> BunnyCDN was pretty consistently returning my blog post a few hundred milliseconds faster than Cloudflare
Makes me think that author's CF was misconfigured. Unless you're in a zone with really bad interconnects, like Brazil, or African locations, multiple hundreds of milliseconds shouldn't be possible as the baseline, much less as the difference in the saved latency. (I'm assuming the author talks about a single blog post request)
There is a long-standing dispute between Cloudflare and Germany's biggest ISP, Telekom, which results in terrible peering for Cloudflare free traffic for Telekom customers here. Sites on the Cloudflare Pro plan are not affected by this somehow.
If the author is a Telekom customer, then they would absolutely see 100ms+ improvements.
DTAG is just terrible. Having a whitelist of allowed mail providers they deal with? Check. Abusing peering to squeeze more cash? Check. Advocating for censorship on the Internet? Check.
>Sites on the Cloudflare Pro plan are not affected by this somehow.
This has been my general experience with cloudflare. Their free plan is abysmally slow. And even their Pro plans add significant (30ms+) overhead to requests.
This is not accurate. I do not know the details but netlify served things from a CDN by default if you set things up correctly with a CNAME entry in your DNS record.
People often misconfigure things by pointing their domain to netlify's IP with an A entry, but this is a user problem, not a netlify problem.
I'm sure their builds/functions run in a single region but not static files
Based on my limited knowledge, you have to point your root domain (e.g. example.com) to their IP address because it’s an A record.
For the a CNAME record (e.g. wwww) it can be pointed to their CDN.
I think if you use Netlify DNS for your domain, then you can point A records to their CDN because it’s an alias at that point. Like, A record aliases on AWS Route53.
Hundreds of milliseconds though? Seems highly doubtful, Cloudflare has latency in the range of 10-20 ms for most metropolitan areas, that they would that ten times that much for returning a blog post seems unlikely unless caching or other things are misconfigured.
Bunny.net explicitly names third parties handling user data, while Cloudflare’s policy is more vague, referring only to "third-party service providers" without listing specific companies.
I like the bunny policy more. It is more transparent.
But still good to know if someone pick a service with this intention:
"I’ve been looking at European alternatives to my current hosting situation, which is Cloudflare."
Haven't we learned that in the security and privacy domains that maxim requires its inversion? Especially with the passing of time! "Don't let temporary adequacy undermine lasting protection."
If things were perfect you only need 1 layer of security. Things aren't perfect, that doesn't mean we should just give up and have no security, we have multiple layers of good security as while it's not perfect, it's better than nothing.
Right. I think we're all in agreement about the end goal,... The "how we get there" is another story.
I'm partial to aiming for perfection — when there's time for it — after having been the person paying down the tech debt across different domains (i.e. untangle spaghetti code to unravel subtle logic errors, fix them, and write down documentation).
But I agree that sometimes you just need to ship a workable solution ASAP... I am of the opinion that that should be an exception, and that it isn't a sustainable modus operandi.
> bunny.net is fully committed to complying with the GDPR. We have overhauled our user Privacy & Data policy and taken steps to ensure no personally identifiable data is stored from your users that access your services through bunny.net by anonymizing any data that could be used to directly or indirectly identify a user. [..]
Looks like they share personal data of Bunny customers but not the users of the customer's services.
BunnyCDN has a great product offering, particularly if you've used Backblaze B2 as "ultra-cheap" object storage, the BunnyCDN product is very competitive pricing-wise, and the CDN configures seamlessly with it. And you can set up a cheap image transform proxy on any of your CDNs.
R2 is cheaper though if you storage cost is less than your bandwidth cost, and B2 has a feature to automatically expire items which depending on your design might make it more efficient.
Cloudflare sales folks are notorious for randomly emailing you and forcing you to suddenly buy 1k+ usd plans out of nothing suddenly.
Be wary of that scenario, it happens quite often if you observe cloudflare’s reddit sub. I think most folks are ok paying for stuff , aws being 10x more expensive wouldnt be so successful if people didnt like paying.
But predictability is important, and cloudflare salesmen can tend to be a bit unpredictable and unprofessional and extensively attempt to use all sorts of pressure tactics to reach their sales quota, so be careful.
I’m saying it as someone who extensively uses Cloudflare Workers and pay for their monthly subscriptions.
