Share your experience using Lumen Content Delivery Network

F5 Distributed Cloud Services is being used for web application firewall along with API security, bot protection, and DDoS protection.

There are two scenarios involving web applications and mobile applications with applications hosted across private clouds and public clouds. When switching from one cloud to another, there is no need to change anything on the backend servers on the cloud service provider. Only the DNS level on F5 itself requires changes.

F5 provided a cloud security platform called a SaaS platform, which is a distributed cloud platform where CNAME and DNS changes can be added, and then the application load balancer can be deployed straight away.

F5 Distributed Cloud Services has been used for two years for DDoS protection, and there is a particular feature called API protection. Within API protection, there is malicious user mitigation, which is one particular technology that has been implemented. This is a kind of advanced bot attack prevention.

Malicious user mitigation is an AI/ML-based technology that was introduced by the F5 team, and this particular MUG protects rate limiting. If some users are having anomaly detection or someone is trying to do a bot attack, it will create a CAPTCHA challenge for that particular user alone and not for all users.

For example, if someone is trying to act as a rogue, it will create a CAPTCHA challenge in the backend system on that particular system, so they cannot try again and again at the same time. It is for a concurrent session, and it will give the CAPTCHA challenge. This MUG, malicious user mitigation, prevents bot attacks.

F5 Distributed Cloud Services includes the real-time intelligence feature, which helps with threat response strategies from a threat intelligence perspective. For example, if there are geo-restrictions or geo-based restrictions, sometimes people may come in through proxy-based servers, and it will prevent that.

The load balancing feature optimizes application performance. Observability is the basic piece where F5 got introduced. This observability piece provides end-to-end visibility on the application performance. It gives complete end-to-end visibility across network latency and application performance issues.

Sometimes when it is getting more than 200 pages, it throws errors such as 300, 400, or whatever has been configured, including 500 errors.

F5 Distributed Cloud Services has helped improve traffic management efficiency. Most applications are hosted in the Check Point and F5 firewall, F5 web application firewall, where applications and traffic management can be accessed in a single dashboard.

Automated threat detection is a basic feature of F5 Distributed Cloud Services meant for that purpose. There are two scenarios with automated threat detection, which is provided by F5. It is a completely machine learning solution that came from the bot defense, and it automatically protects against sophisticated attacks.

Last year there was a downtime of 30 minutes across the cloud distributed console, and that was the only impact observed. Since 30 minutes of downtime is huge for applications, maintenance, it impacted RPO, RTO, and all. The F5 CTO and their senior management team addressed that issue.

For availability, they have added additional clusters across all the regional edges in the Kubernetes clusters to enhance availability. However, this improvement needs to be monitored since it was a past incident.

F5 Distributed Cloud Services has been used for more than two years.

F5 Distributed Cloud Services is stable, and they are improving also.

There is no issue on the scalability part of F5 Distributed Cloud Services. The only thing is the initial phase is a challenge; scalability is not a concern. On the initial stage regarding pricing, the moment of committing is the only concern. On the scalability part, there have not been much issues.

Technical support from F5 is good compared to Cisco and HP. This support is very good. F5 provides remote support also. I would provide 9.5 for support.

Positive

F5 Distributed Cloud Services has an easy implementation across all the service providers including AWS, GCP, and Azure. F5 DXE has been implemented everywhere, and it is very easy to integrate.

F5 Distributed Cloud Services was deployed with a partner. Initially, the partner did not support it, but the team manages other solutions, so the people know the technology and have easily adopted it.

There is definitely a return on investment in F5 Distributed Cloud Services.

Compared to other providers, F5 Distributed Cloud Services is a little expensive. However, on the performance side, it is a robust solution. If comparing Check Point and F5 Distributed Cloud Services, F5 is a little expensive. The only difference is in price; technically, they are pretty much the same.

Whenever feedback is given, whether positive or negative, F5 takes it as a serious note and then fixes it. A lack of functionalities is not an issue. At the earlier stage when F5 Distributed Cloud Services was purchased two years ago, there was a lot of technology that was not able to be deployed.

