decided to check how CloudFlare CDN works in Russia. I have a site hosted in Saint-Petersburg location. According to the blog posts (https://blog.cloudflare.com/moscow/ and https://blog.cloudflare.com/ten-new-data-centers/) there is a data center in Moscow alongside POP in Saint-Petersburg, both of which have been created to avoid routing traffic from Russia to Stockholm and Frankfurt reducing such way a latency for the end users.
So far so good. I registered CloudFlare account and added my site into it. Everything is fine, works, etc. Special thanks for such a good TLS implementation with all fancy things.
But… I found that the site became more slow than it was before. I tried to ping it and found that latency increased more than twice (!) from
32 ms to
What I found later is even more interesting. I started to trace DCs (using
/cdn-cgi/trace) which traffic is routed to from different parts of Russia. During the tests
DME (Moscow) and
LED (St.-Petersburg) DCs have status
Operational according to Cloudflare System Status service. So,
fl=132f48 h=***.ru ip=87.236.*.* ts=1549787084.286 visit_scheme=https uag=curl/7.22.0 colo=KBP http=http/1.1 loc=RU tls=TLSv1.2 sni=plaintext
fl=128f61 h=***.ru ip=87.228.*.* ts=1549734931.65 visit_scheme=https uag=Mozilla/5.0 (Linux; Android 8.0.0; PRA-TL10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 colo=ARN http=h2 loc=RU tls=TLSv1.3 sni=plaintext
Moscow (mobile operator's network)
fl=71f312 h=***.ru ip=176.59.*.* ts=1549735170.907 visit_scheme=https uag=Mozilla/5.0 (Linux; Android 8.0.0; PRA-TL10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36 colo=FRA http=h2 loc=RU tls=TLSv1.3 sni=plaintext
fl=71f158 h=***.ru ip=79.126.*.* ts=1549786975.214 visit_scheme=https uag=curl/7.54.0 colo=FRA http=h2 loc=RU tls=TLSv1.2 sni=plaintext
According to these results, traffic from Saint-Petersburg has been routed to Kiev, Ukraine (KBP), from Moscow to Stockholm, Sweden (ARN) and Frankfurt, Germany (FRA), from Saratov to Frankfurt, Germany (FRA). None of the cases shown routing to Russia’s national DCs.
The same results I got using plain HTTP instead of HTTPS, keep trying for 2 (maybe 3) days.
Now I’d like to know whether it is normal (designed) routing behaviour or not. Latencies that increased at least twice after CloudFlare integration look disappointing.