Sippy helps you avoid egress fees while incrementally migrating data from S3 to R2
2023-09-26
Use Sippy to incrementally migrate data from S3 to R2 as it’s requested and avoid migration-specific egress fees...
BoringTun, a userspace WireGuard implementation in Rust
2019-03-27
Today we are happy to release the source code of a project we’ve been working on for the past few months. It is called BoringTun, and is a userspace implementation of the WireGuard® protocol written in Rust....
Know your SCM_RIGHTS
2018-11-29
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....
NEON is the new black: fast JPEG optimization on ARM server
2018-04-13
Cloudflare's jpegtran implementation was optimized for Intel CPUs. Now that we intend to integrate ARMv8 processors, new optimizations for those are required....
How "expensive" is crypto anyway?
2017-12-28
I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD....
Go, don't collect my garbage
2017-11-13
Not long ago I needed to benchmark the performance of Golang on a many-core machine. I took several of the benchmarks that are bundled with the Go source code, copied them, and modified them to run on all available threads....
On the dangers of Intel's frequency scaling
2017-11-10
While I was writing the post comparing the new Qualcomm server chip, Centriq, to our current stock of Intel Skylake-based Xeons, I noticed a disturbing phenomena....
ARM Takes Wing: Qualcomm vs. Intel CPU comparison
2017-11-08
One of the nicer perks I have here at Cloudflare is access to the latest hardware, long before it even reaches the market. Until recently I mostly played with Intel hardware. ...
AES-CBC is going the way of the dodo
2017-04-21
A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode....
HPACK: the silent killer (feature) of HTTP/2
2016-11-28
If you have experienced HTTP/2 for yourself, you are probably aware of the visible performance gains possible with HTTP/2 due to features like stream multiplexing, explicit stream dependencies, and Server Push. ...
Announcing Support for HTTP/2 Server Push
2016-04-28
Last November, we rolled out HTTP/2 support for all our customers. At the time, HTTP/2 was not in wide use, but more than 88k of the Alexa 2 million websites are now HTTP/2-enabled....
It takes two to ChaCha (Poly)
2016-04-04
Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. ...
Results of experimenting with Brotli for dynamic web content
2015-10-23
Compression is one of the most important tools CloudFlare has to accelerate website performance. Compressed content takes less time to transfer, and consequently reduces load times....
Doubling the speed of jpegtran with SIMD
2015-10-08
It is no secret that at CloudFlare we put a great effort into accelerating our customers' websites. One way to do it is to reduce the size of the images on the website. This is what our Polish product is for. ...
Fighting Cancer: The Unexpected Benefit Of Open Sourcing Our Code
2015-07-08
Recently I was contacted by Dr. Igor Kozin from The Institute of Cancer Research in London. He asked about the optimal way to compile CloudFlare's open source fork of zlib....
Go crypto: bridging the performance gap
2015-05-07
It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!...
Improving compression with a preset DEFLATE dictionary
2015-03-30
A few years ago Google made a proposal for a new HTTP compression method, called SDCH (SanDwiCH). The idea behind the method is to create a dictionary of long strings that appear throughout many pages of the same domain (or popular search results)....
Improving PicoHTTPParser further with AVX2
2014-12-18
In a recent post, Kazuho's Weblog describes an improvement to PicoHTTPParser. This improvement utilizes the SSE4.2 instruction PCMPESTRI in order to find the delimiters in a HTTP request/response and parse them accordingly. ...