Dropping Cloudflare for Bunny.net

Posted by shintoist 8 hours ago

Dropping Cloudflare for Bunny.net(jola.dev)

332 points | 176 commentspage 2

runjake 6 hours ago|

Very small caveat: A lot of the education space bans *.b-cdn.net due to malware, proxy tools, and other shenanigans.

kawsper 5 hours ago|

That's interesting, we moved to Cloudflare R2 for our CDN solution, and we got reports from some european government institutions that our assets weren't loading, likely for similar reasons as you mention, so we rolled back whilst looking for options.

The solution was to move to Bunny, and that worked for everyone.

senfiaj 7 hours ago||

> It’s a single point of failure for the internet. Every Cloudflare outage ends up in the news.

I hear this argument all the time, but I think it's more complicated.

Firstly, if people used more diverse / smaller services the distribution of outages would change. While there will likely to be more frequent "smaller" asynchronous outages, many platforms can still break even when only one of their dependencies break. So, you might likely to face even more frequent outages, although not synchronous.

Secondly, we are not sure if these smaller services are on par with the reliability of Cloudflare and other big players.

Thirdly, not all Cloudflare infrastructure is fully centralized. There is definitely some degree of distribution and independence in/between different Cloudflare services. Some Cloudflare outages can still be non global (limited by region or customers that use certain feature set, etc).

themafia 1 hour ago||

Using a single provider is a single point of failure. It may be that this provider has lots of internal failure modes, but you're still one credit card problem or fake legal request or one mistake away from experiencing the primary failure.

If you actually care for the resiliency necessary to survive a provider outage you should have more than one provider.

Which means you should be running your own origin and using the simplest CDN features you possibly can to make your use case work.

jamiemallers 7 hours ago||

[dead]

kordlessagain 2 hours ago||

Anything that says goodbye to Cloudflare man-in-the-middlinging is joy to my big ears.

andai 5 hours ago||

I thought it was gonna be a captcha that uses this

https://www.goodboydigital.com/pixijs/bunnymark/

I'd assume most bots don't have a GPU attached :)

samlinnfer 6 hours ago||

I do have a question, is it even possible to have a CDN set up where they don't MITM and strip your TLS and re-encrypt or are we just picking which jurisdiction gets to inspect your traffic?

edit: I'm thinking of the use case where the CDN as a proxy for APIs and uncachable content as well, where it used as a reverse proxy for transit/ddos protection.

yjftsjthsd-h 6 hours ago||

Much of the point of a CDN is that they can cache responses, and likely also make other changes. I don't see how that could be done without seeing what's inside the request.

SV_BubbleTime 6 hours ago||

Comparing hashes of responses without knowing what is inside wouldn’t work?

OlivOnTech 1 hour ago|||

No it would not work. TLS protects against replay attacks by design, the same response (or query) in clear text will not look the same in encrypted traffic

woofcat 6 hours ago|||

No, as the request headers would be different for things like time.

SV_BubbleTime 2 hours ago||

Ya maybe. Blocks that are hashed perhaps?

kstrauser 6 hours ago|||

Probably not. That’d look a lot like a bunch of load balancers around the world hitting your own backend. There’s generally not a way to cache web data without decrypting it inside the cache.

tick_tock_tick 2 hours ago|||

I mean you can even use Cloudflare in a non-MITM manner. You lose a lot of the "value" of a CDN but they support it. Cloudflare Spectrum would be the product.

sophacles 5 hours ago||

Why would you want a content delivery network for uncachable content? Literally the point of CDN is to cache content and deliver it.

Granted cloudflare also does DDOS protection, and that makes sense for an API. For that you could do some DDOS protection without stripping TLS, but it can only protect against volumetric attacks like syn/ack floods and not against attacks that are establishing full TCP connections and overwhelming the app server. (rate limiting incoming connections can go a long way, but depending on details, it might still be enough to overwhelm the serving resources, your use case is up to you to understand).

nazcan 2 hours ago||

It seems like having a feedback loop to the DDOS protector could help a lot - i.e. saying how busy you are.

At some level, it's like they become your edge router.

stickfigure 4 hours ago||

This isn't an either/or, you can use features from both and you have to compare carefully. I used to do a lot of image manipulation and had pluggable implementations for imgix, cloudflare images, and bunny. Bunny is by far the cheapest and that ended up being the mature solution (plus some custom processing). But for other caching, R2, workers, etc CF is great.

pier25 5 hours ago||

I'm in the process of doing this for a Spanish client because of the La Liga situation.

Only using edge storage, DNS, and CDN so far but very happy with Bunny.

jrochkind1 2 hours ago|

I had not heard of the "La Liga situation", but googled and what I learned was that La Liga is a Spanish football (soccer) team, and their players did a protest action about not wanting a match to be staged in Florida, and the team owners tried to say it was an illegal strike, but a court recently disagreed and said it was protected protest....

I still have no idea what any of this has to do with any clients moving from Cloudflare to Bunny.net, what am I missing?

benhurmarcel 41 minutes ago|||

La Liga is the national soccer organisation, which organizes the championship. They force the ISPs to block Cloudflare during games to block illegal streaming websites. But then it blocks a lot of websites that have nothing to do with it, and there are games fairly often.

pier25 32 minutes ago||||

As an anti piracy measure, La Liga (Spain's biggest football association) was able to push the government so that all ISPs have to block Cloudflare's IPs during matches.

It's ridiculous.

infinita740 1 hour ago|||

Cloudflare is blocked country-wide during matches. For example https://community.cloudflare.com/t/website-inaccessible-from...

_HMCB_ 6 hours ago||

I use Bunny for serving up videos. Best service by far. Inexpensive and fast streaming.

FryHigh 7 hours ago||

I had to move to Bunny.net after Cloudflare disabled my homepage following a malicious report, despite me being a paying customer for several years. I also never received a response to my appeal.

I’ve now been with Bunny.net for over a year and have been very happy with the service.

Lihh27 6 hours ago|

heh one bad report gets action. years as a paying customer get you silence. ugly asymmetry.

tambre 6 hours ago|

Seemingly lacks IPv6 though? Cloudflare requires you to pay them and make an explicit effort to disable IPv6. Sad to see it not enabled by default on Bunny.

zorked 2 hours ago||

They do support IPv6 but not in every POP, unless something changed.

I have IPv6-only backends and I had to select serving from the main POPs rather than the entire network (which is fine by me as they are also cheaper).

forbiddenlake 6 hours ago||

How did you determine that Bunny lacks IPv6?

The CDN certainly has it: https://bunny.net/blog/ipv6-returns-to-bunnycdn/

Depending on where I query from, OP's blog does have it as well:

    # host jola.dev
    jola.dev has address 37.19.207.38
    jola.dev has IPv6 address 2400:52e0:1a04::1310:1

tambre 1 hour ago||

Seems @zorked is correct about some POPs simply lacking IPv6. I simply happened to hit one of those. Quite disappointing but I guess Bunny is on the cheap side and doesn't actually own or manage their network like big CDNs do.

More comments...