A CloudFlare opera uma content distribution network (CDN) e é especialista em proteger sites de ataques DDoS. O artigo explica como o consegue com 23 datacenters à volta do mundo e usando Anycast.
One big cluster: How CloudFlare launched 10 data centers in 30 days
On August 22, CloudFlare, a content delivery network, turned on a
brand new data center in Seoul, Korea—the last of ten new facilities
started across four continents in a span of thirty days. The Seoul data
center brought CloudFlare's number of data centers up to 23, nearly
doubling the company's global reach—a significant feat in itself for a
company of just 32 employees.
In the two years since its launch, the content delivery network and
denial-of-service protection company has helped keep all sorts of sites
online during global attacks, both famous and infamous—including recognition from both Davos and LulzSec.
And all that attention has amounted to Yahoo-sized traffic—the
CloudFlare service has handled over 581 billion pageviews since its
Yet CloudFlare does all this without the sort of Domain Name Service
"black magic" that Akamai and other content delivery networks use to
forward-position content—and with only 32 employees. To reach that level
of efficiency, CloudFlare has done some black magic of a different
sort, relying on open-source software from the realm of high-performance
computing, storage tricks from the world of "big data," a bit of
network peering arbitrage and clever use of a core Internet routing
In the process, it has created an ever-expanding army of remote-controlled service points around the globe that can eat 60-gigabit-per-second distributed denial of service attacks for breakfast.
CloudFlare's CDN is based on Anycast,
a standard defined in the Border Gateway Protocol—the routing protocol
that's at the center of how the Internet directs traffic. Anycast is
part of how BGP supports the multi-homing of IP addresses, in which
multiple routers connect a network to the Internet; through the
broadcasts of IP addresses available through a router, other routers
determine the shortest path for network traffic to take to reach that
Using Anycast means that CloudFlare makes the servers it fronts
appear to be in many places, while only using one IP address. "If you do
a traceroute to Metallica.com (a CloudFlare customer), depending on
where you are in the world, you would hit a different data center,"
Prince said. "But you're getting back the same IP address."
That means that as CloudFlare adds more data centers, and those data
centers advertise the IP addresses of the websites that are fronted by
the service, the Internet's core routers automatically re-map the routes
to the IP addresses of the sites. There's no need to do anything
special with the Domain Name Service to handle load-balancing of network
traffic to sites other than point the hostname for a site at
CloudFlare's IP address. It also means that when a specific data center
needs to be taken down for an upgrade or maintenance (or gets knocked
offline for some other reason), the routes can be adjusted on the fly.
artigo completo no site da ArsTechnica