I don't understand their statement about MPLS and security: "a need for MPLS to make their network operate securely"
Isn't MPLS used for routing and building SDN fabric where you applied a bunch of QoS rules depending of the MPLS tags ?, which as nothing to do with security.
I also noticed the writing was particularly poor. And not just the technical detail... Everything from grammar to general syntax needs tweaking for ease-of-reading.
Yeah, could really use some details about the hardware, especially when they mentioned energy efficiency, heat production, and performance in the article, but gave no comparisons to anything for their hardware.
Cloudflare Access does Zero Trust, something like Tailscale provides a mesh network with SSO. Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.
I personally use Tailscale for as its a lot easier to use when you're the only one on the network compared to configuring Access for everything, but CF's zero trust stuff is quite enticing if you're running a business.
> Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.
authzed.com is a better fit if you need ACLs for your web properties (Tailscale ACLs are super-clean though and I fully intend to copy it for one of my projects).
When I think of Cloudflare workers and such, I think of the public internet. If you have a public web app and you want low latency all around the globe, a worker is a great option.
This is the opposite of that. Are they targeting "inhouse apps" that until now would be self hosted by the organization? Basically cloud apps where the cloud is in your own building? Do they have good firewalls and access control for that, for different businesses in the same building? Can a business in the future install their own one of these?
Or is this just about businesses having access to the full Cloudflare network, just a little bit faster?
Physical security of these boxes is really interesting (e.g. as CF holds a lot of SSL certificates the profit of hacking into these boxes is likely a lot higher than looks at first glance)
15 comments
[ 3.0 ms ] story [ 68.1 ms ] threadIsn't MPLS used for routing and building SDN fabric where you applied a bunch of QoS rules depending of the MPLS tags ?, which as nothing to do with security.
https://en.m.wikipedia.org/wiki/MPLS_VPN
I personally use Tailscale for as its a lot easier to use when you're the only one on the network compared to configuring Access for everything, but CF's zero trust stuff is quite enticing if you're running a business.
authzed.com is a better fit if you need ACLs for your web properties (Tailscale ACLs are super-clean though and I fully intend to copy it for one of my projects).
Cloudflare is rolling out physical lines directly to offices (like ISPs do, for ex https://www.tatacommunications.com/solutions/).
This is the opposite of that. Are they targeting "inhouse apps" that until now would be self hosted by the organization? Basically cloud apps where the cloud is in your own building? Do they have good firewalls and access control for that, for different businesses in the same building? Can a business in the future install their own one of these?
Or is this just about businesses having access to the full Cloudflare network, just a little bit faster?
Instead, you have to depend on "free" (wrapped up in subscription charges), rigid hardware solutions provided only by Cloudflare.
It's an interesting product, and furthers Cloudflare's dominance strategy. It provides real value and at a cost that is invisible.