Today we are launching a very limited beta for a new feature called Proxy Anything. If you are interested in participating, please submit a request using this form.
We’re excited to get your thoughts and ideas about this new feature. Let us know what you think - both good and bad, and how you end up using the product. Looking forward to hearing from you.
I am very positively surprised. Everything works fine, except for the error described above. The transfer rate is also impressive
A quick test with iperf showed:
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.0 sec 1.82 GBytes 1.57 Gbits/sec
The only criticisms would be the choice of ports (but in the document there was more to be added) and the design of the dashboard. The creation form looks a bit blumpy, and I can’t really see much (except for the current connections) on the dashboard. A statistics dashboard of the connections would be cool. A few additional features such as a button for automatically adding a CNAME entry would surely not be bad.
May or may not be caused by the same thing but I noticed this when using a browser with uBlock Origin (ad blocker) running. It was blocked due to the “/analytics/events” part of the URL matching one of its filters.
It’s…uhhh…not quite exactly the utopia I was expecting. With just ports 43 and 44 open, it’s not browser friendly (browsers won’t browse on those “unsafe” ports). Granted, the existing setup already proxies a bunch of browser-friendly ports. This aspect was just some tinkering on my part.
I was also expecting it to magically proxy SMTP/POP/IMAP. I could probably put POP on 43 and IMAP on 44 and configure my mail clients as such, but SMTP can’t be moved away from 25 since it needs to be universally reachable.
This is all because I have a mail server that’s naked without a Cloudflare blanket to protect it.
Is there any chance we could add a feature to this service? Basically the proxy would add a protocol layer, call it the proxy batching protocol, and forward batched tcp packets (for the sockets coming into the proxy) to the destination via a single tcp socket or something like UDT? (UDP-based Data Transfer Protocol - Wikipedia)
This would be a nice perf optimization in that user/kernel context switch overhead could be dramatically reduced/controlled (ie more data throughput per context switch). Given the context switch overhead has recently gotten much worse due to spectre and meltdown patches, I’m sure this sort of functionality would be very welcome in many stacks. Customers could dramatically decrease their VM instance counts as well, rather than increase them due to the increased cpu overhead from latest security patches.
With respect to UDT, using recvmmsg and sendmmsg would be the magic calls on Linux. For Windows, use RIO (registered i/o) to do the same thing. Send/recv many packets per context switch. Could possibly use DTLS to encrypt the datagrams?
BTW, doing the same thing for the websocket proxy would be useful as well.
@jdavis We’re absolutely going to add features to optimize TCP performance and demultiplex. The UDT draft expired in 2010 so it might not be that exactly. draft-gg-udt-03
Given Intel is shipping Stratix w/ Xeon’s, this is also incredibly interesting, could take pub/sub w/ regex or other pattern matching to a whole new level:
A question that has been haunting me ever since I started using Cloudflare services: What about data security and data protection?
The latest transparency report reported that no traffic was diverted to government requests or keys were passed on. If users send e. g. SSH, e-mail and other confidential traffic through the Cloudflare network in parallel to the web proxy service, the question should be asked. After all, it’s a lot of responsibility and trust for Cloudflare.
Could you imagine including “Proxy Anything” in the transparency report for next year?