Reducing double spend latency from 40 ms to < 1 ms on privacy proxy
2025-08-05
We significantly sped up our privacy proxy service by fixing a 40ms delay in "double-spend" checks....
Continue reading »
Multi-Path TCP: revolutionizing connectivity, one path at a time
2025-01-03
Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages,...
A Socket API that works across JavaScript runtimes — announcing a WinterCG spec and Node.js implementation of connect()
2023-09-28
Engineers from Cloudflare and Vercel have published a specification of the connect() sockets API for review by the community, along with a Node.js compatible implementation of connect() that developers can start using today...
Unbounded memory usage by TCP for receive buffers, and how we fixed it
2023-05-25
We are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected. This blog post describes in detail the root cause of the problem and shows the test results of a solution...
Announcing connect() — a new API for creating TCP sockets from Cloudflare Workers
2023-05-16
Today, we are excited to announce a new API in Cloudflare Workers for creating outbound TCP sockets, making it possible to connect directly to databases and any TCP-based service from Workers...
MORE POSTS
July 26, 2022 1:00 PM
When the window is not fully open, your TCP stack is doing more than you think
In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...
- By
July 04, 2022 12:55 PM
A July 4 technical reading list
Here’s a short list of recent technical blog posts to give you something to read today...
- By
July 01, 2022 1:00 PM
Optimizing TCP for high WAN throughput while preserving low latency
In this post, we describe how we modified the Linux kernel to optimize for both low latency and high throughput concurrently...
- By
March 19, 2022 5:01 PM
A Primer on Proxies
A technical dive into traditional TCP proxying over HTTP...
- By
March 18, 2022 1:00 PM
Zero Trust client sessions
Starting today, you can build Zero Trust rules that require periodic authentication to control network access...
- By
February 02, 2022 9:53 AM
How to stop running out of ephemeral ports and start to love long-lived connections
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
- By
November 23, 2021 1:58 PM
Announcing Argo for Spectrum
Announcing general availability of Argo for Spectrum, a way to turbo-charge any TCP based application....
- By
July 14, 2020 11:00 AM
flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking
flowtrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on...
- By
April 06, 2020 11:00 AM
Conntrack tales - one thousand and one flows
We were wondering - can we just enable Linux "conntrack"? How does it actually work? I volunteered to help the team understand the dark corners of the Linux's "conntrack" stateful firewall subsystem....
- By
January 14, 2020 4:07 PM
A cost-effective and extensible testbed for transport protocol development
At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest....
- By
January 08, 2020 5:08 PM
Accelerating UDP packet transmission for QUIC
Significant work has gone into optimizing TCP, UDP hasn't received as much attention, putting QUIC at a disadvantage. Let's explore a few tricks that help mitigate this....
- By
September 20, 2019 3:53 PM
When TCP sockets refuse to die
We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! We naively thought enabling TCP keepalives would be enough... but it isn't!...
- By
August 13, 2019 1:00 PM
Magic Transit: Network functions at Cloudflare scale
Today we announced Cloudflare Magic Transit, which makes Cloudflare’s network available to any IP traffic on the Internet. Up until now, Cloudflare has primarily operated proxy services: our servers terminate HTTP, TCP, and UDP sessions...
- By
May 18, 2019 3:00 PM
Cloudflare architecture and how BPF eats the world
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk....
- By
March 20, 2019 3:01 PM
Spectrum for UDP: DDoS protection and firewalling for unreliable protocols
Today, we're announcing Spectrum for UDP. Spectrum for UDP works the same as Spectrum for TCP: Spectrum sits between your clients and your origin. Incoming connections are proxied through, whilst applying our DDoS protection and IP Firewall rules. ...
- By