Might be worth adding that Bunny offers DNS services as well.
I've started switching a few sites from Cloudflare to Bunny and the experience has been great so far. Bunny offers custom name servers as well, so if you can setup glue records with your domain registrar, it's easy enough to have custom nameservers, DNS and CDN hosted with Bunny. Cheap as chips and great performance so far.
I'm looking for a decent alternative to ReCaptcha or Turnstile but haven't found one yet that has easy integration (form builders etc.)
My move away from US providers isn't in protest - it's just risk avoidance. The unpredictable nature of the current administration reduces the attractiveness of using US based providers.
What a pleasant post! Always cool to see new options popping up to make the web a little bit less centralized (the stranglehold that Cloudflare holds, admittedly in part due to them having both lots of features and good execution)
Crucially Bunny offers prepaid plans. No risk of sudden six digit bills. So glad they’re adding many more services under this pricing plan in their recently announced Magic Containers roadmap.
Agreed. I've been using it for all DNS and CDN for over two years now. Great company, great support, great performance, great API. Everything. Love it. I'm a big fan.
It will be fascinating to see if the protectionist foreign policy that's been adopted by the US will lead to an improvement in the quality of services available elsewhere.
Previously, the friction of using a service with slightly rougher edges would have tipped the scales against it. Now, it seems we have a kind of patriotism emerging in our purchase decisions.
Ultimately, it should give us all more choice through strengthened competition.
Though that makes little sense in the context of a CDN. I think Bunny uses US providers like Zenlayer for their egress there, so they’re just a middle man in my understanding. I don’t think there’s any EU provider that runs their own CDN hardware infrastructure in the US.
Yeah but it’s like using a EU vendor that hosts on AWS, if the US government wants the data they’ll just subpoena AWS instead of the EU provider. I get that it’s better but anything hosted on US soil is under jurisdiction of the US government regardless of whether it’s ultimately owned by a EU vendor.
The US has started a war with many of its allies, including Europe. Obviously that means European users will be looking to remove hostile actors from its supply chain.
That said, if your audience is primarily in the EU or you just really want to keep your TLS termination on EU jurisdiction then you can configure a Bunny pull zone to route all traffic to their EU-based servers regardless of the origin.
I rarely do pure CDN setups for cloudflare because the edge workers platform is just too good not to run everything there that is possible. BunnyCDN and most other edge worker offerings are a joke in comparison. Given that workerd is apache 2.0 licensed its strange no other offering goes into that direction.
I use Bunny for my real estate model viewer where each visitor must download hundred of pictures
example https://icade-leblancmesnil.hive-maquette3d.fr/maquette/f5
Bunny was the best solution to serve those images fast at scale and for really cheap.
For website hosting, it's okay but not great. We encountered issues when we tried to cache a lot of images. Their CDN storage seems really low compared to Cloudflare and Cloudfront. It results in a really bad hit ratio the moment we try to deliver a lot of images.
As it happens, just yesterday I began the process of switching from Azure Front Door (Azure's CDN offering) to CloudFlare and found that process significantly more painful than I expected.
The first annoyance is that CloudFlare requires that you use their DNS servers, seems unnecessary to someone who isn't worried about being DDoS'ed, but okay, fine, I'll move one of my secondary domains (a .net) over to them.
I export my DNS Zone from Azure, try import it to CloudFlare and it can't understand the format since it's apparently not a proper BIND format. It's less than a dozen records so I just manually capture them, even though I find the UI for capturing DNS records clunkier than I would expect it to be.
Then I want to update my domain's NS records to point to CloudFlare's servers. My domain is currently an "App Service Domain" which is essentially Azure's DNS registrar offering (they're actually re-selling Wild West Domains services, which I think is GoDaddy) and it turns out it's not possible to update the NS records on Azure. At this point I figure the easiest thing to do is transfer the domain to CloudFlare as the registrar.
This is where CloudFlare has a total stuff up in their systems. Under the "Transfer Domains" section of their dashboard, it would only show "You currently have no domains available for transfer. Follow these instructions to initiate a transfer with the current registrar".
