Americas

  • United States
by Sean Michael Kerner

Cloudflare accelerates its network with security, traffic optimizations

News
Sep 27, 20246 mins
Network Management SoftwareNetwork SecurityNetworking

Networking innovations from the web infrastructure and security company include Encrypted Client Hello, Speculation API, Zstandard compression and TURN protocol implementation.

Speed, fast, faster. Hand turning a dial with a rocket ship icon..
Credit: Olivier Le Moal/Shutterstock

Cloudflare unwrapped a series of networking and security innovations during its birthday week event. The announcements include implementations of new and emerging internet standards that could have a wide-ranging impact over time. Cloudflare commands a sizable share of internet traffic, and its network footprint spans the globe.

Key announcements include:

  • AI Audit: Tool for website owners to monitor AI crawler access
  • Speed Brain: Predictive technology for faster page loading
  • Workers AI: Enhanced AI inference platform and developer tools
  • Z Standard: New compression algorithm outperforming Brotli
  • Encrypted Client Hello: Privacy feature for initial web connections
  • Cloudflare Calls: TURN protocol implementation using Anycast network
  • SQLite integration: Embedded database in durable objects in the cloud for improved performance

Speed Brain uses Speculation Rules API to load pages 45% faster

Among the most interesting announcements is the debut of Speed Brain. Cloudflare claims the technology could enable web pages to load up to 45% faster.

John Graham-Cumming, CTO of Cloudflare, noted there is a new API that is supported in some browsers called Speculation Rules. The API allows a browser to preload certain content from a website, even before a user clicks. As a user hovers the mouse over a link on a website and is thinking about clicking, the browser is downloading the page.

“We can use machine learning to predict what you’re likely to click on, or at least predict what we should send to your browser so that if you do click, you get the fastest response,” Graham-Cumming told Network World. “The speed up is remarkable. The real speed up in the real world, not like in a lab, is 45%, which I didn’t actually believe when they first told me.”

Data compression gets 42% boost with Zstandard

Another area where Cloudflare is making use of emerging internet standards is with compression.

Currently, the Brotli compression format is among the most widely used. Cloudflare is now rolling out a new option based on Zstandard (zstd) compression that has only been supported in the Google Chrome and Mozilla Firefox web browsers since March of this year.

“Zstandard gives pretty much the same compression levels of Brotli, but is about 42% faster than Brotli, and so it actually makes it viable to be using it at quite a wide scale,” he said.

Hello (encrypted) world

Privacy enhancements are also a key focus for Cloudflare, and that’s where the new Encrypted Client Hello (ECH) specification fits in. This feature addresses a longstanding privacy concern in web browsing. ECH is a proposed IETF standard that is currently undergoing review.

“One of the ways in which web browsing isn’t private is that your web browser goes and connects to your website and announces what it’s looking for in what’s called the client hello,” Graham-Cumming explained. “The solution to that is a thing called Encrypted Client Hello.”

ECH encrypts the initial “Client Hello” packet in the TLS handshake, which reveals the domain the user is trying to connect to. Encrypting this packet hides the destination domain from anyone monitoring the connection. To be clear, Graham-Cumming noted that ECH is different from other privacy efforts like DNS over HTTPS/TLS, which encrypts the DNS lookup process, so that the DNS server cannot see which domains the user is looking up.

The key difference is that Encrypted Client Hello focuses on hiding the destination domain in the initial TLS connection, while DNS over HTTPS/TLS focuses on hiding the DNS lookups that precede the TLS connection. Both techniques aim to improve user privacy by encrypting different parts of the web browsing process.

Cloudflare Calls: Leveraging Anycast for improved connectivity in a NAT world

An everyday challenge for networks is the issue of NAT (network address translation) transversal. There are many different ways of dealing with the issue, and now Cloudflare is trying its… turn.

TURN (Transversal Using Relays around NAT) is an emerging internet protocol to optimize the NAT transversal process. The Cloudflare Calls service, which is based on the TURN protocol, is now generally available. The service utilizes Cloudflare’s Anycast network to provide scale and performance. 

“I actually think Cloudflare Calls is one of those sleeper products that is actually really powerful, and people are sort of slowly starting to build on it, because it gives you this point-to-point connectivity,” Graham-Cumming said.

SQLite moves off the desktop and into the network

In a move to improve developer experiences, Cloudflare announced the integration of SQLite within its durable objects. SQLite is one of the most widely used open-source database technologies and it’s almost always set up to run with local on-device storage.

“We’ve embedded the SQLite database inside one of what we call durable objects, which are objects that move around the Cloudflare network,” Graham-Cumming said. “That, I think is going to turn out to be really pretty exciting for people, because it allows them to store data and operate almost as if that durable object was on your computer.”

Read more from this author