Comment by jrochkind1
8 months ago
I have been hearing stories from developers/entrepeneurs about Cloudflare being very weird to deal with:
"We'd like to talk to you about an enterprise plan."
"No thanks, I'm fine with the free plan."
"Based on your traffic, we'd like to talk to you about an enteprrise plan."
"Is there a traffic limit on the free plan?"
"No, there is no limit. But based on your traffic, we require you to get an enteprirse plan."
[Gives up and gets an enterprise plan]
[6 months later]
"Based on your traffic, we'd like to talk to you about up'ing your enteprise plan to a new monthly pay."
"Is there a cap to traffic in our current plan? I don't see that in our terms."
"No, there is no cap to traffic in cloudflare plans, but based on your traffic, we're going to require you to pay more per month than you are currently paying."
"OK, can you tell me the traffic limit in our current or new plan? So I know what I'm paying for and when I'm approaching it?"
"No. But you need to pay more."
[Wash, rinse, repeat, every 6-12 months]
It seems like while cloudflare technically does not charge for egress, in fact for large egress it's just a game of chicken between the customer and a salesperson every 6-12 months, with the salesperson trying to figure out the most they can manage to get without losing the customer? I mean, I guess that is standard for enteprise sales, but I think usually you at least have some terms to know what you've got for how long without a renegotiation?
You forget to mention that the DDoS traffic causing these issues are also behind cloudflare, but they don't give a damn about them, for obvious business reasons.
Cloudflare controls supply and demand, which, by definition of the law, should be classified as extortion.
> should be classified as extortion.
It meets the definition of a RICO "enterprise". The question is, will anyone bring it up for judicial review?
>It meets the definition of a RICO "enterprise".
1. It's probably not RICO[1]
2. Are businesses under any obligation to take down shady businesses (eg. DDoS services that are ostensibly stress testing services) absent a court order?
[1] https://web.archive.org/web/20180305062824/https://www.popeh..., specifically sections "Wait. Isn't the defendant the enterprise?" and "So what's "racketeering activity"?"
Look up "www.crimeflare.org/cfs.html" in the web archive on http port 82.
This guy ran a DNS for years to prove it until he disappeared. Lots of nazi websites, ddoxing sites, crime networks, conspiracy sites, ransomware groups and russian misinformation campaigns that he uncovered.
Honestly I don't see another way to gather the data necessary for this otherwise. You have to have the DNS data to be able to imply intent.
1 reply →
I thought about using CF in some of my deployments.
After hearing about these sorts of "discussions" from other colleagues, I certainly talked about using their services.
And then I realized that I had to hand them over my DNS? Uhh, no. It could have been "set nameserver to ours in your DNS console".
And also there was the recent SSL spoofing they're doing even with DNS with no hosted websites. And they charge money to send a revocation.
The whole thing is a hot yipes!
>And then I realized that I had to hand them over my DNS? Uhh, no. It could have been "set nameserver to ours in your DNS console".
>And also there was the recent SSL spoofing they're doing even with DNS with no hosted websites. And they charge money to send a revocation.
What's your threat model here? That cloudflare will go rogue and... MITM your users? Can't they do that even if they're not in charge of your DNS? Even if you point an A record to them, that's enough to get a certificate via an ACME http-01 challenge[1].
[1] https://letsencrypt.org/docs/challenge-types/#http-01-challe...
You don't have to. In fact there are some TLDs that they don't even support.
You just need to configure the nameservers and that's it. That's how I do it for mine.
> It could have been "set nameserver to ours in your DNS console".
... that's how it works? They give you the nameservers to use, you set your domains up with them.
You can register a domain through them, but don't have to.
In fairness regarding this particular post, the author admits they were probably violating Cloudflare's ToS, and they knew it.
The folks at CF could have been less obtuse in handling the matter. But at the end of the day this is an online casino breaking ToS and they got spanked.
I believed that too, then I noticed they had a feature for the TOS violation that didn't fundamentally change anything. The only difference was you paid for it. In that way it's not your average TOS violation.
