Cloudflare TV

Cloudflare's China Network: A Case Study

Presented by Bill Jin, Roy Zhai
Originally aired on 

Cloudflare has a presence in mainland China. Besides serving local customers in China, Cloudflare customers around the world can leverage the Cloudflare China Network to provide a fast, secure experience to their users in China. This helps our global customers seamlessly connect to their employees, partners, customers, and suppliers in China.

Furthermore, Cloudflare offers a local China Express solution, providing a suite of connectivity and performance offerings designed to simplify connectivity and improve performance for users in China.

**For more, don't miss the blog post: **

Tune in to learn more about these unique solutions from the Cloudflare team!

China Network

Transcript (Beta)

Hello everyone, this is Roy Zhai from Cloudflare TV. We co-work with local partner JD Cloud to provide most of the Cloudflare services in China.

We call it Cloudflare China Network.

Yeah, hi Bill. Yes, we provide most of application services in China, some of developer services.

And with China Express, a solution from our local partners, the customer may use Zero Trust services.

That's really cool.

We all know that closing China can optimize the accelerated website traffic within China.

Many of our colleagues and our customers ask me many questions about their business requirements in China.

One common question is that if the origin is out of China, can China network still accelerate the network?

Yes, it's a good question. We can still accelerate, but there is uncertainty out of our control.

The customer may have many big impacts when the traffic crosses the border.

I actually just did a test for one of our customers to analyze the latency issue.

We may have a look at the test results. Ah, that's a problem. Some customers will expect a matter with a long latency there.

Yes, the uncertainty could be reflected by too much latency.

Cloudflare callouts in China still need to route through the carriers path to the origin.

Each ISP will appear to different roles depending on the factors or algorithms at the moment.

China's Internet architecture differs from the rest of the world.

Some major ISPs control the network, but due to limited peering, traffic congestion is frequent.

Also, there are only three landing points for submarine optic fiber.

This creates a bottleneck for all users within China connected to foreign origins.


That has been a topic for the customer for a long time. I believe the factors will reprioritize or new issues may come out over time.

The customer needs to pay a large amount of money and talk to each major ISP if they want to optimize the routing.

Theoretically, I think it will be okay for a networking company, but for the normal customers, that would be exhausting.

Do you think we could provide a sustainable solution for that?

That's true, but I'd like to introduce a solution delivered by our local partner to fit this scenario.

It's called China Express. As you can see from this picture, China Express is designed to mitigate such concerns for China network-enabled customers.

We've leveraged our partner's provide line to give customers a high performance of origin pool request.

By working with our China partners, they will provide us with special IPs that belong to their own pub in China.

For example, Shanghai, Beijing, and Guangzhou with NAT configuration.

They can break one-to-one NAT to the customer's real origin IP. After the NAT configuration is done by our partner's side, the only configuration from China network-enabled customer is to change their real origin IP to China Express IP on our dashboard DNS tab.

So the whole process is pretty straightforward.

I think this diagram just describes the design very clearly, and I see lots of benefits from this kind of design.

I think the traffic will be directed along the design road, whatever the different ISPs or the different locations of IBOs in China.

And traffic back to the origin is also optimized and will be directed to the IBO efficiently.

With Cloudflare Workers, we can dynamically enable or disable the role we set in China Express.

And I have to highlight, I think this scenario has a precondition that the origin is a dedicated server or virtual machine or cloud vendor with a fixed IP or domain.

So I think this design can also avoid the congestion of the traffic when passing through the intercontinental peak traffic.

Yes, so let's dig into the real scenario and talk about how customers prepare the scenario.

First, we need customers to provide their origin IP to our local partner.

For example, they have a production domain called

And a record of this is this IP address.

Then we will provide this 34-point IP address to our local partner.

Our local partner will configure the NAT configuration on their router.

So after the configuration is done, they will provide us a new IP address.

That IP address belongs to our partners and it is inside of China.

Once our customers get this IP address from our local partner, they can configure it into our Cloudflare dash.

The first record I typed is the real origin IP address and it is the production domain the customer used.

Next, we add the China Express test domain.

