ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IETF web site behind CloudFlare

2014-09-17 04:54:49
from [Jari Arkko] [Permanent Link] 

Linus,

The change to Cloudfare has been mentioned, for instance in the plenary. The 
decision was taken by IAOC, with input from the tools committee, based on our 
perception of the need to have a globally efficient access to IETF web content, 
with ability to scale as needed, and with the kind of support that we need. And 
obviously without having to build too much of it ourselves.  Note that the 
current setup involves static web content and not the data tracker.

See page 18 in for some measurements regarding the effects 
http://www.ietf.org/proceedings/90/slides/slides-90-iesg-opsplenary-7.pdf and I 
think at least I personally have found the impact significant.

I was not personally aware of the captcha operation nor have I ever seen it 
while accessing the IETF web site from various places. But we can ask Ray to 
investigate if there are different, more suitable settings. However, I’d note 
that being able to deal with some dos attacks is actually a useful feature, and 
it is not unthinkable for the IETF to be a target. So any defence tactic 
inconvenience should be weighted against the risks and benefits.

Paul:


We
have contributors in countries where using tor to access IETF might
actually be a requirement.



That is interesting. Do you have details? Where?

Shumon:


I believe Jari Arrko mentioned at the last IETF that Cloudflare is working on 
deploying DNSSEC. It would be good to know if they have a specific or 
estimated timeline for that.


TLS, DNSSEC, IPv6, etc are very important to us. TLS and IPv6 obviously has 
been there, and partially based on IETF request they are working on DNSSEC. 
Stay tuned - the date that I heard earlier this year is approaching, but we can 
again ask Ray to check the current situation.

Rhys and Brian:


A bug in CloudFlare’s stuff?



The only issue I've noticed since the site was CloudFlared (well before
IETF 90) is that sometimes the mirror in Sydney, AU is out of date
when files are updated. For example if you upload a new version of
something to the meeting materials manager, the old version is served
from Sydney for some length of time (less than one hour, I believe).


If we find a problem either with the IETF or Cloudfare setup - and test it to 
be a real problem - please communicate with Ray to get it reported.

Jari

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IETF web site behind CloudFlare, Tom Thorogood
Next by Date:  Re: IETF web site behind CloudFlare, Linus Nordberg
Previous by Thread:  Re: IETF web site behind CloudFlare, Doug Royer
Next by Thread:  Re: IETF web site behind CloudFlare, Linus Nordberg
Indexes:  [Date] [Thread] [Top] [All Lists]