Watch this webinar to learn how to:
Protect and accelerate your networks
Reduce the total cost of ownership (TCO) in your data centers, and
Increase your operational agility with easy deployment and management of network services
3. The data centric & appliance based approach is broken
Expensive
infrastructure and resource
costs of managing DDoS
hardware
Easily overwhelmed by large
volumetric DDoS attacks โ
leading to service disruption
Require constant upgrades
to stay up-to-date to defend
against the latest threats
THE PROBLEM WITH ON-PREM DDOS HARDWARE
4. Get rid of perimeter network hardware.
CLOUDFLARE MAGIC TRANSIT
NETWORK HARDWARE APPLIANCES
โ CAPEX: Initial box, installation costs
โ OPEX:
โ Licensing, maintenance
โ IT/ engineering staff
โ Data center rent/ power
CLOUDFLARE NETWORKING-AS-A-
SERVICE
โ ZERO CAPEX
โ Usage-based model
โ Zero licensing, installation, support, maintenance
fees
โ Includes dedicated systems, customer engineers
6. Cloudflareโs network operates at massive scale
CLOUDFLARE AT A GLANCE
Cloudflare city
Approximate area inside
which Cloudflareโs network
is reachable within 100ms
via the Internet
6
Note: map data as of
Jan 15, 2020
25M+
Internet properties
200+
cities and 100+ countries
76B
cyber threats blocked each day
in Q3โ20
99%
of the Internet-connected
population in the developed world is
located within 100 milliseconds of
our network
51 Tbps
of network capacity
7. Benefits
Simplify your data center
networking
โ DDoS protection, network
firewall, traffic acceleration,
and more โ are all delivered
as-a-service
โ Just connect to Cloudflare,
weโll take care of the rest
CLOUDFLARE MAGIC TRANSIT
Get peace of mind with best-in-
class networking
โ Robust, automatic DDoS
protection with a mitigation
capacity of over 51 Tbps and
under 3 sec TTM
โ Integrated network firewall
and traffic acceleration
โ Built-in network analytics
Drive operational agility up and
costs down
โ No boxes = Zero CAPEX
โ Zero licensing, installation,
and maintenance fees
โ Lower TCO compared to
hardware appliances
8. Cloudflare helps Wikimedia restore service following a massive DDoS attack
CLOUDFLARE DDOS PROTECTION โ CUSTOMER STORY
North American non-profit
organization that hosts
Wikipedia, one of the worldโs
most renowned open
collaboration projects.
โ Founded in 2003
โ One of the most
visited websites in the
world
โ Over 25 billion page
views monthly
โ Hosts 13 collaborative
knowledge projects
including Wikipedia
Challenges
โ Target of a massive coordinated DDoS attack campaign of ~300Gbps of bandwidth,
105MPPS of TCP ACK traffic, and 340MPPS of UDP floods
โ Significant increase in HTTP response times from servers that were still reachable
โ Site accessibility impacted in various regions around the world
Cloudflare Solution
โ Magic Transit protects their on-premise data centers from volumetric attacks
โ Even as the attack changed patterns, Magic Transit was a resilient shield protecting
Wikimediaโs network infrastructure
Key Results
โ Improved resilience and availability
โ Zero performance degradation due to filtering traffic at the edge
โ Valuable partnership with Cloudflare and influence on product roadmap
8Read more: https://www.cloudflare.com/case-studies/wikimedia-foundation/
9. EDUCATION
Customers realizing value in every industry, every vertical, every country
HEALTHCARE / LIFE SCIENCES SOFTWARE
INDUSTRIAL / TRANSPORTATION
CONSUMER / eCOMMERCE
FINANCIAL SERVICES HARDWARE / MANUFACTURING
MEDIA / ENTERTAINMENT
GAMING
YOU ARE IN GOOD COMPANY
Most enterprises today have data centers with network hardware that comprises boxes such as these:
Maybe WAN Optimization appliance from Riverbed
DDoS box maybe from Arbor or Radware
Network firewall from maybe PAN
VPN appliance from Cisco
LB from F5
These boxes were built to satisfy some fundamental needs of connectivity โsecurity, performance, and reliability. At Cloudflare, we call these boxes, band-aid boxes. Band-aid because thatโs what they areย โ a temporary fix.