I look at the linked document, manage to get an auth code from Azure for a domain transfer. Still, the "Transfer Domains" screen shows the same thing. I check everything I can, I've captured the domain information on my CloudFlare account (showing a status of "Invalid nameservers", as expected), I check who.is and there is no indication that the domain is locked in any way, still, the "Transfer Domains" doesn't show my domain. I ask ChatGPT and it mentions it can sometimes take a few hours to show, 4 hours later it's still not showing.
I open a ticket and after a bit of back and forth they say the problem is that the "domain is not active", I tell them that to my knowledge everything is active with my domain and I ask them to tell me where I can see this status showing where the domain is "not active" and they tell me it's the status for the domain on the CloudFlare dashboard. Which (presumably) is due to my not having updated the NS records to point to CloudFlare, which I actually mentioned in an earlier email to them is not possible with Azure as the registrar, which is why I was trying to transfer my domain to CloudFlare!
In summary, it's impossible to onboard to CloudFlare if your domain is presently registered with Azure, their "smart" UI doesn't make it possible. I have had to transfer it to our Namecheap account which (as I would have expected on CloudFlare), simply allowed me to enter my domain name and the auth code on their "transfer your domain" page and now the transfer is in progress.
As a related aside, the reason I'm moving from Azure Front Door to CloudFlare is because despite a months long support ticket with Azure, they are not interested in solving the problem of cold cache downloads through their CDN being ridiculously slow, like < 2MB/s (< 16Mbps). I did a test by provisioning a VM with Azure in the South Africa North data center, then via Front Door requested a file hosted with Blob Storage also in the South Africa North data center, and the initial download was < 2MB/s while immediately after it was > 100MB/s (i.e. once the cache was no longer cold). The cold cache speed is less bad (but still not great) if you're doing a set up with everything in West Europe but we've had complaints from European customers in some countries of slow speeds even with West Europe as the source of the data, so I can only surmise that Azure Front Door is just generally terrible at serving files which are not yet cached.
For a service I am working on, I was considering paid CDN, but they were all cost prohibitive for what I expected the usage to be. So I wrote my own CDN(2k lines of code with peer state synchronisation). But Bunny always seemed to be the best bang for the buck. I think they are from Slovenia, so that is a plus in my book.
What makes it worse? In my experience it is a better CDN than Cloudflare (other than that it cost money and CF can be free and that is lacks websocket support). WAF seems a bit better at CF (but not sure the app should rely on a cloud WAF for security).
It's not about not liking Trump. The fear is that the trade war against Europe might make it so expensive everyone has to switch to a non-American service. This is a way to be prepared for that. There is also the fear if USA goes to an actual war against Europe, then it is not safe to use any american technology that phones home.
This is all cool, but:
> BunnyCDN was pretty consistently returning my blog post a few hundred milliseconds faster than Cloudflare
Makes me think that author's CF was misconfigured. Unless you're in a zone with really bad interconnects, like Brazil, or African locations, multiple hundreds of milliseconds shouldn't be possible as the baseline, much less as the difference in the saved latency. (I'm assuming the author talks about a single blog post request)
So, don't expect a 100ms+ improvement.
There is a long-standing dispute between Cloudflare and Germany's biggest ISP, Telekom, which results in terrible peering for Cloudflare free traffic for Telekom customers here. Sites on the Cloudflare Pro plan are not affected by this somehow.
If the author is a Telekom customer, then they would absolutely see 100ms+ improvements.
DTAG is just terrible. Having a whitelist of allowed mail providers they deal with? Check. Abusing peering to squeeze more cash? Check. Advocating for censorship on the Internet? Check.
https://netzbremse.de/
>Sites on the Cloudflare Pro plan are not affected by this somehow.
This has been my general experience with cloudflare. Their free plan is abysmally slow. And even their Pro plans add significant (30ms+) overhead to requests.
Seems like they upgraded their abysmal 40Gbps peering, tho.
https://www.peeringdb.com/net/196
Hi, author here, that could absolutely be the case for me. I'll add a note about that when I next get to a computer.
And, looking again, the issue seems to no longer be there, and both CDNs produce results that are within a few tens of milliseconds from each other.
> Sites on the Cloudflare Pro plan are not affected by this somehow.
i.e. Cloudflare is paying and needs you (the customer) to cover the cost.
I was surprised by that too: typically I’ve only seen such high latency on Netlify based sites which exclusively uses aws-east for the whole world.
