Comment by ignoramous
1 year ago
> Cloudflare's ddos protection
Yeah, we got hammered once with over 10TB/mo and noped out of Netlify as fast as we could: https://twitter.com/rethinkdns/status/1370342245841342466 Had to pay the bill in full.
Cloudflare's free tier is ridiculous: We do over 30TB+ of genuine traffic for $0. Makes it hard to move to any other platform. As a small tech shop, this is my Hotel California I'm happy to never leave.
CloudFlare pricing is indeed positively ridiculous.
At OpenTofu[0] we’re using CloudFlare R2 to host the providers and modules registry[1]. Bandwidth is free, you only pay for requests.
This already would be great, but there’s more - you only pay for requests that actually hit R2. So with an almost 100% cache hit ratio, we barely register any billable requests.
Recently someone decided to load test us and generated ~1TB of traffic over 1-3 days. All but a few of these requests were cached, so the whole situation probably cost us less than a cent.
[0]: https://opentofu.org
[1]: https://github.com/opentofu/registry
Is this in line with the TOS? I thought there were restrictions on serving non-website content in the free tier, or does that not apply to the CDN if you're using R2 as an origin?
They updated TOS to enable proxing R2 via CDN with cache enabled: https://blog.cloudflare.com/updated-tos
> R2 as an origin
We front our distribution service with Cloudflare Workers fronting R2 fronting S3 / Lightsail Object Store (https://blog.cloudflare.com/cloudflare-r2-super-slurper/). That brought our costs down from $500 to $2 serving the same amount of traffic.
> Cloudflare's free tier is ridiculous: We do over 30TB+ of genuine traffic for $0. Makes it hard to move to any other platform. As a small tech shop, this is my Hotel California I'm happy to never leave.
Yeah that's how Cloudflare can reach total control over the Internet. With thunderous applause by people that should know better.
I know that my position is outright blasphemous in this day and age, where even self-hosting a static site has become black magic and we need a third party to do it for us.
I don't understand this take. First of all, moving off of Cloudflare is trivial if you really have an alternative. Second of all, self hosting a static website is easy, but that's not we're talking about here. We're talking about DDoS mitigation, which is not gonna be solved over a weekend hack with a load balancer. At least, not at the scale that matters.
What would the Cloudflare going evil phase even look like? Is it anything like Netlify charging me 100k because they don't provide ANY DDoS protection? I don't see any FOSS tools preventing this problem.
You mean that all the people on HN that use Cloudflare's very generous free tier are at risk of DDOS?
Of course there is a benefit to selling your soul to the devil, what's the bloody point otherwise? I do not need to hear all the good things the devil got you, I am telling you that it is silly that "go Cloudflare" is the default advice is any situation because we have become lazy and complacent and we do not really care that we give the keys to the internet to one company.
The Internet gets shittier because people are lazy, and I need better arguments to being complicit to this than "I need DDoS protection for my 100-visitor a month blog."
1 reply →
That's not CloudFlare's fault.
I dread the day they go evil
> Yeah that's how Cloudflare can reach total control over the Internet. With thunderous applause by people that should know better.
This is an emotionally-manipulative, anti-intellectual comment that certainly does not belong on HN. There's no intellectual curiosity or value in this comment - just scoffing, predictions of doom, manipulative statements like "I know that my position is outright blasphemous in this day and age", and other drivel that belongs on Reddit, not here.
That’s a free tier that doesn’t sound sustainable then, so that raises alarm bells to me.
That's because amazon and big telecom convinced you that bandwidth is expensive. It isn't. Once the equipment is there, you might as well use it.
Well, they have to pay for the amortized equipment cost. Which, yes, is much less than you think. The big 3 clouds have set their prices in an age when services were much more expensive to provide, and they make a big deal out of the fact they've never raised their prices - but they rarely lower them, either. Now they have insane profit margins.
The invisible hand of the free market has come to fix that, *but you have to opt into the hand by shopping around.* If you don't, you don't get its benefits! You have to willingly take the choice to move to cheaper providers instead of overpriced ones.
Hetzner Cloud: $1/TB (20TB free) Digital Ocean: $10/TB (few TB free depending on server size) AWS: $90/TB (0.1TB free, used to be 0.001TB free) Netlify: $550/TB (0.1TB or 1TB free)
If you move up from $5/month VPSes, to real dedicated servers, you are now spending a lot more money and therefore you get more free perks. A huge number of providers exist that will give you unlimited or unlimited† bandwidth depending on how much you spend. Renting a powerful server with unlimited 1Gbps should cost a few hundred to several hundred dollars per month, and a powerful server with unlimited 10Gbps (i.e. 3000TB/month) should cost a few thousand dollars per month. You can even get some with 100Gbps (for tens of thousands).
Also consider asking your local ISPs and datacenters. If you live in a central area, you can probably get a comparable connection to a nearby datacenter if not straight to your office, for a comparable price. Data center connections are their bread and butter and they should be able to give you a quote quite rapidly; to your office will be a more custom thing.
