Reducing double spend latency from 40 ms to < 1 ms on privacy proxy
2025-08-05
We significantly sped up our privacy proxy service by fixing a 40ms delay in "double-spend" checks....
Continue reading »
2025-08-05
We significantly sped up our privacy proxy service by fixing a 40ms delay in "double-spend" checks....
Continue reading »2025-01-03
Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages,...
2023-09-28
Engineers from Cloudflare and Vercel have published a specification of the connect() sockets API for review by the community, along with a Node.js compatible implementation of connect() that developers can start using today...
2023-05-25
We are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected. This blog post describes in detail the root cause of the problem and shows the test results of a solution...
2023-05-16
Today, we are excited to announce a new API in Cloudflare Workers for creating outbound TCP sockets, making it possible to connect directly to databases and any TCP-based service from Workers...
July 26, 2022 1:00 PM
In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...
July 04, 2022 12:55 PM
Here’s a short list of recent technical blog posts to give you something to read today...
July 01, 2022 1:00 PM
In this post, we describe how we modified the Linux kernel to optimize for both low latency and high throughput concurrently...
March 19, 2022 5:01 PM
A technical dive into traditional TCP proxying over HTTP...
March 18, 2022 1:00 PM
Starting today, you can build Zero Trust rules that require periodic authentication to control network access...
February 02, 2022 9:53 AM
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
November 23, 2021 1:58 PM
Announcing general availability of Argo for Spectrum, a way to turbo-charge any TCP based application....
July 14, 2020 11:00 AM
flowtrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on...
April 06, 2020 11:00 AM
We were wondering - can we just enable Linux "conntrack"? How does it actually work? I volunteered to help the team understand the dark corners of the Linux's "conntrack" stateful firewall subsystem....
January 14, 2020 4:07 PM
At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest....
January 08, 2020 5:08 PM
Significant work has gone into optimizing TCP, UDP hasn't received as much attention, putting QUIC at a disadvantage. Let's explore a few tricks that help mitigate this....
September 20, 2019 3:53 PM
We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! We naively thought enabling TCP keepalives would be enough... but it isn't!...
August 13, 2019 1:00 PM
Today we announced Cloudflare Magic Transit, which makes Cloudflare’s network available to any IP traffic on the Internet. Up until now, Cloudflare has primarily operated proxy services: our servers terminate HTTP, TCP, and UDP sessions...
May 18, 2019 3:00 PM
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk....
March 20, 2019 3:01 PM
Today, we're announcing Spectrum for UDP. Spectrum for UDP works the same as Spectrum for TCP: Spectrum sits between your clients and your origin. Incoming connections are proxied through, whilst applying our DDoS protection and IP Firewall rules. ...