This is not accurate. I do not know the details but netlify served things from a CDN by default if you set things up correctly with a CNAME entry in your DNS record.
People often misconfigure things by pointing their domain to netlify's IP with an A entry, but this is a user problem, not a netlify problem.
I'm sure their builds/functions run in a single region but not static files
Based on my limited knowledge, you have to point your root domain (e.g. example.com) to their IP address because it’s an A record.
For the a CNAME record (e.g. wwww) it can be pointed to their CDN.
I think if you use Netlify DNS for your domain, then you can point A records to their CDN because it’s an alias at that point. Like, A record aliases on AWS Route53.
I found all of Netlify particularly confusing and honestly a bit scary. Now I’m on CF and it couldn’t be simpler.
The Netlify docs are quite bad so I can see this happening. Also, the Netlify Functions ate locked to one AWS region too.
In my experience bunny has lower latency than cloudflare. I can confirm.
Hundreds of milliseconds though? Seems highly doubtful, Cloudflare has latency in the range of 10-20 ms for most metropolitan areas, that they would that ten times that much for returning a blog post seems unlikely unless caching or other things are misconfigured.
Cloudflare routes most Arabian traffic through US or Europe first.
My browser shows 250ms of waiting when accessing this article.
Poorly bunny has many us services that get your personal data.
https://bunny.net/privacy/
Tableau will receive your personal, billing and account consumption details.
MixPanel will receive your personal account details as well as information.
Active Campaign will receive your personal, billing, and account consumption information.
Bunny.net explicitly names third parties handling user data, while Cloudflare’s policy is more vague, referring only to "third-party service providers" without listing specific companies.
I like the bunny policy more. It is more transparent.
Yes and yes.
But still good to know if someone pick a service with this intention: "I’ve been looking at European alternatives to my current hosting situation, which is Cloudflare."
Don't let perfect be the enemy of good
Haven't we learned that in the security and privacy domains that maxim requires its inversion? Especially with the passing of time! "Don't let temporary adequacy undermine lasting protection."
Not really. Defence in depth is an example.
If things were perfect you only need 1 layer of security. Things aren't perfect, that doesn't mean we should just give up and have no security, we have multiple layers of good security as while it's not perfect, it's better than nothing.
And if we don't talk about things that aren't perfect, there will never be a improvement.
Right. I think we're all in agreement about the end goal,... The "how we get there" is another story.
I'm partial to aiming for perfection — when there's time for it — after having been the person paying down the tech debt across different domains (i.e. untangle spaghetti code to unravel subtle logic errors, fix them, and write down documentation).
But I agree that sometimes you just need to ship a workable solution ASAP... I am of the opinion that that should be an exception, and that it isn't a sustainable modus operandi.
From https://bunny.net/gdpr:
> How does bunny.net comply with GDPR?
> bunny.net is fully committed to complying with the GDPR. We have overhauled our user Privacy & Data policy and taken steps to ensure no personally identifiable data is stored from your users that access your services through bunny.net by anonymizing any data that could be used to directly or indirectly identify a user. [..]
Looks like they share personal data of Bunny customers but not the users of the customer's services.
Never said anything else.
Thanks for this info
BunnyCDN has a great product offering, particularly if you've used Backblaze B2 as "ultra-cheap" object storage, the BunnyCDN product is very competitive pricing-wise, and the CDN configures seamlessly with it. And you can set up a cheap image transform proxy on any of your CDNs.
R2 is cheaper though if you storage cost is less than your bandwidth cost, and B2 has a feature to automatically expire items which depending on your design might make it more efficient.
Cloudflare sales folks are notorious for randomly emailing you and forcing you to suddenly buy 1k+ usd plans out of nothing suddenly.
Be wary of that scenario, it happens quite often if you observe cloudflare’s reddit sub. I think most folks are ok paying for stuff , aws being 10x more expensive wouldnt be so successful if people didnt like paying.
But predictability is important, and cloudflare salesmen can tend to be a bit unpredictable and unprofessional and extensively attempt to use all sorts of pressure tactics to reach their sales quota, so be careful.
I’m saying it as someone who extensively uses Cloudflare Workers and pay for their monthly subscriptions.
I've used their CDN for the past 4 years. Their pricing is extremely competitive (cheap) compared to everyone else.
Might be worth adding that Bunny offers DNS services as well.