Recently I got a quote for AMS-IX peering in Berlin, i.e. a peering in Amsterdam plus a link from Amsterdam to Berlin, about a 600km distance. That would cost 950 euros per month. If 1Gbps, it would cost 300 euros per month. Even though it's not really got anything to do with internet access (transit), I include this number to give some indication of the "true" cost of "raw" bandwidth.
1 reply →
Wouldn't there be at least a handful of competitors if the economics worked out that way?
6 replies →
I believe it's quite the opposite, cloud has normalized absurdly high traffic fees, and that is what should be raising alarm bells.
cloudflare has a blogpost that kind of explains a bit on cost of bandwidth https://blog.cloudflare.com/the-relative-cost-of-bandwidth-a...
(from 2014, so it might be super outdated)
Yes, cloud services have inflated both bandwidth and amortized hardware costs to absurd levels. You pay for not having to know what to do in order to run something online. Until it breaks.
Peering.
Here's how it works:
1) I have a big network and I exchange traffic with another big network. Think of "eyeball" networks like last-mile ISPs (Comcast, mobile providers, etc) where a substantial portion of end-user traffic is going to handfuls of well known networks - Cloudflare, AWS, Netflix, etc.
2) Comcast and Cloudflare say "Hey, I send you X TB/PB/etc and you send me X TB/PB/etc. We both currently pay another provider to route that traffic between us. Let's not do that."
3) In locations where it makes sense they basically throw a cable across datacenters, POPs, internet exchanges, etc. The cost for this is typically extremely low - it's basically a port on a switch/router on each side and MAYBE a "cross connect fee" from the facility. This is usually billed in the tens of dollars/mo if at all. It takes very little time/effort to configure this but of course the details are more complex - multiple ports, multiple facilities, etc.
4) Both sides start routing traffic between their networks over their new shiny direct cables and extremely high speed ports. Faster throughput, lower latency, improved reliability, frees up bandwidth to the transit provider they were using previously, and most importantly the cost of bandwidth between the two networks goes to zero.
This is all well known and publicly available because it's visible in the global routing table(s). Cloudflare, for example[0].
All of the large providers do this and AWS, etc charging in bandwidth per GB (especially at their rates) is more-or-less pure profit.
I have a theory that AWS, etc capitalize on people not really understanding this anymore. AWS is 20 years old - that's an entire generation of CTO/CIOs on down that are completely unfamiliar with these details and think $0.10/GB or whatever is "just what bandwidth costs". It is not.
[0] - https://bgp.he.net/AS13335#_peers
People don’t really and have never fully understood this - and why Netflix using a lower tier provider with bad peering caused companies to … not upgrade their links.
I have heard that they rather drastically constrain QoS instead, which does sound reasonable. So you are still not charged for abusive traffic, but your service will be much slower than what is actually possible with paid tiers.
So you'd be either slow or pay them "for protection". Something that reminds me of;)
4 replies →
I think a lot of people don't understand how cheap bandwidth is and is decreasing in cost practically every day. Amazon and Google have a lot of people fooled. Go ask someone operating in China and East Asia (and Japan) how much they're paying for local solutions.
These guys know what they're doing. If and when Cloudflare dies we'll find something else.
it's 100% not sustainable. Use it while it's good, but don't get vendor locked in, because sooner or later they will increase the prices
> it's 100% not sustainable
As a business for Cloudflare?
https://news.ycombinator.com/item?id=33337183
This is why we still use services on VM's and open source containers. We can move our services anywhere, including selfhosting. AWS and Google offer some amazing solutions, but lock in ain't worth it if you can manage your own stack via serverless/vm solutions.
They've been going for at least 10 years...
Their stock performance would agree
While a funny comment, stock performance is at best loosely coupled to sustainability as a company.
By the time it isnt sustaninable I will have IPO'd and be the next offensive new money tech billionaire writing threads on twitter telling you the secret to success is the 5am grindset and everyone who isnt sinking 5mil into the next big thing (tm) can have fun staying poor.
> Cloudflare's free tier is ridiculous: We do over 30TB+ of genuine traffic for $0
It's not really ridiculous if you think about what you're giving them.
You are massively benefiting their platform by providing them data which they use to train their services and then sell those services to other customers.
I'd make a case that the data they collect is the most important part of their business and the free tier is a major component of this.
If you are not paying for it, you are not the customer; you're the product being sold.
I don't think it's fair to call it their free tier - it's their discretionary tier, there are numerous cases of the rug being pulled as and when it suits their business requirements to do so. Being left homeless vs. urgently coughing up is exactly the wrong problem to be dealing with mid-attack, I can't see any way to consider it free by any practical definition
I know that putting all eggs on one basket and giving it all to Cloudflare is not a good idea, if they have an outtage then I would also have it to. But when they are down, one third of the internet is down with them too. With 240$ a year for CDN, 60$ a year for serverless and $0.015 / GB-month for S3-compatible storage with free egress, I don't think anyone could find a better alternative than CF. I'm mixing with AWS, CF and self-hosted machines and the infra cost is less than 5k$ a year. Now I can spend the remain hard earned money for some fresh marlboro cigarettes.