I know people are saying this is just like Cloudflare, but there might be some real value differentiation here. Google has been doing some really advanced things in this area for a long time. I think I saw a research paper or talk from 5-10 years ago about how Google shows the impact of network policies before applying them, I just searched for it and couldn't find it[1]. The things like Preview Mode and Rich Rules Language could be very advanced.
What kind of network policies? Millions of years ago, Google used Cariden software to simulate what happened when links went down, QoS changes were applied, etc. From what I recall, at some point, the size of the network, new special hardware and the need for more flexibility outgrew the tool's capabilities, so IIRC it was supplanted by in-house solutions that were more real-time and fit into the new SDN architecture.
Interesting - given Cloudflare's real value proposition and domination of their sector, I've been half expecting Google to buy them for a year now.
Google are very good at internet plumbing, and I expect this to be a pretty compelling service. Serious competition and not being an acquisition target any more must have really hurt Cloudflare's value today.
Apparently, they don't support external origins yet. IMHO without this feature they can't be considered a direct competitor to CloudFlare. Also, CloudFlare lately is adding a bunch of very neat features, it's not just about DDoS.
Of course, for those who are already using GCP and depending on their needs is a great alternative.
Meh, I think they've grown up some and see what Amazon has done. Building infrastructure services for customers adds long-term revenue. BMW doesn't make you buy fuel injectors from someone else.
Not part of GCP. Yes they have a history of shutting down free services but things in GCP don't get shut down, they are products, products people pay for.
This is great news. Cloudflare is way too expensive. Pricing seems reasonable
Policy Charge $5 per Cloud Armor policy per month
Per Rule Charge $1 per rule per policy per month
Incoming Requests Charge $0.75 per million HTTP(S) requests
Not comparing to Cloud Armor, but the $200/month minimum to bring one's own tls certificate. That alone puts Cloudflare squarely on the list of unusable options for any small project or business that is running their entire production infrastructure on less than $100/month. Also, the inability to specify cache expirations below... what was it... 30 minutes or 2 hours? Again, forced to pay too much for one of the core features of a CDN.
Hmm. Cloudflare provides free TLS certificates automatically. The feature you're describing is for if you want to upload your own certificate and private key to Cloudflare for it to use on the edge. Do a lot of small projects really need that?
Azure differentiates itself here by aligning their interests with the customers’ interests. They’re not first do that either. For example, another major hosting provider, OVH, bundles DDoS protection in their basic service.
Google’s model de facto means they’re just running another protection racket, that is they make more money the more DDoS attacks there are.
From Azure’s website:
> Protection against unplanned costs
> Our cost protection provides service credits for resource costs which are incurred as a result of a documented DDoS attack.
Also you can't run a GKE cluster across multiple regions, only multiple zones. If you have multiple clusters in different regions, you can use a NodePort service on each and manually setup a GSLB with a backend pointing to all of the GKE clusters.
Running a Kubernetes cluster across multiple regions is not a great idea. You can set up a federation of clusters, but GKE doesn't seem to support that yet, so you need to create and manage the federated control plane yourself. And there's no standard way at the moment to have generic cross-cluster networking, like you easily could with Borg. So you can load balance external requests to a number of clusters, as you explain, but currently it's easier if each cluster is self-sufficient and doesn't need to refer to internal services in other clusters.
If you need to reach services between clusters, that's completely different from ingress. Ingress is about external access to cluster services.
You can still use an authentication layer and expose everything through an ingress, or use internal IPs for the services/containers which are already routable in GCP's network across regions. A headless service to get the IPs and a cron job to sync these to a public DNS system will give you the same thing federation does for cross-cluster service discovery. There are also apps like ExternalDNS that'll do it for you: https://github.com/kubernetes-incubator/external-dns
I'm trying to enable Cloud Armor to play around with it, but it just looks like a firewall. I don't see a simple way to just "turn it on" - it looks like you have to create an IP address-based policy. It's unclear to me whether there is any kind of adaptive DDOS protection.
Cloudflare is 'dominating' because of their free tier. There are other services actual companies use. Fastly, Akamai, AWS Cloudfront, CacheFly and more.
CF having that free tier is a HUGE reason me and people I know stick with it. None of us want to have to throw money at a CF-like service for a low-traffic site, or for an MVP, or... At some point, it definitely becomes worth it, but Cloudflare's free tier is a HUGE boon early on imho.
No competition? There are many CDN and DDOS protection services. Cloudflare's own copy claims they have 35% of the market which indicates there is certainly competition out there.
Just to clarify - Cloudflare have POPs behind the great firewall of china in cooperation with Baidu. That is not to say Cloudflare routed sites are all accessible through CF, but it's certainly not a blanket statement either way.
Yes but you need a "license" given by Chinese Gov. Otherwise your website will still be routed to edges outside of China.
And the bigger problem is the CloudFlare DNS, it is not working well in China.
Many, many years ago, a new product or service announcement from Google would leave me interested and excited. Now I just shrug and wonder when it will be abandoned.
[1] But I did find this page about their network research: https://research.google.com/teams/netsys/