Cloudflare went down

deweyzeph said:
In our case it would have been a total ballache to disable Cloudflare proxy. Just sorting out new SSL certs alone would have been a nightmare, not to mention all the page rules, security rules, etc that we use Cloudflare for. Plus changing firewall rules to allow our web servers to be exposed directly to the internet. Sucking it up for a few hours while the issue resolved itself was far more preferable.
Click to expand...

Is it a recognised signed-off business continuity risk that you are dependent on a single company like that?

If CF decides they don't want your business, you are out of business? Are your page rules and security rules requirements?
 
Tomtomtom said:
Is it a recognised signed-off business risk that you are dependent on a single company?

If CF decides they don't want your business, you are out of business?
Click to expand...

We're not dependent on them, we could easily do all of that stuff ourselves, we just choose not to. My point was that we weren't going to spend a whole day reconfiguring everything just because of a relatively short outage.
 
Sinbad said:
There's a big difference between a controlled contractual exit, and a kneejerk switch during an outage.
Click to expand...

If only it were so black and white.

deweyzeph said:
We're not dependent on them, we could easily do all of that stuff ourselves, we just choose not to. My point was that we weren't going to spend a whole day reconfiguring everything just because of a relatively short outage.
Click to expand...

Three hours is short?... when do you call it?
 
AnimateX said:
So genuinely asking what is your alternative to mitigate against this sort of failure?
Click to expand...

Don't be dependent on Cloudflare's proxy service. It should be matter of "progressive enhancement", not a requirement for ordinary operations.
 
Tomtomtom said:
Three hours is short?... when do you call it?
Click to expand...

In this case our core systems never went down, it was simply Cloudflare's proxy service that went down preventing our customers from accessing our public facing portals. We would have made a plan eventually if we really had to bypass Cloudflare and restore public access to our systems. Our tolerance for a Cloudflare outage is fairly high but I would have called if it had stretched into tomorrow morning. We ran our systems for years without using Cloudflare, we could easily revert back to that if we really had to.
 
Tomtomtom said:
Don't be dependent on Cloudflare's proxy service. It should be matter of "progressive enhancement", not a requirement for ordinary operations.
Click to expand...
Lol

Tell me you know nothing about IT ops without using the words.
 
Tomtomtom said:
Don't be dependent on Cloudflare's proxy service. It should be matter of "progressive enhancement", not a requirement for ordinary operations.
Click to expand...
Not an answer, how do you build in redundancy for a dns proxy service when your domain resolution is relegated through cloudflare or any other singular provider. Please do tell.
 
Sinbad said:
Come and post when you work in a regulated environment that's a target for state actors.
Click to expand...

Why? I don't think it's a requirement for understanding the basic technical trade-offs for Cloudflare and the like. If anything the reams of regulatory policy just further obfuscates what's actually going on from a resiliency point of view.
 
AnimateX said:
Not an answer, how do you build in redundancy for a dns proxy service when your domain resolution is relegated through cloudflare or any other singular provider. Please do tell.
Click to expand...

This wasn't a Cloudflare DNS issue. Keeping your service online through this outage was a matter of disabling proxying.

If you can't disable proxying and still have a publicly-facing website give or take half an hour's reconfiguration, then something is wrong with your service architecture imo.

Or you are in a regulated environment that's a target for state actors.
 
Last edited:
deweyzeph said:
We ran our systems for years without using Cloudflare, we could easily revert back to that if we really had to.
Click to expand...

This is the thing... it's like testing a backup strategy... I think you do actually need to be able to easily revert, as in, be able to restore direct service in some X amount of time via a protocol you've established in advance.
 
SauRoNZA said:
Their own status page seems to have kakked itself now.

Cloudflare Status

Welcome to Cloudflare's home for real-time and historical data on system performance.
www.cloudflarestatus.com www.cloudflarestatus.com

MyBB was down for a minute and then came back up so probably replicating.
Click to expand...
It (MyBB) was down until a moment ago.
 
Tomtomtom said:
If you can't disable proxying and still have a publicly-facing website give or take half an hour's reconfiguration, then something is wrong with your service architecture imo.

Or you are in a regulated environment that's a target for state actors.
Click to expand...
Bro disabling proxying, WTF!? It's exactly because of what clients are willing to pay us for that we don't have the amount of resources to handle the bulk of rouge internet requests, bots, DDOS attacks that we resort to Cloudflare in the first place. I handle many high-profile sites and they all use CF for some sort of bot and DDOS protection. I asked what you would recommended in the place of CF for redundancy but you don't seem to comprehend why people would resort to CF in the first place. Facepalm.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X