For example, there were three to four different applications from different companies, and they could not be seen in a single dashboard. It was necessary to go to each and every dashboard and collect the centralized access management part. Now F5 has fixed it, and it is working fine. Overall, I would give F5 Distributed Cloud Services a rating of 8 out of 10.

We are still working with Cloudflare at my company, bKash Limited, and we continue to use Cloudflare's Cloud WAF solutions and anti-DDoS solutions.

We are using three solutions from Cloudflare. One is their DNS solution. For our on-premises workload at bikash.com, the primary DNS solution for authoritative DNS is Cloudflare's DNS solution. All traffic for the bikash.com domain is routed through Cloudflare's Anycast solution and Anycast IP. We are advertising this through Cloudflare, and Cloudflare protects our web application and API through this solution for our on-premises infrastructure. This represents 40 to 45% of our workload traffic.

We are using Cloudflare's image optimization feature called Turnstile for CAPTCHA. In some of our applications, we were previously using Google reCAPTCHA, but we are now replacing Google reCAPTCHA with Cloudflare's Turnstile solution for DDoS protection.

Cloudflare's WAF features help us address security threats including SQL injection and cross-site scripting because these protections are automated. In other solutions, we use F5 for our distributed cloud for our AWS and other workloads, and we have to configure those solutions manually. With Cloudflare, those are predefined configurations. We do not need to perform any configuration ourselves, and they ensure protections.

Cloudflare's DNS services deliver the best performance in terms of speed and reliability. We are also using AWS Route 53 for bikash.sh, where our 65% workload is located, but we feel more secure with Cloudflare rather than AWS Route 53 for authoritative DNS.

Cloudflare's custom analytics provide insights into user interactions and security vulnerabilities because we receive good information from the security dashboard about where our traffic originates and from which networks we receive the most attacks. These are valuable features, and I would say they are an added advantage from a monitoring perspective.

Their analytical dashboard is comprehensive because they provide substantial information and features that I find valuable.

From a security perspective, there remains a security loophole, as some browsers in the market can bypass the Turnstile solution, which requires approximately 40 seconds to do so. From a performance perspective, this is acceptable. We also tried Google reCAPTCHA, and that can also be bypassed. From a security perspective, I would say neither solution is completely secured.

Regarding uptime, we have faced a couple of incidents due to Cloudflare in recent years, so I cannot say we receive 100% uptime for our region. We sometimes face challenges, including downtime and other issues. As a result, we are not receiving 100% uptime from Cloudflare's solution. Since most of our customers are in this region, we need alternatives. We need something more competitive than Cloudflare. Unfortunately, in Bangladesh, Cloudflare has three points of presence already, and we cannot find any other solution provider in Bangladesh as an alternative, which presents another challenge.

Competitor solutions have more attack signatures, which ensure better security compared to Cloudflare's predefined configurations. Customers do not have options to modify any configuration parameters in Cloudflare, whereas other competitor solutions, such as F5 Distributed Cloud, allow customers to tune configurations according to their requirements. Cloudflare could improve in this area. Additionally, regarding visibility, Cloudflare has static visibility, but they could adopt dynamic graph features for their customers.

We have been using Cloudflare since 2018.

I would rate their technical support as average, neither particularly good nor poor.

Cloudflare's technical support presents challenges. First, because they are dealing with live traffic as an emerging service, their response time should be more consistent. Currently, we use other solutions where support is available through Slack channels and is more interactive, with someone responding within a couple of minutes or seconds. We also see solution providers that offer AI-based responses, providing solutions from their knowledge-based database whenever an issue occurs. Cloudflare operates traditionally with a portal where we must raise a ticket, and an engineer will engage and respond within two to three hours. This is why I rate them as average, and we need more proactive support from Cloudflare.

Neutral

We are also using AWS Route 53 for bikash.sh, where our 65% workload is located.

From an analytical perspective, we are also using DataDog and F5 WAF solutions, all with interactive dashboards. However, Cloudflare only has some predefined dashboard visibility, and the graphs are actually static and not dynamic. Other solutions have dynamic representations, but while Cloudflare provides substantial information, the representation could be much better.

I would recommend Cloudflare to other companies. However, I would recommend F5 XC Distributed Cloud first as my top priority, and then Cloudflare as my second priority.