MORE POSTS
March 19, 2022 5:01 PM
A Primer on Proxies
A technical dive into traditional TCP proxying over HTTP...
March 18, 2022 1:00 PM
Zero Trust client sessions
Starting today, you can build Zero Trust rules that require periodic authentication to control network access...
February 02, 2022 9:53 AM
How to stop running out of ephemeral ports and start to love long-lived connections
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
November 23, 2021 1:58 PM
Announcing Argo for Spectrum
Announcing general availability of Argo for Spectrum, a way to turbo-charge any TCP based application....
July 14, 2020 11:00 AM
flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking
flowtrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on...
April 06, 2020 11:00 AM
Conntrack tales - one thousand and one flows
We were wondering - can we just enable Linux "conntrack"? How does it actually work? I volunteered to help the team understand the dark corners of the Linux's "conntrack" stateful firewall subsystem....
January 14, 2020 4:07 PM
A cost-effective and extensible testbed for transport protocol development
At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest....
January 08, 2020 5:08 PM
Accelerating UDP packet transmission for QUIC
Significant work has gone into optimizing TCP, UDP hasn't received as much attention, putting QUIC at a disadvantage. Let's explore a few tricks that help mitigate this....
September 20, 2019 3:53 PM
When TCP sockets refuse to die
We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out!
We naively thought enabling TCP keepalives would be enough... but it isn't!...