SlideShare a Scribd company logo

Managing Global Distributed Network

Jimmy Lim, profile picture
Jimmy Lim

This document discusses Cloudflare's global distributed network and how it manages over 120 points of presence around the world. It provides key metrics on traffic handled and describes techniques used such as anycast routing and an "orange cloud" to direct traffic to the nearest entry point quickly. The challenges of managing such a vast network are also outlined, along with approaches to monitoring, automation, and standardization that help ensure network resilience.

Internet
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Jimmy Lim SGNOG 5 jhalim@cloudflare.com Singapore, 5 September 2017 Managing Global Distributed Network
Cloudflare in a glance
This is the new style. ● 4+ million zones/domains ● 43+ billion DNS queries/day ● How? ○ Orange cloud ○ Global distributed network in 120+ locations Still growing fast! ○ Anycast routing Protect and accelerate any website online
Benefit of orange cloud ● Direct visitors to the nearest entry point ○ Fast! ■ Lesser hops ■ Reduced latency ● Save bandwidth! ○ Lesser requests to origin ○ Mitigate DDoS ● Resiliency ○ 120+ locations!
Orange cloud vs grey cloud
Building like crazy
1 new PoP per week!
Challenges ● 120+ locations ● 500+ transit/exchange ports ● 500+ network equipments ● Countless alerts!
Managing 120+ PoPs
Building Resilience Network ● Stable hardware and software ● Automatic configuration template/peer review ● Solid monitoring system ● Global network engineering ● Network automation
Hardware and Software ● Proper evaluation and testing ○ Fits requirement ○ Bugs free ○ Scalable ● Global standardization ○ Same models of hardware ○ Same software codes ● No mass software upgrade! ○ Small PoP first ○ Deploy in batches
Solid Monitoring System ● Reduced unwanted alerts ○ Only gets relevant alerts ○ Silence PoP/ports during maintenances ● Monitor the performance of transit providers ○ Detects packet loss on their backbone ○ Provides automatic related traceroutes ○ Actions based on severity ■ Disabling the PoP automatically ■ Disabling traffic on related transit provider automatically ■ Suggests on actions to do
Alerts Channel and Dashboard
Alerts Channel and Dashboard
Global Network Engineering ● Follow the sun approach ○ San Francisco -> Singapore -> London -> San Francisco ● Doing all stuffs ○ Technical operations ○ Network engineering ○ Network expansion projects ○ New PoPs deployment ○ Peering stuffs ● Very fast response to network issues and escalation
Network Automation ● Open source recipe: napalm-salt Apricot'2017 Network Automation by Salt+Napalm by Mircea Ulinic
Some daily usage examples ● salt [target_device] net.cli "junos_show_command" ● salt-run net.find [target_device] ● salt-run bgp.neighbors [bgp_asn] ● salt [target_device] [anycast.disable | anycast.enable] ● salt [target_device] [transit.disable | transit.enable] [transit_name]
Net finder salt runner example
BGP salt runner example
Get advertised routes to particular BGP peer
PeeringDB lookup on IXPs info
BGP peering configuration push
Global configuration push ● salt [target_device] net.load_template [config_template] ○ Configuration template with Jinja2 format ○ Dynamic configuration loader ■ Flexible ○ Allow dry-run ○ Example: salt -N junos-cdn-edges net.load_template test-lar
Configuration template file
Global configuration push using template
Peering Update in Asia
In August 2015 ● AKL-IX (Auckland) ● APE (Auckland) ● BBIX (Tokyo, Osaka, Singapore) ● Equinix (Hong Kong, Osaka, Singapore, Sydney, Tokyo) ● HKIX (Hong Kong) ● JPIX (Tokyo, Osaka) ● JPNAP (Tokyo, Osaka) ● Megaport (Auckland, Singapore, Sydney) ● PIPE (Sydney)
Addition of Peering Exchange as for now ● AMS-IX (Hong Kong) ● KINX (Incheon) ● MYIX (Kuala Lumpur) ● NSW-IX (Sydney) ● SGIX (Singapore) ● VIC-IX (Melbourne) ● WAIX (Perth)
Globally ● Registered in 150 public peering exchange points ● About 120 of them are up and running! ● More details: https://www.peeringdb.com/asn/13335 ● On-going 100G deployment ● Peering Contact: peering@cloudflare.com
Q&A
Managing Global Distributed Network

