Cloudflare has rolled out two new traffic control products, CloudFlare Traffic Control and Traffic Manager, that enable customers to control and direct how Cloudflare’s edge network manages their traffic. They are available in Early Access and will be publically available by the end of the year.
More than 10 trillion requests flow through Cloudflare’s global network each month, which serves more than 4 million customers and handles 10% of internet requests. But the company has also decided to focus on providing customers the ability to tailor their traffic management and improve their application uptime, security and focus.
Cloudflare’s Traffic Control allows customers to set a rate limit threshold in order to block traffic based on the number of requests per second pre IP, cookie, or authentication token. Traffic can also be limited on a per-URI basis to give clients fine-grained control over a particular website, application, or API.
Unexpected traffic surges can occur for a number of reasons, ranging from slow brute force attacks, to Distributed Denial of Service, or simply due to sudden popularity or success. Traffic Control shields origin servers from attack and preserves uptime by throttling, blocking, and controlling traffic flow in order to maintain performance and limit economic impact.
Cloudflare already offers a comprehensive WAF and DDoS mitigation services to stop attacks, but Traffic Control gives customers pinpoint control over traffic that reaches their origin servers, allowing them to test and configure traffic rules and apply changes globally. This approach defends both APIs and web pages. Moreover, it allows customers to set different rate limit triggers for different versions of their APIs and return custom JSON responses and response codes. Traffic Control also lets clients define specific URLs with customized limits and policies.
The rules can also be designed to protect login endpoints, differentiating between real users and brute-force attacks. Traffic Control does this, in part, by distinguishing between POSTs and GETs and recognizing authentication failures. These functions allow Traffic Control to protect customers in both the best-case and worst-case scenarios.
Most customers these days run either a single datacenter/cloud provider supporting multiple load-balanced servers, or replicate that infrastructure across multiple geographic regions. Rather than rely on a simple, single server approach, customers have opted for the reliability, comprehensiveness, and scalability of load-balanced infrastructure.
Cloudflare’s Traffic Manager enables clients to keep applications running during failures and manage unexpected traffic spikes by load balancing across multiple servers, datacenters, and locations.
The four major features offered by Traffic Manager are 1) health checks, 2) load balancing, 3) failover, and 4) geo-steering.
Health checks automatically test whether individual origin servers are available to get a real-time assessment of their health. This information is, in turn, used for load balancing and failover, which routes traffic to standby servers in the event of server failure.
Load balancing automatically distributes traffic across a range of origin servers. The feature responds dynamically to origin servers failing health checks, automatically removing the failed server and sharing the load across healthy servers. Load balancing also performs this function on a larger scale, removing an entire group of origin servers if the number of failed servers within that group reaches a certain threshold.
Finally, geo-steering allows customers to steer traffic delivery from certain physical locations to specific origin server groups, providing fine-grained control over traffic management.
In sum, Traffic Manager inspects and manages applications from over 100 locations globally, automatically addressing traffic delivery in the event of failure, based on the policies configured by the customer.