Railgun ensures that the connection between your origin server and the CloudFlare network is as fast as possible. Railgun achieves a 99.6% compression ratio for previously uncacheable web objects by using techniques similar to those used in the compression of high-quality video. This results in an average 200% additional performance increase.
Railgun accelerates the connection between each CloudFlare data center and an origin server so that requests that cannot be served from the CloudFlare cache are nevertheless served very fast.
Approximately 2/3 of requests to sites on CloudFlare are served directly from cache from the data center that is physically closest to the person surfing the web. Because CloudFlare has data centers around the world this means that whether you are in Bangalore, Brisbane, Birmingham or Boston web pages are delivered quickly even when the real, origin web server is thousands of miles away.
CloudFlare's ability to make a web site appear to be hosted close to web surfers is key in accelerating web surfing. A web site might be hosted in the US, but accessed mainly by web surfers in the UK. With CloudFlare the site will be served from a UK data center eliminating the costly delay caused by the speed of light.
But the other 1/3 of requests made to CloudFlare have to be sent to the origin server for processing. This happens because many web pages are not cacheable. This can be because of a misconfiguration, or, more commonly, because the web page changes frequently or is personalized.
For example, it's hard to cache the New York Times home page for any length of time because the news changes and being up to date is essential to their business. And for a personalized web site like Facebook each user sees a different page even though the URL may be the same for different users.
Railgun uses a collection of techniques to accelerate and cache these previously uncacheable web pages so that even when the origin server must be consulted web pages are delivered quickly. And that even works for rapidly changing pages like news sites, or for personalized content.
CloudFlare research showed that even though many sites cannot be cached they actually change very slowly. For example, the New York Times home page changes throughout the day as news stories are written, but the boilerplate HTML of the page mostly stays the same and many stories stay on the front page all day.
For personalized sites the boilerplate HTML is the same with only small pieces of content (such as a person's Twitter timeline or Facebook news feed) changing. This means there's a huge opportunity to compress web pages for transmission if the unchanging parts of a page can be detected and only the differences transmitted.
When a request is made to a CloudFlare server for a web page that is not in cache CloudFlare makes an HTTP connection to the origin server to request the page. It's that HTTP connection that Railgun accelerates and secures.
Railgun consists of two software components: the Listener and Sender. The Railgun Listener is installed at your web host on an origin server. It's a small piece of software that runs on a standard server and services requests from CloudFlare using the encrypted, binary Railgun protocol.
The Railgun Sender is installed in all CloudFlare data centers around the world and maintains connections with Railgun Listeners.
When an HTTP request comes in that must be handled by an origin server, CloudFlare determines whether it is destined for a Railgun-enabled website. If not, standard HTTP is used, but if so the HTTP request is routed to the Railgun Sender for handling.
The Railgun Sender turns the request into a compressed, binary chunk that's transmitted to the corresponding Railgun Listener. The Railgun Listener handles the request and performs an HTTP request to the origin server. From the origin server's perspective it's as if the HTTP connection came directly from CloudFlare, but because it comes from inside the hosting partner's infrastructure the request suffers no latency related delay.
Railgun uses a new caching mechanism based on comparing page versions to determine what needs to be transmitted across the Internet to the Railgun Sender. Using this mechanism CloudFlare is able to achieve typical 99.6% compression (taking, for example, a 100k web page down to 400 bytes) and a speedup of over 700%. In fact, the compressed data is often so small that using the binary Railgun protocol the entire response fits inside a single TCP packet.
Railgun connections are secured by TLS so that requests sent across them cannot be eavesdropped upon. The connection is secured by certificates so that a man-in-the-middle attack is not possible. The TCP connection between CloudFlare and the origin server is kept alive so that it can be reused for subsequent requests eliminating the slow start up of a TCP connection.
Railgun requests are multiplexed onto the same connection and can be handled asynchronously. This means that Railgun is able to handle many, simultaneous requests without blocking and maximizing the use of the TCP connection.
Railgun Listener is a single executable whose only dependency is a running Memcache instance. It runs on 64-bit Linux and BSD systems as a daemon.
The Listener requires a single port open onto the Internet for the Railgun protocol so that CloudFlare data centers can contact it. And it requires access to the website via HTTP and HTTPS. Ideally, the Listener would be placed on a server with fast access to the Internet and low latency.
Installation is simply a matter of installing via an RPM or .deb file.