May 26, 2023 1:00 PM
Let's take a look from the perspective of an Oxy application developer, and then we can discuss the implementation of the framework and some of the interesting design decisions we made...
May 25, 2023 3:31 PM
We are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected. This blog post describes in detail the root cause of the problem and shows the test results of a solution...
May 18, 2023 1:00 PM
Cloudflare was originally built as native services, but we’re building more and more of it on Cloudflare itself. This post describes how and why we’re doing this....
April 19, 2023 1:00 PM
In this blog, we will study the concepts of memory rank and organization, and how memory rank and organization affect the memory bandwidth performance by reviewing some benchmarking test results...
March 20, 2023 1:00 PM
If I navigate to https://blog.cloudflare.com/, my browser will connect to a remote TCP address from the local IP address assigned to my machine, and a randomly chosen local TCP port. What happens if I then decide to head to another site?...
January 16, 2023 1:46 PM
A race condition in the virtual ethernet driver of the Linux kernel led to occasional packet content corruptions, which resulted in unwanted packet drops by one of our DDoS mitigation systems. This blogpost describes the thought process and technique we used to debug this complex...
November 28, 2022 2:57 PM
Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....
November 16, 2022 2:00 PM
Cloudflare now has OpenAPI Schemas available for the API. Users can use these schemas in any open source OpenAPI Tooling....
October 10, 2022 1:00 PM
We have first adopted the BPF tail calls when building our XDP-based packet processing pipeline. BPF tail calls have served us well since then. But they do have their caveats...
September 02, 2022 3:33 PM
When a request at Cloudflare throws an error, information gets logged in our requests_error pipeline. The error logs are used to help troubleshoot customer-specific or network-wide issues...
August 25, 2022 6:08 PM
We have amazing deep dives in our blog, but also research and how the Internet works kind of stories. Here are some highlights from 2022, and before (with glimpses of our history)....
July 18, 2022 12:56 PM
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. ...
July 01, 2022 1:00 PM
In this post, we describe how we modified the Linux kernel to optimize for both low latency and high throughput concurrently...
June 29, 2022 11:45 AM
Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module...
June 28, 2022 12:57 PM
Hertzbleed is a brand-new family of side-channel attacks that monitors changes on CPU frequency...
June 24, 2022 1:45 PM
This blog offers Cloudflare’s perspective on how remote browser isolation can help organizations offload internal web application use cases currently secured by virtual desktop infrastructure (VDI)...
April 27, 2022 2:02 PM
Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record...
April 05, 2022 12:57 PM
This post tells the story of how a missing shell option called “pipefail” slowed Cloudflare down....
March 20, 2022 4:58 PM
We continue our technical deep dive into traditional TCP proxying over HTTP...