This IP address is provided by our local partner and we have a comment that it is called China Express origin.

It is very easy to configure, right?

Next, we will talk about how we set up the benchmark test on CatchPoint.

Right now, we have two tests. The UI of test A is the real origin one, which is the production domain

The test B is our China Express origin, which the URL is

Then we choose our China Performance Monitoring Group as the monitoring node.

It includes 40 nodes from China mainland.

They cover three ISPs, CT, CU, and CM. We set the random and frequency like this.

We ran on five random nodes from node groups and the frequency is five minutes.

In order to cover both on and off peak time in China, the test will last for 24 hours.

After we finish the monitoring, we will focus on the following metrics to benchmark our China Express solution with the public origin.

The metric we will focus on is the load time and download throughput.

The load time is the time from the first back to the last time of date for the response.

I think this one excludes the DNS time and the TLS time.

It is the total time of the dynamic request from the origin server.

Let's choose Chrome as the probe template.

We give the name China Express test. This test belongs to test A, which is our customer's real origin.

This dynamic request will use our public line, which may have congestion and packet loss.

We set up the monitoring time, which should be 24 hours.

We can keep this setting as default.

For the test node, we will override it and choose the China performance monitoring group, which we created beforehand.

Click Save.

Now we can see a new item appears.

We copy this test to create our next test. This test is based on our China Express solution.

We change the test URL to API Express, which points to the partner NAT IP address as our origin.

We keep the rest of things the same and click Save. That's how we set up our whole process.

Alloy, I know you have spent 24 hours running the test.

Would you please share the test result with us? Yes, definitely. Now let's go through the report analysis part.

We have two test results shown on this picture.

The left-hand side is China Express test result, which shows lower level and more stable load time on average.

Below is the table generated by CatchPoint, which shows the whole test window average data.

We can see China Express is 20% faster than public Internet on average load time metrics.

As we mentioned earlier in this video, in China, three major ISPs control the network, but due to limited peering, traffic congestion is frequent, especially during the peak hour.

When we dive into the peak hour data analysis, we prove rather than the whole test data.

The left -hand side is China Express test result, shows fairly stable over peak hour.

The same metrics from public Internet, which is the right-hand side diagram, shows unstable and drop of availability.

Also, we have more specific data analysis table as well, and give us more insight of how performance improves.

As we can see from this table, China Express result shows 54% of performance increase than public Internet.

Also, we got 20% improvement of download throughput.

Now, let's talk about the conclusion.

With Cloudflare, China Network, and China Express solution, we saw the average load time is 23% faster on average and 54% faster at peak hour.

Our customer is satisfied to see this overall result, especially in the Internet traffic peak time, and the overall connectivity availability enhancement as well.

Also solved the timeout issue while loading their management console and heavy API queries.

We believe that providing a more stable and reliable China connection can help more customers in similar scenarios.

Wow, that's really impressive result.

I think our customers just get much excited for the scenario.

Sir Roy, very appreciate your sharing. Thank you very much. Thank you, Bill.

ZenDesk is one of the world's premier customer service companies, providing its software suite to over 125,000 businesses around the globe.

My name is Jason Smale. I'm the vice president of engineering at ZenDesk.

My name is Andrei Balkanashvili. I'm a technical lead in the Foundation Edge team at ZenDesk.

ZenDesk is a customer support platform that builds beautifully simple software for companies to have a better relationship with their own customers.

We have over 125,000 businesses around the world, all using ZenDesk.

And then within those businesses, there's hundreds of people whose day job is to sit in front of ZenDesk and use ZenDesk.

For ZenDesk, security is paramount. And when it came to safeguarding its network, ZenDesk turned to Cloudflare.

Web security is very important to our business.

Our customers trust us with their information and their customers' information.

So we need to make sure that their information is safe, secure.

The initial need for Cloudflare came back a couple of years ago, when we suddenly started to see a lot of attacks coming towards us.

And all of a sudden we'd get thousands of requests, hundreds of thousands, you know, like millions of requests coming at us from all over the place.

So we needed a way to be able to control what came into our infrastructure.

And Cloudflare were the only ones that could meet our requirements.

