Cloudflare Blog: Deep Dive

Lost in transit: debugging dropped packets from negative header lengths

June 26, 2023 2:00PM

In this post, we'll provide some insight into the process of investigating networking issues and how to begin debugging issues in the kernel using pwru and kprobe tracepoints...

Terin Stock

Every request, every microsecond: scalable machine learning at Cloudflare

June 19, 2023 2:00PM

Speed Week Performance Bot Management Deep Dive Rust

We'll describe the technical strategies that have enabled us to expand the number of machine learning features and models, all while substantially reducing the processing time for each HTTP request on our network...

Alex Bocharov

How Oxy uses hooks for maximum extensibility

May 26, 2023 2:00PM

Oxy Deep Dive

Let's take a look from the perspective of an Oxy application developer, and then we can discuss the implementation of the framework and some of the interesting design decisions we made...

Unbounded memory usage by TCP for receive buffers, and how we fixed it

May 25, 2023 4:31PM

TCP Deep Dive

We are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected. This blog post describes in detail the root cause of the problem and shows the test results of a solution...

Mike Freemon

Building Cloudflare on Cloudflare

May 18, 2023 2:00PM

Developer Week Developers Deep Dive Cloudflare on Cloudflare

Cloudflare was originally built as native services, but we’re building more and more of it on Cloudflare itself. This post describes how and why we’re doing this....

Richard Boulton

April 19, 2023 2:00PM

DDR4 memory organization and how it affects memory bandwidth

In this blog, we will study the concepts of memory rank and organization, and how memory rank and organization affect the memory bandwidth performance by reviewing some benchmarking test results...

By

Xiaomin Shen

Memory , Hardware , Deep Dive

March 20, 2023 1:00PM

The quantum state of a TCP port

If I navigate to https://blog.cloudflare.com/, my browser will connect to a remote TCP address from the local IP address assigned to my machine, and a randomly chosen local TCP port. What happens if I then decide to head to another site?...

By

Jakub Sitnicki

Kernel , Linux , Networking , Deep Dive

March 03, 2023 2:00PM

How Cloudflare runs Prometheus at scale

Here at Cloudflare we run over 900 instances of Prometheus with a total of around 4.9 billion time series. Operating such a large Prometheus deployment doesn’t come without challenges . In this blog post we’ll cover some of the issues we hit and how we solved them...

By

Lukasz Mierzwa

Prometheus , Observability , Open Source , Deep Dive

January 16, 2023 1:46PM

A debugging story: corrupt packets in AF_XDP; a kernel bug or user error?

A race condition in the virtual ethernet driver of the Linux kernel led to occasional packet content corruptions, which resulted in unwanted packet drops by one of our DDoS mitigation systems. This blogpost describes the thought process and technique we used to debug this complex issue....

By

Shawn Bohrer
, Bastien Dhiver

Deep Dive , Linux , Networking , Debugging

November 28, 2022 2:57PM

The Linux Kernel Key Retention Service and why you should use it in your next application

Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....

By

Oxana Kharitonova
, Ignat Korchagin

Linux , Kernel , Deep Dive

November 16, 2022 2:00PM

The Cloudflare API now uses OpenAPI schemas

Cloudflare now has OpenAPI Schemas available for the API. Users can use these schemas in any open source OpenAPI Tooling....

By

Garrett Galow

Developer Week , Deep Dive , API

October 10, 2022 2:00PM

Assembly within! BPF tail calls on x86 and ARM

We have first adopted the BPF tail calls when building our XDP-based packet processing pipeline. BPF tail calls have served us well since then. But they do have their caveats...

By

Jakub Sitnicki

Kernel , BPF , Assembly , Deep Dive

September 02, 2022 4:33PM

Log analytics using ClickHouse

When a request at Cloudflare throws an error, information gets logged in our requests_error pipeline. The error logs are used to help troubleshoot customer-specific or network-wide issues...

By

Monika Singh
, Pradeep Chhetri

ClickHouse , Deep Dive

August 25, 2022 7:08PM

Deep dives & how the Internet works

We have amazing deep dives in our blog, but also research and how the Internet works kind of stories. Here are some highlights from 2022, and before (with glimpses of our history)....

By

João Tomé

Deep Dive , Trends , Internet Traffic , Research , Reading List