2 replies →
We had a similar experience. Stuff suddenly started breaking for 10% of our traffic, support dragged their feet for weeks wrt any sort of insight as to what was going on, and then the answer was “you’re over an undocumented limit, try the enterprise plan”.
Fwiw this was some years ago and we moved most of our stuff away from them in response. I didn't get the feeling that this was malicious from their side, more like growing pains / mediocre support people / etc. But the end result was the same as you describe, except we chose not to pay up.
EDIT: more context: I shared this story on HN once before, jgrahamc responded with “please email me”, we did but it didn't move the needle. This further convinced me that CF just has a lot of stuff going on and something weird about our traffic made them error out. My suspicion is that the enterprise plan was supposed to make it internally defensible to pour more engineering resources into our case, but they were never explicit about that which made us worry enough to not do it.
I think that a large reputable business like CF should be clearer about stuff like this. That said, as someone running an API business, I also hold some sympathy for “customer does something weird an unexpected, it’s hitting a limit we didn't even know we had, srsly now what?”. The answer to that should be “work together with the customer to get to the bottom of things, customer might need to make changes too”. They didn't do that, which disappointed us, but I can relate to the situation nonetheless.
We’re still a CF customer, just not for this part of our offering.
> undocumented limit
this makes it sound like the limit is automatic or applies non-discriminately to customers, but my first instinct is that this was manually set by someone, maybe the sales reps again?
Yeah so I think it might’ve been a real system limit of sorts. Something timing out somewhere, some pipe getting clogged in a way that their edge nodes couldn’t scale their way out of the way they usually do. Eg because the scaling/monitoring code didn't detect that particular pipe getting clogged etc. We had weird long-running http requests at the time.
Note, this is pure conjecture, I’m just well aware from my own engineering experience that stuff can break under varied load in all kinds of unexpected ways. A large part of the work of an infrastructure business is going “woa shit I hadnt expected that we could fail in that way too” and then building infrastructure to be able to handle that case. You simply can’t predict everything your customers are going to throw at you. I think this was what happened + not sufficiently knowledgeable/experienced support. But I admit that I’m really just guessing.
The alternative would be that CF purposefully dropped 10% of our traffic to convince us to upgrade to enterprise, and despite our bad experience, I don’t believe they’re that kind of business. And if they were they handled it very badly because it took them 3 weeks of feet-dragging to even bring up the upsell.
2 replies →
I've hit one of these undocumented limits before where stuff would randomly start to fail. Once I was able to get a sales rep to talk to me about it, the problem suddenly went away. I didn't even need to buy an enterprise plan, but would have had they asked me to do so.
Our experience has been quite the opposite once we were forced to migrate from a free plan (a long time ago after what felt like abusing the free plan due to the amount of bandwidth we were using).
The bandwidth caps and all included features were clearly spelled out in the entetprise contract and when we went over, they didn't push for a contract renegotiation unless the overage lasted like 3+ months. And we frequently got new features included in for free.
In fact, recently they asked to renegotiate the contract due to some obsolescence and we ended up significantly dropping the bill as a result. Kind of backfired on them, I wonder if the account manager is kicking herself for this.
It's good to have an alternate experience shared, thanks!
Perhaps the stories I have heard are from people with particularly bad/aggressive sales reps, or who are particularly bad negotiators on their side.
I will say, though, that the free plan is marketted as without traffic/bandwidth limits, and has no traffic limits in it's terms of service, no? If it is possible to abuse it with an amount of bandwidth, rather than this being a "feeling", wouldn't it be more clear and transparent and respectful to just make it clear in the terms?
. I've always found it weird that they are so elusive and ambiguous about quota and allowances. It's a deliberate technique for targeted upsells, but it's not the best way to do business IMO.
> In fact, recently they asked to renegotiate the contract due to some obsolescence and we ended up significantly dropping the bill as a result. Kind of backfired on them, I wonder if the account manager is kicking herself for this.
Only if the cost of supporting the depreciated feature was less than the delta.