I've started switching a few sites from Cloudflare to Bunny and the experience has been great so far. Bunny offers custom name servers as well, so if you can setup glue records with your domain registrar, it's easy enough to have custom nameservers, DNS and CDN hosted with Bunny. Cheap as chips and great performance so far.
I'm looking for a decent alternative to ReCaptcha or Turnstile but haven't found one yet that has easy integration (form builders etc.)
My move away from US providers isn't in protest - it's just risk avoidance. The unpredictable nature of the current administration reduces the attractiveness of using US based providers.
What a pleasant post! Always cool to see new options popping up to make the web a little bit less centralized (the stranglehold that Cloudflare holds, admittedly in part due to them having both lots of features and good execution)
Crucially Bunny offers prepaid plans. No risk of sudden six digit bills. So glad they’re adding many more services under this pricing plan in their recently announced Magic Containers roadmap.
BunnyCDN has been the fasted I've used on a couple of our projects. I would highly recommend.
Agreed. I've been using it for all DNS and CDN for over two years now. Great company, great support, great performance, great API. Everything. Love it. I'm a big fan.
It will be fascinating to see if the protectionist foreign policy that's been adopted by the US will lead to an improvement in the quality of services available elsewhere.
Previously, the friction of using a service with slightly rougher edges would have tipped the scales against it. Now, it seems we have a kind of patriotism emerging in our purchase decisions.
Ultimately, it should give us all more choice through strengthened competition.
Context for comment readers. Author switched as was looking for a non-US provider
Though that makes little sense in the context of a CDN. I think Bunny uses US providers like Zenlayer for their egress there, so they’re just a middle man in my understanding. I don’t think there’s any EU provider that runs their own CDN hardware infrastructure in the US.
It makes fine sense…
It means all the data captured in the EU is governed by EU data protection / ePrivacy etc regulations and the CLOUD Act doesn’t apply
Whereas a US CDN vendor is captured by requirements the CLOUD Act and so there’s no guarantee of privacy for EU site visitors
Yeah but it’s like using a EU vendor that hosts on AWS, if the US government wants the data they’ll just subpoena AWS instead of the EU provider. I get that it’s better but anything hosted on US soil is under jurisdiction of the US government regardless of whether it’s ultimately owned by a EU vendor.
An EU vendor with their own hardware or using an EU provider underneath then it’s very different to an EU provider using AWS underneath
The US has started a war with many of its allies, including Europe. Obviously that means European users will be looking to remove hostile actors from its supply chain.
[dead]
* This makes total sense for everyone on earth except the US
That said, if your audience is primarily in the EU or you just really want to keep your TLS termination on EU jurisdiction then you can configure a Bunny pull zone to route all traffic to their EU-based servers regardless of the origin.
I rarely do pure CDN setups for cloudflare because the edge workers platform is just too good not to run everything there that is possible. BunnyCDN and most other edge worker offerings are a joke in comparison. Given that workerd is apache 2.0 licensed its strange no other offering goes into that direction.
I use Bunny for my real estate model viewer where each visitor must download hundred of pictures example https://icade-leblancmesnil.hive-maquette3d.fr/maquette/f5 Bunny was the best solution to serve those images fast at scale and for really cheap.
Does Bunny support websocket connection proxying yet?
I think you can message support and ask them to enable it.
Nope.
For website hosting, it's okay but not great. We encountered issues when we tried to cache a lot of images. Their CDN storage seems really low compared to Cloudflare and Cloudfront. It results in a really bad hit ratio the moment we try to deliver a lot of images.
Can you provide more quantitative info?
What's the underlying stack? Fastly uses a version of Varnish underneath.
Bunny is based on nginx
I’m moving a lot the services I use as well. Trump is the best thing to ever happen to the EU tech scene.
The person behind the managed Ghost host I use switched to BunnyCDN for non-geopolitical reasons: https://www.magicpages.co/blog/setting-up-bunnycdn-with-ghos...
As it happens, just yesterday I began the process of switching from Azure Front Door (Azure's CDN offering) to CloudFlare and found that process significantly more painful than I expected.
The first annoyance is that CloudFlare requires that you use their DNS servers, seems unnecessary to someone who isn't worried about being DDoS'ed, but okay, fine, I'll move one of my secondary domains (a .net) over to them.
