For the last couple of years, we have been transitioning the Sucuri Firewall (WAF) away from the cloud and expanding it to run on top of our own Anycast content delivery network (CDN). We provide security for websites using our service and felt we needed to couple the performance benefits of a CDN with the protection of our WAF. Because of this, we have been adding data centers in key regions of the world and migrating clients over to this new network.
We are happy to announce that this project was completed a few weeks ago with the addition of our latest data center in Tokyo, Japan.
If you are not familiar with Anycast, it is a network routing method where different data centers announce the same IP addresses, making them reachable at multiple destinations. When that happens, routers have multiple choices where to send your requests and they generally default to the one with the shortest distance (fewer hops). Because of this, Anycast greatly improves network connectivity and also gives websites the following benefits:
- Geo Load Balancing
- Increased Reliability (one data center can go down without affecting others)
- Performance Improvements
- Distributed Response to DDoS Attacks
With the addition of Tokyo, Japan to our Anycast network, visitors in East Asia started to see faster connectivity to any site behind our network. (ping under 2ms):
$ ping sucuri.net PING sucuri.net (22.214.171.124) 56(84) bytes of data. 64 bytes from sucuri.net (126.96.36.199): icmp_seq=1 ttl=58 time=1.37 ms 64 bytes from sucuri.net (188.8.131.52): icmp_seq=2 ttl=58 time=1.41 ms 64 bytes from sucuri.net (184.108.40.206): icmp_seq=3 ttl=58 time=1.37 ms 64 bytes from sucuri.net (220.127.116.11): icmp_seq=4 ttl=58 time=1.38 ms
In terms of distribution and connectivity, we have data centers in every major region on the planet. Each one provides DDoS mitigation, a CDN, and a WAF (with the exception of a few CDN edge-only locations). They are all connected to multiple tier 1 providers with large bandwidth availability to handle big DDoS attacks.
In the example below, you can see the performance of our network from a few cities:
This performance increase happens because of Anycast; our visitors are always routed to the data center closest to them. On average, you will get under 4ms pings from any point in North America, Europe, and East Asia. We know that pings are not a definitive metric to measure site performance, but it shows how close our data centers are to most end users.
You can test the real web-loading performance of your site from around the world using our website performance tool.
If you have any questions about Anycast or our network infrastructure, let us know.