Cloudflare just got faster and more secure, powered by Rust
2025-09-26
We’ve replaced the original core system in Cloudflare with a new modular Rust-based proxy, replacing NGINX. ...
Continue reading »
R2 SQL: a deep dive into our new distributed query engine
2025-09-25
R2 SQL provides a built-in, serverless way to run ad-hoc analytic queries against your R2 Data Catalog. This post dives deep under the Iceberg into how we built this distributed engine....
Sequential consistency without borders: how D1 implements global read replication
2025-04-10
D1, Cloudflare’s managed SQL database, announces read replication beta. Here's a deep dive of the read replication implementation and how your queries can remain consistent across all regions....
Pools across the sea: how Hyperdrive speeds up access to databases and why we’re making it free
2025-04-08
Hyperdrive, Cloudflare's global connection pooler, relies on some key innovations to make your database connections work. Let's dive deeper, in celebration of its availability for Free Plan customers....
A steam locomotive from 1993 broke my yarn test
2025-04-02
Yarn tests fail consistently at the 27-second mark. The usual suspects are swiftly eliminated. A deep dive is taken to comb through traces, only to be derailed into an unexpected crash investigation....
MORE POSTS
February 14, 2025 2:00 PM
Searching for the cause of hung tasks in the Linux kernel
The Linux kernel can produce a hung task warning. Searching the Internet and the kernel docs, you can find a brief explanation that the process is stuck in the uninterruptible state....
- By
January 27, 2025 2:00 PM
Over 700 million events/second: How we make sense of too much data
Here we explain how we made our data pipeline scale to 700 million events per second while becoming more resilient than ever before. We share some math behind our approach and some of the designs of ...
- By
January 03, 2025 2:00 PM
Multi-Path TCP: revolutionizing connectivity, one path at a time
Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages,...
- By
October 25, 2024 1:00 PM
Elephants in tunnels: how Hyperdrive connects to databases inside your VPC networks
Hyperdrive (Cloudflare’s globally distributed SQL connection pooler and cache) recently added support for directing database traffic from Workers across Cloudflare Tunnels....
- By
October 23, 2024 1:00 PM
Training a million models per day to save customers of all sizes from DDoS attacks
In this post we will describe how we use anomaly detection to watch for novel DDoS attacks. We’ll provide an overview of how we build models which flag unusual traffic and keep our customers safe....
- By
October 22, 2024 1:00 PM
Building Vectorize, a distributed vector database, on Cloudflare’s Developer Platform
Cloudflare's Vectorize is now generally available, offering faster responses, lower pricing, a free tier, and supporting up to 5 million vectors....
- By
April 12, 2024 1:00 PM
How we ensure Cloudflare customers aren't affected by Let's Encrypt's certificate chain change
Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a ...
- By
March 06, 2024 2:00 PM
Linux kernel security tunables everyone should consider adopting
This post illustrates some of the Linux Kernel features, which are helping us to keep our production systems more secure. We will deep dive into how they work and why you may consider enabling them as well...
- By
February 08, 2024 2:00 PM
connect() - why are you so slow?
This is our story of what we learned about the connect() implementation for TCP in Linux. Both its strong and weak points. How connect() latency changes under pressure, and how to open connection so that the syscall latency is deterministic and time-bound...
- By
December 06, 2023 2:00 PM
How we used OpenBMC to support AI inference on GPUs around the world
This is what Cloudflare has been able to do so far with OpenBMC with respect to our GPU-equipped servers...
- By
November 17, 2023 2:00 PM
How to execute an object file: part 4, AArch64 edition
The initial posts are dedicated to the x86 architecture. Since then, the fleet of our working machines has expanded to include a large and growing number of ARM CPUs. This time we’ll repeat this exercise for the aarch64 architecture....
- By
October 06, 2023 1:05 PM
Virtual networking 101: bridging the gap to understanding TAP
Tap devices were historically used for VPN clients. Using them for virtual machines is essentially reversing their original purpose - from traffic sinks to traffic sources. In the article I explore the intricacies of tap devices, covering topics like offloads, segmentation, and m...
- By
June 26, 2023 1:00 PM
Lost in transit: debugging dropped packets from negative header lengths
In this post, we'll provide some insight into the process of investigating networking issues and how to begin debugging issues in the kernel using pwru and kprobe tracepoints...
- By
June 19, 2023 1:00 PM
Every request, every microsecond: scalable machine learning at Cloudflare
We'll describe the technical strategies that have enabled us to expand the number of machine learning features and models, all while substantially reducing the processing time for each HTTP request on our network...
- By
May 26, 2023 1:00 PM
How Oxy uses hooks for maximum extensibility
Let's take a look from the perspective of an Oxy application developer, and then we can discuss the implementation of the framework and some of the interesting design decisions we made...
- By