More Related Content

PDF
MY Orange Cloud - MyIX Peering Forum 2016
Jimmy Lim
 
PDF
Infrastructure as Code with Terraform: Koombea TechTalks
Koombea
 
PDF
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
NETWAYS
 
PDF
Go frugal with web services
Daniel Fireman
 
PDF
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
Indonesia Network Operators Group
 
PDF
Nyc storm meetup_robdoherty
Robert Doherty
 
PDF
PyConIE 2017 Writing and deploying serverless python applications
Cesar Cardenas Desales
 
PDF
Architecting for the Cloud: Hoping for the best, prepared for the worst
Cotap Engineering
 
MY Orange Cloud - MyIX Peering Forum 2016
Jimmy Lim
 
Infrastructure as Code with Terraform: Koombea TechTalks
Koombea
 
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
NETWAYS
 
Go frugal with web services
Daniel Fireman
 
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
Indonesia Network Operators Group
 
Nyc storm meetup_robdoherty
Robert Doherty
 
PyConIE 2017 Writing and deploying serverless python applications
Cesar Cardenas Desales
 
Architecting for the Cloud: Hoping for the best, prepared for the worst
Cotap Engineering
 

What's hot (19)

PDF
Kamailio presence + json
Emmanuel Schmidbauer
 
PPTX
Nagios Conference 2014 - Luis Contreras - Monitoring SAP System with Nagios Core
Nagios
 
PDF
re:Invent 2018 recap
Trent Hornibrook
 
PDF
Scalr: Setting Up Automated Scaling
Hakka Labs
 
PDF
A Cheapskates Guide to AWS v2.0
Michael Soh
 
PPTX
Architecting for the Cloud: Hoping for the Best, Prepared for the Worst
martincozzi
 
PPTX
Reduce IT Spend with Software Load Balancing
NGINX, Inc.
 
PDF
Life of a startup - Sjoerd Mulder - Codemotion Amsterdam 2017
Codemotion
 
ODP
A Cheapskates Guide to AWS
Michael Soh
 
PDF
P99CONF — What We Need to Unlearn About Persistent Storage
ScyllaDB
 
PDF
Stream Processing Live Traffic Data with Kafka Streams
Tim Ysewyn
 
PDF
The Dark Side Of Go -- Go runtime related problems in TiDB in production
PingCAP
 
PPTX
Going Serverless
Schezarnie Racip
 
PDF
Unikraft: Fast, Specialized Unikernels the Easy Way
ScyllaDB
 
PDF
Austin bdug 2011_01_27_small_and_big_data
Alex Pinkin
 
PDF
OpenNebulaConf2018 - Our Journey to OpenNebula - Germán Gutierrez - Booking.com
OpenNebula Project
 
PDF
Couchbase live 2016
Pierre Mavro
 
PPTX
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
Logan Best
 
PDF
SOLR Power FTW: short version
Alex Pinkin
 
Kamailio presence + json
Emmanuel Schmidbauer
 
Nagios Conference 2014 - Luis Contreras - Monitoring SAP System with Nagios Core
Nagios
 
re:Invent 2018 recap
Trent Hornibrook
 
Scalr: Setting Up Automated Scaling
Hakka Labs
 
A Cheapskates Guide to AWS v2.0
Michael Soh
 
Architecting for the Cloud: Hoping for the Best, Prepared for the Worst
martincozzi
 
Reduce IT Spend with Software Load Balancing
NGINX, Inc.
 