I export my DNS Zone from Azure, try import it to CloudFlare and it can't understand the format since it's apparently not a proper BIND format. It's less than a dozen records so I just manually capture them, even though I find the UI for capturing DNS records clunkier than I would expect it to be.
Then I want to update my domain's NS records to point to CloudFlare's servers. My domain is currently an "App Service Domain" which is essentially Azure's DNS registrar offering (they're actually re-selling Wild West Domains services, which I think is GoDaddy) and it turns out it's not possible to update the NS records on Azure. At this point I figure the easiest thing to do is transfer the domain to CloudFlare as the registrar.
This is where CloudFlare has a total stuff up in their systems. Under the "Transfer Domains" section of their dashboard, it would only show "You currently have no domains available for transfer. Follow these instructions to initiate a transfer with the current registrar".
I look at the linked document, manage to get an auth code from Azure for a domain transfer. Still, the "Transfer Domains" screen shows the same thing. I check everything I can, I've captured the domain information on my CloudFlare account (showing a status of "Invalid nameservers", as expected), I check who.is and there is no indication that the domain is locked in any way, still, the "Transfer Domains" doesn't show my domain. I ask ChatGPT and it mentions it can sometimes take a few hours to show, 4 hours later it's still not showing.
I open a ticket and after a bit of back and forth they say the problem is that the "domain is not active", I tell them that to my knowledge everything is active with my domain and I ask them to tell me where I can see this status showing where the domain is "not active" and they tell me it's the status for the domain on the CloudFlare dashboard. Which (presumably) is due to my not having updated the NS records to point to CloudFlare, which I actually mentioned in an earlier email to them is not possible with Azure as the registrar, which is why I was trying to transfer my domain to CloudFlare!
In summary, it's impossible to onboard to CloudFlare if your domain is presently registered with Azure, their "smart" UI doesn't make it possible. I have had to transfer it to our Namecheap account which (as I would have expected on CloudFlare), simply allowed me to enter my domain name and the auth code on their "transfer your domain" page and now the transfer is in progress.
As a related aside, the reason I'm moving from Azure Front Door to CloudFlare is because despite a months long support ticket with Azure, they are not interested in solving the problem of cold cache downloads through their CDN being ridiculously slow, like < 2MB/s (< 16Mbps). I did a test by provisioning a VM with Azure in the South Africa North data center, then via Front Door requested a file hosted with Blob Storage also in the South Africa North data center, and the initial download was < 2MB/s while immediately after it was > 100MB/s (i.e. once the cache was no longer cold). The cold cache speed is less bad (but still not great) if you're doing a set up with everything in West Europe but we've had complaints from European customers in some countries of slow speeds even with West Europe as the source of the data, so I can only surmise that Azure Front Door is just generally terrible at serving files which are not yet cached.
You don't have to use cloudflare's dns to make use of the proxy (CDN, waf, ddos protection etc) see https://developers.cloudflare.com/dns/zone-setups/partial-se...
Note that in the questions at the bottom it says the following:
> If you are on a Free or Pro plan, full setup is the only one available. This is the recommended and most common option.
That means to use this partial setup you need to be on at least the Business plan, which is $200/month when billed anually ($250 monthly).
Oh shit, that's me!
Feel free to ask any questions.
For a service I am working on, I was considering paid CDN, but they were all cost prohibitive for what I expected the usage to be. So I wrote my own CDN(2k lines of code with peer state synchronisation). But Bunny always seemed to be the best bang for the buck. I think they are from Slovenia, so that is a plus in my book.
[dead]
No way we move to a worse CDN only because some don't like Trump.
Regardless of that, I’m always happy to see people try and free themselves from the increasingly centralized nature of the web.
I might not be brave enough to stop using CF, but people who do benefit everyone.
What makes it worse? In my experience it is a better CDN than Cloudflare (other than that it cost money and CF can be free and that is lacks websocket support). WAF seems a bit better at CF (but not sure the app should rely on a cloud WAF for security).
It's not about not liking Trump. The fear is that the trade war against Europe might make it so expensive everyone has to switch to a non-American service. This is a way to be prepared for that. There is also the fear if USA goes to an actual war against Europe, then it is not safe to use any american technology that phones home.
If Trump steps back from the GDPR US-EU data transfer agreement then your political stance is irrelevant.