Talk Transcript: How Cloudflare Thinks About Security
2019-10-08
This is the text I used for a talk at artificial intelligence powered translation platform, Unbabel, in Lisbon on September 25, 2019....
Continue reading »
When TCP sockets refuse to die
2019-09-20
We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! We naively thought enabling TCP keepalives would be enough... but it isn't!...
mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
2018-04-17
In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product....
Using Go as a scripting language in Linux
2018-02-20
At Cloudflare we like Go. We use it in many in-house software projects as well as parts of bigger pipeline systems. But can we take Go to the next level and use it as a scripting language for our favourite operating system, Linux?...
Results of experimenting with Brotli for dynamic web content
2015-10-23
Compression is one of the most important tools CloudFlare has to accelerate website performance. Compressed content takes less time to transfer, and consequently reduces load times....
MORE POSTS
October 09, 2015 10:26 AM
Single RX queue kernel bypass in Netmap for high packet rate networking
In a previous post we discussed the performance limitations of the Linux kernel network stack. We detailed the available kernel bypass techniques allowing user space programs to receive packets with high throughput. ...
- By
June 16, 2015 1:47 PM
How to receive a million packets per second
Last week during a casual conversation I overheard a colleague saying: "The Linux network stack is slow! You can't expect it to do more than 50 thousand packets per second per core!"...
- By
July 11, 2014 1:00 PM
Courage to change things
This was an internal email that I sent to the CloudFlare team about how we are not afraid to throw away old code. We thought it was worth sharing with a wider audience....
- By
February 13, 2014 1:00 AM
Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We've seen a handful of other attacks at this scale, but this is the largest attack we've seen that uses NTP amplification....
- By
January 21, 2014 4:00 PM
Protect Your Sites With Rapidly Deployed WAF Rules
An attack on your site could be catastrophic. Even a small attack can have major implications. Responding quickly to an attack is imperative. ...
- By
December 06, 2012 9:19 AM
Efficiently compressing dynamically generated web content
With the widespread adoption of high bandwidth Internet connections in the home, offices and on mobile devices, limitations in available bandwidth to download web pages have largely been eliminated....
- By
November 06, 2012 9:09 AM
Why Google Went Offline Today and a Bit about How the Internet Works
Today, Google's services experienced a limited outage for about 27 minutes over some portions of the Internet. The reason this happened dives into the deep, dark corners of networking. ...
- By
June 19, 2012 3:56 PM
A note about Kerckhoff's Principle
The other day I wrote a long post describing in detail how we used to and how we now store customer passwords. Some people were surprised that we were open about this....
- By
January 29, 2011 4:26 AM
What Egypt Shutting Down the Internet Looks Like
CloudFlare gets quite a bit of traffic from Egypt -- the country is consistently in the top-20 originators of visitors to our network. That is, until last night when Egypt shut down the Internet. Here is a graph showing traffic to our network from Egypt. ...
- By