/plushcap/analysis/cloudflare/how-the-cloudflare-team-got-into-bondage-its

How the CloudFlare Team Got Into Bondage (It's Not What You Think)

What's this blog post about?

At Cloudflare, the focus is on eliminating bottlenecks in their network infrastructure. They use port bonding technology to maximize network throughput from servers. In their G3 specification, routers have multiple 10Gbps ports and switches have a handful of 10Gbps ports connected to routers and 48 1Gbps ports connected to servers. Servers have six 1Gbps ports for network connectivity. To increase utilization, servers can perform any key Cloudflare functions such as DNS, front-line, caching, and logging. This allows them to scale capacity across storage, CPU, and RAM by adding more servers. However, this requires significant communication between servers across the local area network (LAN). Port bonding is implemented to deal with challenges related to bandwidth and network interrupts during denial of service attacks. They use mode 4, 802.3ad Dynamic Link Aggregation, which requires switches that support it. The Nitty Gritty section provides detailed steps on how to set up port bonding in their custom Linux OS. In addition, they disable the irqbalance service and explicitly setup IRQ handling to isolate external and internal network traffic. This ensures that customers under attack are isolated from those who are not while still delivering maximum performance by fully utilizing all the gear in their network. The next generation of servers (G4) will jump from 1Gbps network interfaces up to 10Gbps, further increasing throughput and IRQ handling capabilities.

Company
Cloudflare

Date published
April 8, 2013

Author(s)
Matthew Prince

Word count
2063

Hacker News points
2

Language
English


By Matt Makai. 2021-2024.