It's been really impressive to see how Cloudflare's DDoS mitigation continues to evolve and morph.

And it's definitely the best DDoS mitigation we've ever had.

I think Cloudflare just gets you that and so much more.

And you don't have to pick and choose and layer on all these different providers because it's just one.

And they're great at all of those things. It's easy.

It's a no-brainer. By tapping into Cloudflare's unique integrated security protection and performance acceleration, ZenDesk has been able to leverage Cloudflare's global platform to enhance its experience for all of its customers.

Cloudflare is providing an incredible service to the world right now because there's no other competitors who are close.

Cloudflare is our outer edge. It makes our application faster, more reliable, and allows us to respond with confidence to traffic spikes and make our customers happier.

ZenDesk is all about building the best customer experiences.

And Cloudflare helps us do that. With customers like ZenDesk and over 10 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure, and reliable for everyone.

Cloudflare. Helping build a better Internet. Q2's customers love our ability to innovate quickly and deliver what was traditionally very static, old-school banking applications into more modern technologies and integrations in the marketplace.

Our customers are banks, credit unions, and fintech clients.

We really focus on providing end-to-end solutions for the account holders throughout the course of their financial lives.

Our availability is super important to our customers here at Q2. Even one minute of downtime can have an economic impact.

So we specifically chose Cloudflare for their Magic Transit solution because it offered a way for us to displace legacy vendors in the Layer 3 and Layer 4 space, but also extend Layer 7 services to some of our cloud-native products and more traditional infrastructure.

I think one of the things that separates Magic Transit from some of the legacy solutions that we had leveraged in the past is the ability to manage policy from a single place.

What I love about Cloudflare for Q2 is it allows us to get 10 times the coverage as we previously could with legacy technologies.

I think one of the many benefits of Cloudflare is just how quickly the solution allows us to scale and deliver solutions across multiple platforms.

My favorite thing about Cloudflare is that they keep developing solutions and products.

They keep providing solutions.

They keep investing in technology. They keep making the Internet safe.

Security has always been looked at as a friction point, but I feel like with Cloudflare, it doesn't need to be.

You can deliver innovation quickly, but also have those innovative solutions be secure.

Cloudflare is one of the world's largest global cloud networks to help make the Internet more secure, faster, and more reliable.

Meet our customer, Neato. The thing that used to keep me up at night was security.

Cloudflare helps to mitigate a lot of those fears.

It actually is the front line for our platform and actually looks after pretty much all of the security as well as helping us on the cost side as well.

As one of Australia's leading e-commerce platforms, Neato powers the shopping experience for thousands of online retailers.

My name is Justin Hennessy.

I'm the VP of Engineering at Neato. Neato is one of the biggest e -commerce platforms in Australia.

Our platform receives between 85 and 90 million requests per day.

We have about 2 ,800 merchants on our platform, single shop owners who are just trying to sell online, all the way up to quite large organizations who do multi-warehouse sales.

In the landscape that we are now in, with cybercrime being as high as it is, the threats that hit our platform on a daily basis, it's really important to have both internal expertise and really good relationships with technology partners.

Neato first came to Cloudflare to streamline the process of securing its merchant sites.

Using Cloudflare's SSL for SaaS, Neato automatically provisions and manages security certificates across thousands of its customers' vanity domains.

SSL for SaaS is essentially the primary driver why we moved to Cloudflare.

We have a very complex onboarding process, and part of that is issuing certificates to customers.

Cloudflare allowed us to make that a completely automated, one -click process.

Anybody in the business could onboard and go live with a customer.

Soon, Neato found additional opportunities to leverage Cloudflare's platform for enhanced security, performance, and reliability.

The two major things that we've really embarked on this year around workers and AI bot management.

Cloudflare bot management is something that we've just recently turned on.

In its first day, we were able to block 2.4 million requests, and obviously that has a pretty significant cost effect over time.

Cloudflare Workers is actually quite an exciting piece of technology.

It's really allowed us to be quite creative about how we solve different problems.

I would definitely recommend Cloudflare as a technology vendor because I believe they offer the full gamut of products.