Life of a startup - Sjoerd Mulder - Codemotion Amsterdam 2017
Codemotion
 
A Cheapskates Guide to AWS
Michael Soh
 
P99CONF — What We Need to Unlearn About Persistent Storage
ScyllaDB
 
Stream Processing Live Traffic Data with Kafka Streams
Tim Ysewyn
 
The Dark Side Of Go -- Go runtime related problems in TiDB in production
PingCAP
 
Going Serverless
Schezarnie Racip
 
Unikraft: Fast, Specialized Unikernels the Easy Way
ScyllaDB
 
Austin bdug 2011_01_27_small_and_big_data
Alex Pinkin
 
OpenNebulaConf2018 - Our Journey to OpenNebula - Germán Gutierrez - Booking.com
OpenNebula Project
 
Couchbase live 2016
Pierre Mavro
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
Logan Best
 
SOLR Power FTW: short version
Alex Pinkin
 
Ad

Similar to Managing Global Distributed Network (20)

PDF
The bond between automation and network engineering
Jimmy Lim
 
PDF
IDNOG3-Jimmy-CloudFlare
Jimmy Lim
 
PDF
Technical Debt: An Anycast Story
APNIC
 
PDF
giip service brochure (en) 150705
Lowy Shin
 
PDF
Dev.bg DevOps March 2024 Monitoring & Logging
Marian Marinov
 
PDF
Pivotal Greenplum Cloud Marketplaces - Greenplum Summit 2019
VMware Tanzu
 
PDF
OpenFlow @ Google
Open Networking Summits
 
PDF
Netty training
Marcelo Serpa
 
PDF
FastNetMon and Metrics
Altinity Ltd
 
PDF
Netty training
Jackson dos Santos Olveira
 
PDF
TRHUG 2015 - Veloxity Big Data Migration Use Case
Hakan Ilter
 
PDF
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
Haggai Philip Zagury
 
PDF
Kafka Summit NYC 2017 - Scalable Real-Time Complex Event Processing @ Uber
confluent
 
PDF
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
Nicolas Brousse
 
PDF
An EyeWitness View into your Network
CTruncer
 
PDF
Building a Small DC
APNIC
 
PDF
Multiplier Effect: Case Studies in Distributions for Publishers
Jon Peck
 
PDF
How Sysbee Manages Infrastructures and Provides Advanced Monitoring by Using ...
InfluxData
 
PDF
SPDY and What to Consider for HTTP/2.0
Mike Belshe
 
PDF
SPDY @Zynga
Mike Belshe
 
The bond between automation and network engineering
Jimmy Lim
 
IDNOG3-Jimmy-CloudFlare
Jimmy Lim
 
Technical Debt: An Anycast Story
APNIC
 
giip service brochure (en) 150705
Lowy Shin
 
Dev.bg DevOps March 2024 Monitoring & Logging
Marian Marinov
 
Pivotal Greenplum Cloud Marketplaces - Greenplum Summit 2019
VMware Tanzu
 
OpenFlow @ Google
Open Networking Summits
 
Netty training
Marcelo Serpa
 
FastNetMon and Metrics
Altinity Ltd
 
Netty training
Jackson dos Santos Olveira
 
TRHUG 2015 - Veloxity Big Data Migration Use Case
Hakan Ilter
 
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
Haggai Philip Zagury
 
Kafka Summit NYC 2017 - Scalable Real-Time Complex Event Processing @ Uber
confluent
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
Nicolas Brousse
 
An EyeWitness View into your Network
CTruncer
 
Building a Small DC
APNIC
 
Multiplier Effect: Case Studies in Distributions for Publishers
Jon Peck
 
How Sysbee Manages Infrastructures and Provides Advanced Monitoring by Using ...
InfluxData
 
SPDY and What to Consider for HTTP/2.0
Mike Belshe
 
SPDY @Zynga
Mike Belshe
 
Ad

Recently uploaded (20)

PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Funds Management Learning Material for Beg
NKKumar16
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
artificial intelligence overview of it and more
yafotin445
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
Internet___Basics___Styled_ presentation
poonam62133
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 

