Cloudflare – great except China

I’ve been recommending for a while: provides a level of DNS indirection between the internet and your site.  Within the Cloudflare layer an easy to use admin interface allows you to configure services for:

  • Security including SSL and DDoS protection
  • Web acceleration including HTTP/2, Compression including Auto-Minify and “Rocket Loader” javascript rewriting, CDN, caching, control of HTTP cache headers etc
  • Apps: custom apps including Google Analytics can be added to your site and turned on and off at the Cloudflare layer without making any changes to the site itself.
  • The whole Cloudflare can be turned on and off (or paused or switched to “under attack” mode) from the admin site itself.

With plans starting from completely free, what can go wrong?

Well I found out when websites stopped being accessible from mainland China.  Pausing Cloudflare, the sites immediately became available, turning on Cloudflare they became inaccessible from China (while still accessible to the rest of the world).

At first sight it looks like Cloudflare have a great solution, according to the home page the global CDN includes a large number of datacenters inside China:


However as partly explained here, the China datacenters are in fact a separate CDN network run by Baidu and not used at all by Cloudflare.  In fact according to Cloudflare support, China traffic is routed first to LA – even if the destination server is say London.

Results are not consistent, in fact the entire connection between mainland China and the outside world is notoriously unstable and depending on the time of day etc but a typical result for a fairly weighty page load (with no browser caching) was:

  • 2.1 seconds – London site loaded from Canada
  • 6.1 seconds – London site loaded direct from China
  • 23.2 seconds – London site loaded via Cloudflare from China

(But sometimes the China times were much longer or simply unavailable.)

The China problems applying to Cloudflare will apply to a large extent to other providers, due to the local regulatory environment and internet controls, for example:

  • Amazon Web Services China is also a separate network from global Amazon Web Services, it is not permitted to directly connect the two.
  • Some CDNs are blocked from within China (these change from time to time but have previously included those used by this site and the whole of googleapis)

So the best solutions remain:

  1. Optimize your server:  with appropriate configuration and/or application of Google PageSpeed (available for both Apache and Nginx) most of the web optimization functionality can be achieved, though it’s not quite as simple as pressing a button on Cloudflare.   Static files can also be offloaded to a non-Cloudflare CDN such as Amazon Cloudfront.
  2. Separate China hosting on eg separate .cn domain if China performance is important.  This requires a China legal entity to register and assume legal responsibility for the site, which can be done via an agency service.

3 thoughts on “Cloudflare – great except China

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s