A recent decision from the Higher Regional Court of Cologne in Germany marked important progress for Cloudflare and the Internet in pushing back against misguided attempts to address online copyright infringement through the DNS system. In early November, the Court in Universal v. Cloudflare issued its decision rejecting a request to require public DNS resolvers like Cloudflare’s 1.1.1.1. to block websites based on allegations of online copyright infringement. That’s a position we’ve long advocated, because blocking through public resolvers is ineffective and disproportionate, and it does not allow for much-needed transparency as to what is blocked and why.

To see why the Universal decision matters, it’s important to understand what a public DNS resolver is, and why it’s not a good place to try to moderate content on the Internet.

The DNS system translates website names to IP addresses, so that Internet requests can be routed to the correct location. At a high-level, the DNS system consists of two parts. On one side sit a series of nameservers (Root, TLD, and Authoritative) that together store information mapping domain names to IP addresses; on the other side sit DNS resolvers (also called recursive resolvers), which query the nameservers to answer where a particular website is located. The nameservers are like the telephone book listing names and phone numbers, while recursive resolvers are like the phone operator looking up a number.

While authoritative nameservers are managed and used directly by website operators, recursive resolvers are selected and used by those browsing the Internet. If you’re reading this at work, you may have navigated to this webpage using a DNS resolver chosen by your employer. If you’re reading it on a personal device at home, it’s possible you used your ISP’s default resolver. Alternatively, with a little technical know-how, you might have built your own DNS resolver and run it yourself or you might have chosen to use one of many public DNS resolvers available on the Internet.

Cloudflare launched its public DNS resolver, 1.1.1.1 in April 2018, because we wanted to provide a fast and private way to navigate the Internet. While Cloudflare’s resolver regularly scores as the fastest around, it is one of a number of options. Other well known public resolvers include Google’s 8.8.8.8, Cisco’s OpenDNS, and Quad9. Users might choose a public DNS resolver for privacy reasons, for added safety or security, or simply because they want the best performing option available. Whatever their reason, individuals can switch their DNS resolver at any time.

Like other links in the Internet connection chain, DNS resolvers have sometimes been used as a way to try to prevent access to content. Blocking at the resolver level is like removing a listing from a phone book. By refusing to return an IP address in response to requests for a particular website, a DNS resolver can make it appear like an entire website has effectively disappeared from the Internet to an individual using that resolver. Unlike removing the content at the hosting provider, however, the content is still accessible online, just a bit harder to find. Much as having an unlisted phone number didn’t prevent a phone number from being found through other channels and called, a block in a resolver doesn’t preclude an Internet user from navigating to a website in a myriad of other ways. A user can use an alternative resolver, build their own resolver, or simply type in the website’s IP address.

Because DNS returns IP addresses for entire domains, blocking through DNS resolvers can only be done at a domain-wide level; it is not possible to block specific pieces of content, individual webpages, or even subdomains without blocking the entire website. So a blocking order seeking to remove a copyrighted image through DNS blocking — especially for a website with many contributors or user-generated content — would result in blocking all content on the entire domain. That means that unless the entire website is a problem, applying a block through DNS is likely to block access to content that has not been identified by a court as infringing or otherwise problematic.

The way DNS blocking works — declining to return an IP address — also means there is no explanation provided to an individual as to why they were unable to access the website at issue. There is no notice or transparency.  Although there have been proposals for protocols that would allow an error code to be returned in such cases, nothing has yet been implemented.

Internet Service Providers (ISPs) located in particular jurisdictions have sometimes instituted blocks through their DNS resolvers as one way to try to comply with orders that apply in that jurisdiction directing them to make certain websites inaccessible to their users. For example, a German ISP that serves only German users might have its DNS resolver refuse to return an IP address for a website when provided an order by a German court to block that entire site.

Rightsholders have recently sought to extend such blocking to public DNS resolvers. But public DNS resolvers aren’t the same as DNS resolvers operated by a local ISP. Public DNS resolvers typically operate the same way around the globe. That means that if a public resolver applied the block the way an ISP does, it would apply everywhere. So the German court ordering the block would be dictating what information is available to the resolver’s users in India, the United States, Argentina and every other country the resolver is used. Attempting to apply blocks in a more geographically targeted way based on the location of individual resolver users raises serious technical hurdles not faced by local ISPs, and it also raises privacy issues worth taking seriously.

Cloudflare built 1.1.1.1 to allow Internet users an option for DNS resolution that would be fast and wouldn’t collect their personal information.  Many DNS operators have historically sold information about users based on the websites they have queried – 1.1.1.1 is designed to prevent such information from ever being collected. Blocking orders directed at public resolvers would require the collection of information about where the requests are coming from in order to limit these negative impacts while demonstrating compliance. That would be bad for personal privacy and bad for the Internet.

These core features of public resolvers present fundamental obstacles to using such resolvers to block content.