You can start very small, and then you can grow into their feature sets.

With customers like Neato and over 25 million other Internet properties that trust Cloudflare with their security and performance, we're making the Internet fast, secure, and reliable for everyone.

Cloudflare, helping build a better Internet.

Meet our customer, BookMyShow.

They've become India's largest ticketing platform thanks to its commitment to the customer experience and technological innovation.

We are primarily a ticketing company.

The numbers are really big. We have more than 60 million customers who are registered with us.

We're on 5 billion screen views every month, 200 million tickets over the year.

We think about what is the best for the customer.

If we do not handle customers' experience well, then they are not going to come back again, and BookMyShow is all about providing that experience.

As BookMyShow grew, so did the security threats it faced. That's when it turned to Cloudflare.

From a security point of view, we use more or less all the products and features that Cloudflare has.

Cloudflare today plays the first level of defense for us.

One of the most interesting and aha moments was when we actually got a DDoS, and we were seeing traffic burst up to 50 gigabits per second, 50 GB per second.

Usually, we would go into panic mode and get downtime, but then all we got was an alert, and then we just checked it out, and then we didn't have to do anything.

We just sat there, looked at the traffic peak, and then we controlled it.

It just took less than a minute for Cloudflare to kind of start blocking that traffic.

Without Cloudflare, we wouldn't have been able to easily manage this because even our data center level, that's the kind of pipe, you know, is not easily available.

We started for Cloudflare for security, and I think that was the aha moment.

We actually get more sleep now because a lot of the operational overhead is reduced.

With the attack safely mitigated, BookMyShow found more ways to harness Cloudflare for better security, performance, and operational efficiency.

Once we came on board on the platform, we started seeing the advantage of the other functionalities and features.

It was really, really easy to implement HTTP2 when we decided to move towards that.

Cloudflare Workers, which is the computing at the edge, we can move that business logic that we have written custom for our applications at the Cloudflare edge level.

One of the most interesting things we liked about Cloudflare was everything can be done by the API, which makes almost zero manual work.

That helps my team a lot because they don't really have to worry about what they're running because they can see, they can run the test, and then they know they're not going to break anything.

Our teams have been able to manage Cloudflare on their own for more or less anything and everything.

Cloudflare also empowers BookMyShow to manage its traffic across a complex, highly performant global infrastructure.

We are running on not only hybrid, we are running on hybrid and multi-cloud strategy.

Cloudflare is the entry point for our customers, whether it is a cloud in the back end or it is our own data center in the back end.

Cloudflare is always the first point of contact. We do load balancing as well as we have multiple data centers running.

Data center selection happens on Cloudflare.

It also gives us fine-grained control on how much traffic we can push to which data center depending upon what is happening in that data center and what is the capacity of the data center.

We believe that our applications and our data centers should be closest to the customers.

Cloudflare just provides us the right tools to do that.

With Cloudflare, BookMyShow has been able to improve its security, performance, reliability, and operational efficiency.

With customers like BookMyShow and over 20 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure, and reliable for everyone.

Cloudflare, helping build a better Internet.

Tan Baker is a British premium fashion brand.

We sell clothing and shoes and other premium accessories like handbags.

We are a global brand. We have a big online presence and our customers need to download high-resolution images.

Cloudflare manages all of these things for us.

We want to give our customers a very high speed.

Cloudflare does some fine -tuning based on the type of speed they've got.

Cloudflare can easily compress the data according to that Internet line. Since Cloudflare, we have seen great performance boost.

Before Cloudflare, we had another platform where every week we would get one or two DDoS or some other types of attacks and my team would be busy sorting that out.

Since we migrated to Cloudflare, we have not seen a single instance where we have to jump and mitigate some things ourselves.

Cloudflare has helped me personally to create that bridge where the technical information can be translated into executive or world level where they don't understand the technicality.

There are some vendors, either they are very technical and some vendors, they are very sales.

I think Cloudflare has found that balance.

With Cloudflare, we have that peace of mind from a security perspective.

We have that peace of mind in terms of performance. Cloudflare has given Chad Baker what we were looking for.