TCP - The Cloudflare Blog

When the window is not fully open, your TCP stack is doing more than you think

July 26, 2022 2:00PM

In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...

Marek Majkowski

A July 4 technical reading list

July 04, 2022 1:55PM

Reading List Cloudflare Radar Linux TCP Hertzbleed

Here’s a short list of recent technical blog posts to give you something to read today...

John Graham-Cumming

Optimizing TCP for high WAN throughput while preserving low latency

July 01, 2022 2:00PM

Deep Dive TCP Latency Optimization

In this post, we describe how we modified the Linux kernel to optimize for both low latency and high throughput concurrently...

Mike Freemon

A Primer on Proxies

March 19, 2022 5:01PM

Deep Dive TCP Proxying Research iCloud Private Relay

A technical dive into traditional TCP proxying over HTTP...

Zero Trust client sessions

March 18, 2022 1:00PM

Security Week Zero Trust Cloudflare Zero Trust TCP Security

Starting today, you can build Zero Trust rules that require periodic authentication to control network access...

Kenny Johnson

February 02, 2022 9:53AM

How to stop running out of ephemeral ports and start to love long-lived connections

Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...

By

Marek Majkowski

Deep Dive , UDP , TCP , Linux , Networking

November 23, 2021 1:58PM

Announcing Argo for Spectrum

Announcing general availability of Argo for Spectrum, a way to turbo-charge any TCP based application....

By

Achiel van der Mandele

Argo Smart Routing , Spectrum , TCP , Performance

July 14, 2020 12:00PM

flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking

flowtrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on July 29, 2020....

By

Omer Yoachimik

DDoS , Security , TCP , Magic Transit , Gatebot

April 06, 2020 12:00PM

Conntrack tales - one thousand and one flows

We were wondering - can we just enable Linux "conntrack"? How does it actually work? I volunteered to help the team understand the dark corners of the Linux's "conntrack" stateful firewall subsystem....

By

Marek Majkowski

Conntrack , Linux , Network , TCP

January 14, 2020 4:07PM

A cost-effective and extensible testbed for transport protocol development

At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest....

By

Lohith Bellad
, Junho Choi

HTTP3 , QUIC , TLS 1.3 , TCP

January 08, 2020 5:08PM

Accelerating UDP packet transmission for QUIC

Significant work has gone into optimizing TCP, UDP hasn't received as much attention, putting QUIC at a disadvantage. Let's explore a few tricks that help mitigate this....

By

Alessandro Ghedini

QUIC , UDP , TCP , HTTP3

September 20, 2019 4:53PM

When TCP sockets refuse to die

We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! We naively thought enabling TCP keepalives would be enough... but it isn't!...

By

Marek Majkowski

SYN , TCP , Spectrum , Tech Talks

August 13, 2019 2:00PM

Magic Transit: Network functions at Cloudflare scale

Today we announced Cloudflare Magic Transit, which makes Cloudflare’s network available to any IP traffic on the Internet. Up until now, Cloudflare has primarily operated proxy services: our servers terminate HTTP, TCP, and UDP sessions...

By

Nick Wondra

Speed & Reliability , Magic Transit , Network , Anycast , TCP

August 13, 2019 2:00PM

Magic Transit：Cloudflare規模で機能するネットワーク

本日当社は、インターネット上のIPトラフィックでのCloudflareのネットワークの利用を可能にする、Cloudflare Magic Transitを発表いたしました。従来、Cloudflareでは主にプロキシサービスを運営してきました。これは、当社のサーバーがインターネットユーザーのHTTP、TCP、UDPの各セッションを中断し、サーバーがオリジンサーバーとの間に作成する新規セッションを介してデータを渡す仕組みです。Magic Transitでは、CloudflareがIP層の運用にも関与します。...

By

Nick Wondra

日本語 , 速度＆信頼性 (JP) , ネットワーク , エニーキャスト , TCP