While these โband-aid boxesโ added some security, performance, and reliability benefits, they contributed to massive complexity, cost, technical debt, and a tangled web of dependencies. Band-Aid boxes are expensive - it cost a lot in terms of the CAPEX. On one hand, there is the hardware cost from deploying specialized hardware, it actually costs a lot in terms of the people who have to manage these solutions.
In spite of the drawbacks, the band-aid boxes were sufficient to ensure the safety, functionality, and resilience required by businesses that could afford them in the on-premise paradigm, but these band-aid boxes were never designed to work in the cloud.
The network hardware boxes worked for a while in on-premises deployment and in the early days of the Internet, but the problem is the application deployment is changing. Weโve shifting application deployment, storage and compute to the cloud, but the network layer still remains on-premises. This complicates network management.
DDoS attacks are surgingย โ both in frequency and sophistication. And DDoS boxes are just not built for todayโs networks to counter attacks of todayโs times.
One reason is they are very expensiveโoften boxes cost multiple 100Ks per box, and if you have multiple data centers, you have to purchase multiple boxes.
Theyโre also easily overwhelmed by large attacks.
Often they need constant upgrades and dedicated teams
In September 2020, a large pharma firm was the victim of a ransom-based DDoS attack. Senders of the ransom note attacked this companyโs data center to prove that they were serious about their threat. Their existing on-prem DDoS box failed to block the threat because its uplinks were easily saturated by the scale of the attack. The attackers threatened to bring down all of their multiple data centers unless they were paid an undisclosed amount of money before a specified deadline. The company approached Cloudflare and we onboarded them overnight to protect them from any future attacks.
And this is where Cloudflare can help.
So who are we and why do we exist?
Iโd like to begin by grounding in Cloudflareโs mission because it guides everything we do.
Our mission is bold but simple - to help build a better Internet. One that is faster, more secure and more reliable for all.
Every dot you see here represents a Cloudflare PoP
Whatโs unique about us is that every machine in every data center runs every product
Avoids the performance tradeoff of routing through a limited number of data centers
Everything we build sits on top of this network
Flexible due to commoditized hardware (w/high performance networking cards) and Linux x86 architecture โleverage the express data path and eBPFโ10 years ago this would have been crazy given performance. Today itโs our secret weapon.
Now on to the benefits of Magic Transit:
One โ it helps customers get rid of boxes. Many bigger companies are at some stage of their path towards digital transformation, and as cliche as it sounds, Magic transit does help companies further adopt the cloud. Network functions delivered as a service are easy to configure and manage.
Two โ it gives customers access to Cloudflareโs expansive network, that not only protects but also accelerates anything connected to it. Security with integrated performance. Cloudflare is one of the most interconnected networks in the world. We work with carriers, Internet exchanges and peering partners around the world to ensure that every bit placed on our network will reach its destination quickly and reliably.
Third โ costs. More and more companies we talk to are looking for ways to reduce their Capex. Magic Transit helps you dramatically reduce your Capex and delivers operational agility with VNFs delivered and billed as a service. This is a huge plus.
All of us know Wikipedia. It is one of the most visited websites in the world with over 25B monthly page views. The Wikimedia Foundation hosts 13 collaborative knowledge projects from Wikipedia, the free encyclopedia, to Wikibooks, Wikitionary, Wikidata, and others.
Wikimedia experienced a massive DDoS attack in early September of 2019. We reached out to them to find out how we can help. Within a few hours they responded that they could use the help as they were struggling to recover from the persistent attacks being targeted at Wikipedia which had been knocked offline.
Cloudflare worked closely with the Wikimedia team to help get Magic Transit in place, and once it was able to show results the deployment was expanded to cover their entire site presence. Not only were they able to restore global service to Wikipedia but the imposed latency was minimal; 66ms versus 63 ms before Cloudflare was inserted into their network.
Wikimedia has since deployed Magic Transit as a core part of their network infrastructure and leverage the broad threat intelligence that Cloudflare offers to help mitigate the debilitating impact of future attacks. Magic Transit is deployed on-demand via API based on network indicators that allows Wikimedia to automate service utilization on an as needed basis. As one of the early adopters of Magic Transit, they are also a key partner for Cloudflare in improving the product to meet the needs of highly targeted media sites.
https://blog.thousandeyes.com/analyzing-the-wikipedia-ddos-attack/
Cloudflare is used across the various verticals. Here are some example of customers in each of the key verticals.