The thing is, she said it was strictly some contractual thing, that all renewals need to be in some new format. The feature set remained the same.
The new contract did put limits on some things we didn't have formal limits on before (like number of DNS queries), but aligned with our current usage, so our bill didn't go up.
I've been meaning to probe renegotiating pricing because we've been on this billing tier for probably a decade, and in the end some things we were able to negotiate down, and some rearchitect on the tech side to drop the usage by a staggering amount. We're still working out exactly what that amount is, I have several more weeks before renewal.
I wonder why they don’t just have clear limits - seems like it would make it easier to grok.
I think it being difficult to grok is the point, if they laid down exactly how much they want you to pay for bandwidth then it would be easy to go price shopping between them and the competition. But when it's "free" bandwidth, with a fuzzy line where it stops being free, and ambiguous pricing when it does, they can hook people in with a great deal and try to shake them down later.
I still encounter people who refuse to believe that CF bandwidth isn't really free, when you can easily demonstrate that it's not by just observing who uses them. If their bandwidth truly was free and unlimited with no catch whatsoever then every bandwidth giant like Imgur would use CF, but they don't. Imgur uses Fastly, probably because it's cheaper than CFs "free".
Free hits obscuring ruinous costs is a time honored strategy of drug dealers and all kinds of shady businesses.
I suspect this is the answer, and it's just "momentum". once you're at a location and you're doing considerable "stuff" the move becomes painful and $200 more a month doesn't seem a lot if you're a company, but if they do that every 6 months or so before you know it's $1000 a month
1 reply →
Yeah our pretty large company switched to CloudFlare thinking of all the dollars they would save with little research but within a year were back at Akamai.
And Akamai is very expensive.
Presumably it gives them a lot more flexibility in deciding who has to pay more.
With published thresholds they’re less able to upsell someone just shy of the limit without publicly changing the tiers. Doing that has the potential to upset existing customers who are over the new limit all at once, while also providing intel to competitors looking to undercut them.
They don't want you to know where you are. It's like Kafka but the liberterian edition.
That's not how the "free until it's not" pricing model works :P
IMHO it's just the price finding model that CF has adopted, I expect in the future they'll release limit numbers... unless they decide not releasing numbers is more profitable (i.e. the used car sales pricing model)
Genuine question: Why did you use `grok` in that context?
Rule: whenever someone prefaces a question with “genuine question” it’s actually a troll.
Also here you go: https://en.m.wikipedia.org/wiki/Grok
1 reply →
You're on a site named hacker news; why would you expect any other word there?
Under what contexts are you familiar with the term grok?
2 replies →
... in what other contexts would you use the word "grok"?
1 reply →
Are you also weirdly angry that Musk used the term for their “he has one so I also must have one” LLM? *Stole* the term? That’s a special word, and out of the mouth of anyone but Valentine Michael is obscenity.
I wouldn't trust a company after they pulled this stunt just once. Why are you letting them do this to you(r company)?
it's not me -- which is why i'm not nervous about talking about it on HN. I work in the non-profit sector and don't currently use Cloudflare. Just stories I've heard from others.
I'd guess that the cost of switching/cost compared to other alternatives/cost compared to business value/revenue, remained sustainable for the customer, who didn't want to deal with a switch.
In truth, this is kind of how "enterprise sales" has always worked? The salesperson trying to figure out the biggest price that won't lose the customer? But additionally having unclear terms and unclear length of contract (or really no contract locking in your terms/payment) is definitely in the vendor's favor...
My experience with Pulumi enterprise sales has been that they’re fairly forthcoming about how much everything will cost based on usage.
I think it’s weird to accept an enterprise contract without explicit terms…
Do they offer tangible benefits to justify the higher fees?
That's the thing that gets me about all types of subscriptions / pay walls. You have my attention momentarially, make your best pitch as to why paying you is in my interest.
Sounds like auth0…
But they have explicit limits?
https://auth0.com/pricing
Not on the enterprise plans… it’s a chat with the sales team. And they’ve generally got you over a barrel.