We Are the Cloud!
2021-02-25 - John Graham-Cumming, or JGC, is the CTO of Cloudflare, an American company that provides CDN solutions, Cyber security services, DDoS mitigation, and distributed DNS services. He was there from the very beginning when the company had only 24 people to today where its personnel is approaching 2,000. In this podcast, Tobi chats with JGC about his GNU Make book, how Cloudflare has grown to a market cap of $25BN, what he thinks about edge computing, how Covid-19 has changed the security world, and how Cloudflare operates and maintains a global network with millions of servers.
JGC nerd path is quite fascinating. In the 1970s, when he was just seven or eight years old, his parents sent him to a summer camp at Cambridge University. (The was a camp where parents of brilliant kids sent them to explore their curiosity.) At the camp, he walked up to someone— who turned out to be a professor at Cambridge— and asked how computers work.
“(The professor) sat down… with a pad of paper and drew what I now know to be a cheering machine and said, ‘here's the theoretical foundation of computing,’” JGC explains, “So, that was the beginning of it.”
His curiosity was captured! The encounter started the next chapter of his life, which led him to study computer science and mathematics.
John explains how he found himself over and over again involved with startups, some of them long before people thought about startups as a thing. It all started in 1992 when he was working for a UK company. The company moved him from the UK to Silicon Valley in the US, where he worked for several startups, one of which revolved around GNU Make. It is during his time there that JGC became an expert on GNU Make. He started out writing a blog on the subject, which he later turned into a book.
Today, John says he doesn’t do a lot of coding.
“In my role at Cloudflare, I don't write that much code. I just don't have time to dedicate to doing a project over a long period. So, it's become a little bit more of a management and strategic job than a programming one,” he explains.
In this podcast, John explains what edge computing is and why it’s the CDN scene’s buzzword right now. With a presence in over 200 cities around the globe, Cloudflare is a leader in edge computing, which has gained traction in recent years as the go-to solution for improving the responsiveness of applications.
“For me, it's going back to the 8-bit world,” JGC explains, “So, the 8-bit world, I can switch on my computer, I could type in some basic code at that time, and I could hit run, and it would just operate. I didn't have to think about deploying it or compiling it… And that really, for me, is the beauty of it.”
“If you write code in our platform and you deploy it, it's literally runnable worldwide within seconds.”
Cloudflare uses the V8 engine, which is part of Google Chrome and chromium, to run very lightweight processes called isolates. They, in turn, use the isolates to run their customers’ code.
“The beauty of it is that we’ve got it down to the point where there’s no start-up time at all,” John says, “Because we have this neat trick, which is that a connection comes in for a web browser to do something, and during the handshake time (as the TCP and TLS handshakes happen…) we are able to actually start your code running.”
“So the moment the request actually hits us: bam, we're executing the code. There's this sort of a zero nanosecond code start for code. And then we can keep that in memory and execute it over and over again.”
Cloudflare has around 3.2 million free users and just over 100,000 paying customers. While it might seem strange from the outside looking in, John says the strategy works.
“The free tier is really important to us. Many of our largest paying customers came to us because someone tried it out for free.”
The company also leverages the free users when trying out new features. They use the feedback they get from the large customer base to make improvements. As a result, the customer paying a million dollars a month gets an extremely battle-hardened code.
Of the free users, JGC says:
“We really value what they bring to us; they bring us intelligence about what products we should be building, they're QA teams, they're enthusiastic testers of things. And because a large amount of data goes through our network, if there's a new attack, that's going to be planned on the internet, often it gets tried out on one of our customers, and so, we’ll see that new attack we can learn from that before it impacts someone else.”
As the coronavirus pandemic gripped nations worldwide in 2020, John says there was an upsurge of phishing attacks. In addition, as internet use surged tremendously, so did online criminal activities: There was an exponential increase in ransom DDoS attacks.
Tobi asks John if there was ever a DDoS attack that took Cloudflare down.
“We've had DDoS attacks that have taken little bits of infrastructure offline over time. But one of the things about Cloudflare is that we have done DDoS mitigation for a very, very long time. And because of the variety of our client base all over the world, there's usually some sort of DDoS attack going on all the time. If I go into the attack databases, there'll be multiple happening against us all the time. And so we've got really pretty good at defending against them.”
“We've been doing it nine, ten years. You keep building and building and building and building, and eventually, you have a bigger and bigger arsenal of ways of dealing with it.”
Cloudflare’s secret sauce?
“The key thing for us is the way we think about it is, not so much in terms of the number of calls we have or the number of machines we have, but in terms of the number of cities. So it's more than 200 cities worldwide where we have physical hardware that we own and operate because we don't use the cloud to run it; we are the cloud. So, we run that hardware.”
“And our goal is (to have) enough hardware in each of those cities so that we can service the people in that location.”