF vs. Cf
| technion wrote:
| I have a small service for an nfp on the $20 plan and I
| remember working out cloudfront+aws was would have set them
| back roughly 1500 per month, and that's without looking into
| occasional viral traffic spikes. The price disparity is
| baffling.
| FractalHQ wrote:
| It makes sense if you consider the fact that one complaint
| is printing money while the other is bleeding it.
| yamtaddle wrote:
| - Last I checked, the $20 plan has _no SLA whatsoever_ and
| the $200 has a pretty poor one. Thought admittedly I don 't
| know whether Cloudfront is better there.
|
| - You can't serve _all_ kinds of traffic with Cloudflare
| self-serve plans. Including some of the ones that tend to use
| the most bandwidth.
|
| - According to the CloudFlare self-serve plan TOS, IIRC, if
| you start being a too-heavy user on the those plans
| CloudFlare can (and, I've _heard_ , will) tell you to upgrade
| to an enterprise plan. Last I checked (this part's personal
| experience) they're not super interested in serving
| enterprise customers very far under a minimum $5k/month
| level, so there's a _huge_ gap there in which other services
| are a much, much better value.
| hnov wrote:
| While that lasts, you can't be charging a flat $200 in a
| world where the other players are charging 5-10C//GB of
| egress.
| dustymcp wrote:
| Alot of the companies who bought cloudflare would probably
| rather pay the 200$ than deal with migrating everything.
| NavinF wrote:
| I said the opposite ("cloud providers can't keep charging
| 5-10C//GB egress") a few years ago, but I guess I was
| wrong. I still think their pricing is absolutely insane in
| a world where even the smallest companies can colo a server
| and get wholesale transit that works out to <$0.005/GB.
|
| But I guess nobody's really pushing traffic so nobody cares
| about $/GB.
| yamtaddle wrote:
| > I still think their pricing is absolutely insane in a
| world where even the smallest companies can colo a server
| and get wholesale transit that works out to <$0.005/GB.
|
| Their pricing's insane in a world where you can get
| prices not too far from that wholesale rate for CDN
| service (which is a whole different beast from having one
| or two colo'd servers).
|
| And anyway, _nobody_ pushing serious bits is paying
| public rates, anywhere. Those discounts can be huge. In
| fact I wouldn 't be surprised if part of the reason cloud
| providers have such high rates is so they can give their
| counterparts an easy, very impressive-looking "win" in
| negotiations.
| jdwithit wrote:
| Yeah I was going to say much the same. Nobody with a
| large cloud bill is paying anywhere near list price. It's
| very hard to compare services apples to apples without
| actually getting a private quote from each side's sales
| team unfortunately.
|
| This applies to all "enterprise software" too, btw. We've
| had quotes from vendors that started at 50% off list
| price, and then negotiated down further from there. It's
| pretty ridiculous.
| itslennysfault wrote:
| k__ wrote:
| They don't shut you off if you're alt right, lol.
| eastdakota wrote:
| Wanna bet?
|
| https://www.buzzfeednews.com/amphtml/johnpaczkowski/amazon-p.
| ..
|
| https://amp.theguardian.com/media/2010/dec/01/wikileaks-
| webs...
|
| Etc etc...
| stevewatson301 wrote:
| Except for the fact that hosting Wikileaks and Parler with
| the content in question was always legally contentious.
|
| What Kiwifarms or The Daily Stormer hosted was sufficiently
| odious (in my view at least), it is disingenuous to suggest
| that the content is at the same level as what Amazon took
| action against.
| shitlord wrote:
| All of those sites are toxic customers. Continuing to
| host them will draw the government's ire.
|
| For Parler, the Jan 6 Committee would have inundated
| Amazon with subpoenas for internal documents and demanded
| testimony from executives. It's understandable why Parler
| was deplatformed so many times: because nobody likes
| government scrutiny. The risk is clearly greater than the
| reward.
|
| I'm not saying that this was the right decision for
| society, but I understand where they're coming from, and
| these companies should be transparent about their
| motivations.
| sophacles wrote:
| So why aren't those sites on Amazon right now? Seriously,
| if Amazon is such an amazing bastion of allowing that
| disgusting content, why are KiwiFarms and the Daily
| Stormer not happily up and running on AWS with
| CloudFront?
| stevewatson301 wrote:
| babelfish wrote:
| But they should.
| is_true wrote:
| The numbers of zeros after the dot/comma (depending on your
| locale)
___________________________________________________________________
(page generated 2022-10-20 23:00 UTC)