Managing Global Distributed Network

  • 1. Jimmy Lim SGNOG 5 jhalim@cloudflare.com Singapore, 5 September 2017 Managing Global Distributed Network
  • 3. This is the new style. ● 4+ million zones/domains ● 43+ billion DNS queries/day ● How? ○ Orange cloud ○ Global distributed network in 120+ locations Still growing fast! ○ Anycast routing Protect and accelerate any website online
  • 4. Benefit of orange cloud ● Direct visitors to the nearest entry point ○ Fast! ■ Lesser hops ■ Reduced latency ● Save bandwidth! ○ Lesser requests to origin ○ Mitigate DDoS ● Resiliency ○ 120+ locations!
  • 5. Orange cloud vs grey cloud
  • 7. 1 new PoP per week!
  • 8. Challenges ● 120+ locations ● 500+ transit/exchange ports ● 500+ network equipments ● Countless alerts!
  • 10. Building Resilience Network ● Stable hardware and software ● Automatic configuration template/peer review ● Solid monitoring system ● Global network engineering ● Network automation
  • 11. Hardware and Software ● Proper evaluation and testing ○ Fits requirement ○ Bugs free ○ Scalable ● Global standardization ○ Same models of hardware ○ Same software codes ● No mass software upgrade! ○ Small PoP first ○ Deploy in batches
  • 12. Solid Monitoring System ● Reduced unwanted alerts ○ Only gets relevant alerts ○ Silence PoP/ports during maintenances ● Monitor the performance of transit providers ○ Detects packet loss on their backbone ○ Provides automatic related traceroutes ○ Actions based on severity ■ Disabling the PoP automatically ■ Disabling traffic on related transit provider automatically ■ Suggests on actions to do
  • 13. Alerts Channel and Dashboard
  • 14. Alerts Channel and Dashboard
  • 15. Global Network Engineering ● Follow the sun approach ○ San Francisco -> Singapore -> London -> San Francisco ● Doing all stuffs ○ Technical operations ○ Network engineering ○ Network expansion projects ○ New PoPs deployment ○ Peering stuffs ● Very fast response to network issues and escalation
  • 16. Network Automation ● Open source recipe: napalm-salt Apricot'2017 Network Automation by Salt+Napalm by Mircea Ulinic
  • 17. Some daily usage examples ● salt [target_device] net.cli "junos_show_command" ● salt-run net.find [target_device] ● salt-run bgp.neighbors [bgp_asn] ● salt [target_device] [anycast.disable | anycast.enable] ● salt [target_device] [transit.disable | transit.enable] [transit_name]
  • 18. Net finder salt runner example
  • 19. BGP salt runner example
  • 20. Get advertised routes to particular BGP peer
  • 21. PeeringDB lookup on IXPs info
  • 23. Global configuration push ● salt [target_device] net.load_template [config_template] ○ Configuration template with Jinja2 format ○ Dynamic configuration loader ■ Flexible ○ Allow dry-run ○ Example: salt -N junos-cdn-edges net.load_template test-lar
  • 25. Global configuration push using template
  • 27. In August 2015 ● AKL-IX (Auckland) ● APE (Auckland) ● BBIX (Tokyo, Osaka, Singapore) ● Equinix (Hong Kong, Osaka, Singapore, Sydney, Tokyo) ● HKIX (Hong Kong) ● JPIX (Tokyo, Osaka) ● JPNAP (Tokyo, Osaka) ● Megaport (Auckland, Singapore, Sydney) ● PIPE (Sydney)
  • 28. Addition of Peering Exchange as for now ● AMS-IX (Hong Kong) ● KINX (Incheon) ● MYIX (Kuala Lumpur) ● NSW-IX (Sydney) ● SGIX (Singapore) ● VIC-IX (Melbourne) ● WAIX (Perth)
  • 29. Globally ● Registered in 150 public peering exchange points ● About 120 of them are up and running! ● More details: https://www.peeringdb.com/asn/13335 ● On-going 100G deployment ● Peering Contact: peering@cloudflare.com
  • 30. Q&A