Cloudflare Advances New Internet Standards for Speed and Security

As part of its Birthday Week, Cloudflare announces support for internet standards that help to improve speed and security, as well as unveiling the new Bandwidth Alliance that could help to save customers millions of dollars in bandwidth costs.

Bandwidth Alliance

Cloudflare is celebrating its eighth birthday this week with a series of announcements that look to accelerate and secure the internet, as well as helping organizations to save some money.

On Sept. 24, Cloudflare announced its support of the Encrypted Server Name Indication (ESNI) service in a bid to keep service providers from being able to spy on users. On Sept 25, the company announced its support for the QUIC protocol to help accelerate mobile traffic over User Datagram Protocol (UDP). On Sept. 26, Cloudflare announced the Bandwidth Alliance, which is a multi-stakeholder group of cloud providers that have pledged to reduce data transfer fees for mutual customers.

"We launched at TechCrunch Disrupt eight years ago on Thursday, September 27, so we've always thought that kind of is our birthday," Matthew Prince, co-founder and CEO of Cloudflare told eWEEK. "The spirit of our birthday week has always been not about the things we do to benefit Cloudflare, but about things that we give back to our users or to the internet in general."

Cloudflare's birthday week follows the company's crypto-week, during which it announced the Roughtime service to secure time, a gateway that enables users to benefit from the Inter Planetary File System (IPFS) peer-to-peer filesystem for distributed content delivery, RPKI (Resource Public Key Infrastructure) to help secure BGP (Border Gateway Protocol) and the Cloudflare Onion Service to help users who want to stay anonymous with the Tor network.

ESNI

On Apr. 2, Cloudflare announced its 1.1.1.1 DNS service to help boost internet privacy. Among the technical components in the 1.1.1.1 service is the use of DNS-over-TLS, which is intended to encrypt the network connection such that a service provider or attacker can't discover what sites a user is visiting. The challenge however that Prince discovered is that all modern browsers also send a piece of metadata in the browser header called Server Name Indication (SNI) that reveals to anyone listening on the line, such an Internet Service Provider (ISP), every site that a user visits, even when the user visits encrypted sites.

"I got frustrated seeing the SNI hole as being a real problem and one of the remaining big internet privacy bugs that's out there," Prince said.

So what Prince and Cloudflare have done is they have collaborated with others including Mozilla, Apple and Fastly to help expedite the development and deployment of an encrypted SNI (ESNI) that doesn't leak user information. Prince said that Mozilla's Firefox is likely to be the first browser to support ESNI and he expects that other major browser vendors will follow in the coming months.

QUIC

The QUIC protocol was originally developed by Google as a replacement for HTTP, on mobile connections. HTTP is based on Transfer Control Protocol (TCP), while QUIC makes use of User Datagram Protocol (UDP)

"QUIC uses a bunch of technologies to do error correction, because on your mobile device, if somebody turns on a microwave, or you just happened to walk around the corner and are in the shadow of your cell phone tower, that can cause that can cause your connection to drop packets or have errors introduced," Prince explained.

Prince said that there is now also an IETF (Internet Engineering Task Force) standard for QUIC that Cloudflare has helped to develop.

"We're now the first content delivery network to support QUIC across across our network, with support coming to browsers over the next six months," he said. "We've taken the protocol that was created and used exclusively by Google and democratized it to anyone that's out there."

Bandwidth Alliance

On Sept. 26, Cloudflare announced the Bandwidth Alliance, which includes the participation of Automattic, Backblaze, DigitalOcean, DreamHost, IBM Cloud, Linode, Microsoft Azure, Packet, Scaleway and Vapor. The basic idea behind the Bandwidth Alliance is that mutual customers of Cloudflare and members of the alliance should not have to pay for bandwidth costs between the two providers.

"We have 10 million plus domains, API's, websites and mobile applications that sit behind the Cloudflare network," Prince said. "While we're a network, our customers still have a host that is somewhere on the internet."

An increasing number of Cloudflare's customers use cloud-based hosting providers that charge for bandwidth. Prince said that Cloudflare has Private Network Interface (PNI) direct connections with the major cloud providers that provides connectivity.

"There's nothing magical about PNI it's a piece of fiber optic cable that goes from the cloud host network to Cloudflare's network, Prince said. "While there is some cost for installing the cable, once it's installed there is no incremental cost for me (Cloudflare)."

As such, Prince came to the conclusion that it's the right thing to not charge customers for the bandwidth and assembled the Bandwidth Alliance. He noted that while Amazon is not part of the initial announcement, he has been speaking with them and is hopeful Amazon will join at some point in the near future. Prince noted that the negotiations with the different cloud providers have not been trivial, though he's glad that logic prevailed in the end.

"Fundamentally the argument that we kept coming back to is that if we're not paying for the bandwidth, and you're not paying for the bandwidth, why should customers pay for the bandwidth?" Prince said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.