Are you in the UK? Ultrafast Internet up to 8Gbps. Switch to YouFibre
Are you in the UK? Ultrafast Internet up to 8Gbps. Switch to YouFibre

Cloudflare accelerates its network with security, traffic optimizations

GIXnews

Cloudflare unwrapped a series of networking and security innovations during its birthday week event. The announcements include implementations of new and emerging internet standards that could have a wide-ranging impact over time. Cloudflare commands a sizable share of internet traffic, and its network footprint spans the globe.

Key announcements include:

  • AI Audit: Tool for website owners to monitor AI crawler access
  • Speed Brain: Predictive technology for faster page loading
  • Workers AI: Enhanced AI inference platform and developer tools
  • Z Standard: New compression algorithm outperforming Brotli
  • Encrypted Client Hello: Privacy feature for initial web connections
  • Cloudflare Calls: TURN protocol implementation using Anycast network
  • SQLite integration: Embedded database in durable objects in the cloud for improved performance

Speed Brain uses Speculation Rules API to load pages 45% faster

Among the most interesting announcements is the debut of Speed Brain. Cloudflare claims the technology could enable web pages to load up to 45% faster.

John Graham-Cumming, CTO of Cloudflare, noted there is a new API that is supported in some browsers called Speculation Rules. The API allows a browser to preload certain content from a website, even before a user clicks. As a user hovers the mouse over a link on a website and is thinking about clicking, the browser is downloading the page.

“We can use machine learning to predict what you’re likely to click on, or at least predict what we should send to your browser so that if you do click, you get the fastest response,” Graham-Cumming told Network World. “The speed up is remarkable. The real speed up in the real world, not like in a lab, is 45%, which I didn’t actually believe when they first told me.”

Data compression gets 42% boost with Zstandard

Another area where Cloudflare is making use of emerging internet standards is with compression.

Currently, the Brotli compression format is among the most widely used. Cloudflare is now rolling out a new option based on Zstandard (zstd) compression that has only been supported in the Google Chrome and Mozilla Firefox web browsers since March of this year.

“Zstandard gives pretty much the same compression levels of Brotli, but is about 42% faster than Brotli, and so it actually makes it viable to be using it at quite a wide scale,” he said.

Hello (encrypted) world

Privacy enhancements are also a key focus for Cloudflare, and that’s where the new Encrypted Client Hello (ECH) specification fits in. This feature addresses a longstanding privacy concern in web browsing. ECH is a proposed IETF standard that is currently undergoing review.

“One of the ways in which web browsing isn’t private is that your web browser goes and connects to your website and announces what it’s looking for in what’s called the client hello,” Graham-Cumming explained. “The solution to that is a thing called Encrypted Client Hello.”

ECH encrypts the initial “Client Hello” packet in the TLS handshake, which reveals the domain the user is trying to connect to. Encrypting this packet hides the destination domain from anyone monitoring the connection. To be clear, Graham-Cumming noted that ECH is different from other privacy efforts like DNS over HTTPS/TLS, which encrypts the DNS lookup process, so that the DNS server cannot see which domains the user is looking up.

The key difference is that Encrypted Client Hello focuses on hiding the destination domain in the initial TLS connection, while DNS over HTTPS/TLS focuses on hiding the DNS lookups that precede the TLS connection. Both techniques aim to improve user privacy by encrypting different parts of the web browsing process.

Cloudflare Calls: Leveraging Anycast for improved connectivity in a NAT world

An everyday challenge for networks is the issue of NAT (network address translation) transversal. There are many different ways of dealing with the issue, and now Cloudflare is trying its… turn.

TURN (Transversal Using Relays around NAT) is an emerging internet protocol to optimize the NAT transversal process. The Cloudflare Calls service, which is based on the TURN protocol, is now generally available. The service utilizes Cloudflare’s Anycast network to provide scale and performance. 

“I actually think Cloudflare Calls is one of those sleeper products that is actually really powerful, and people are sort of slowly starting to build on it, because it gives you this point-to-point connectivity,” Graham-Cumming said.

SQLite moves off the desktop and into the network

In a move to improve developer experiences, Cloudflare announced the integration of SQLite within its durable objects. SQLite is one of the most widely used open-source database technologies and it’s almost always set up to run with local on-device storage.

“We’ve embedded the SQLite database inside one of what we call durable objects, which are objects that move around the Cloudflare network,” Graham-Cumming said. “That, I think is going to turn out to be really pretty exciting for people, because it allows them to store data and operate almost as if that durable object was on your computer.”

Read more from this author

  • Linus Torvalds to developers: Pursue meaningful projects, not hype The creator of Linux detailed the latest Linux updates at the Linux Foundation’s Open Source Summit Europe event.
  • Fortinet expands security lineup with sovereign SASE: The new Fortinet Sovereign SASE offering provides a delivery option that lets organizations maintain local control over security inspection and logs.
  • Wireshark 4.4 boosts network protocol visibility: The creator of the popular open-source network protocol analyzer talks about what’s new in Wireshark 4.4, how governance has changed, and what to expect next.
  • Ciena and Arelion achieve 1.6 Tb/s optical transmission milestone: Ciena’s WaveLogic 6 Extreme (WL6e) is the optical networking technology that enabled the new speed record in carrier data networking transport.
  • Edgecore unveils high-performance 400G spine switch for data centers: The DCS511 switch delivers up to 12.8 Tb/s of switching capacity with support for open-source network operating systems including SONiC.
  • Netskope’s SASE upgrade targets user experience, network forensics: The latest version of the Netskope One SASE platform gives IT teams tools to improve network visibility and boost performance for distributed employees.
  • Why eBPF is critical and how it’s getting better: eBPF is a foundational Linux networking technology used for routing, monitoring and security, and soon it will be coming to Microsoft Windows, too.

Source:: Network World