Consider what you would expect if a website you were trying to visit had been blocked due to legal order. First, you would expect that the blocked content is genuinely prohibited by law. You would not expect an entire website to be unavailable merely because some portion of the website violated copyright, and you also would not expect a website to be blocked to a visitor in one country by virtue of an order issued in an entirely different country on the other side of the world.

Second, you would expect to be told why the website is unavailable. Rather than a blank screen or no response, you would want a message explaining that the website has been ordered blocked, and identifying the legal authority for that action.

Finally, you would expect that whatever blocking mechanism was instituted is actually effective. We should not be changing fundamental ways about how the Internet operates if it will not even have the intended effect.

Blocking through public resolvers fails all of these requirements. As discussed above, it cannot be applied narrowly to particular content or particular geographies. Unlike ISP blocking that is necessarily limited to the geographic region in which the ISP operates, blocking through global public resolvers can only be implemented in a way that extends across borders to jurisdictions that might never have sought to block the same content. That is, unless we collect more personal information than we need to about the user.  

It’s also not transparent. A user does not know that they have been blocked from seeing content by a court order. They only know that they cannot access the website.That makes it hard for the public to hold government officials accountable for errors or overblocking.  

And it’s not even effective. Traditionally, website operators or hosting providers are ordered to remove infringing or illegal content, which is an effective way to make sure that information is no longer available. A DNS block works only as long as the individual continues to use the resolver, and the content remains available and will become accessible again as soon as they switch to another resolver, or build their own.

Despite these problems, some rightsholders have insisted that public resolvers can be ordered to block websites based on online infringement. Cloudflare, along with others like Quad9 and Google, have pushed back. While there have been a limited number of preliminary rulings on this issue, the Higher Regional Court’s decision in Universal marks the first time that an appellate court in Europe has ruled on public resolver blocking in the main proceedings.

Originally filed in 2019, the Universal case was one of the first attempts by a rightsholder to obtain an order requiring blocking through a public DNS resolver. The case concerns an allegedly copyright infringing music album posted on a website that, at the time the case was filed, was using Cloudflare’s pass-through security and CDN services. The Cologne Regional Court issued a preliminary ruling directing Cloudflare to block the website through both our CDN service and our public resolver. Cloudflare has no mechanism for blocking websites through 1.1.1.1., and we have never blocked a website through our public resolver. But Cloudflare did take steps to block access to the website in Germany through our CDN and pass-through security service. The website subsequently went offline and is no longer available on the Internet. Recognizing the importance of the underlying legal principles at stake, we nonetheless continued to litigate the case.

The Higher Regional Court’s recent decision makes clear that public DNS resolvers are not an appropriate tool for seeking to address online infringement, or moderate content more generally. The court explained that “with the DNS resolver, the defendant provides a tool that is accessible to everyone free of charge, is in the public interest and is approved, and which participates purely passively, automatically and neutrally in the connection of Internet domains.” It further noted that blocking through a public resolver is not effective, because individuals can easily change resolvers.

Importantly, the court held that DNS services are protected by the EU’s Digital Services Act (DSA), which was enacted last year. Like the e-Commerce Directive before it, the DSA recognizes that different types of services have different abilities to address content issues, and it distinguishes “mere conduit” and “caching” services from “hosting” services in their roles in addressing infringing content. Helpfully, the DSA expressly lists DNS and CDN services as non-hosting services subject to different obligations than hosting services. The Higher Regional Court recognized that DNS resolvers are entitled to the same protections from liability as other “mere conduits,”  and it rejected the plaintiff's request for DNS blocking in this case.

While the Higher Regional Court’s decision represents important progress on the DNS issue, the fight over how best to address online infringement continues. Rightsholders have filed lawsuits against other DNS providers and in other jurisdictions seeking similar blocking orders. We will continue to advocate against that outcome, because we think it is bad for the Internet. We hope that the Higher Regional Court’s reasoning on the DNS issue will help persuade other courts.

At the same time, while the Universal decision on DNS is the headline, there were other parts of the opinion that raise concerns. The court affirmed the lower court judgment requiring Cloudflare to block access to the website at issue through our CDN and pass-through security service. That decision has no immediate practical effect, because the website at issue is no longer available online and Cloudflare was already in compliance with the judgment. But to the extent the decision can be read to imply a broader obligation by pass-through security and CDN services to address online content, that is inconsistent with the nature of our services and with the DSA, which expressly identifies CDN services as among the caching services entitled to a liability privilege. Cloudflare therefore plans to appeal that aspect of the decision.

We appreciate the efforts of thoughtful judges to learn about how the Internet works and make sure their decisions are consistent with the larger public benefits of a well-functioning Internet, including security, reliability, and privacy. This decision marks further progress in Cloudflare’s fight to ensure that efforts to address online infringement are compatible with the technical nature of various Internet services, and with important legal and human rights principles around due process, transparency, and proportionality. We will continue that battle both through public advocacy and, as necessary, through litigation, as one more part of helping build a better Internet.

As a large data processing country, Germany is at the forefront of security and privacy regulation in Europe and sets the tone for other countries to follow. Analyzing and meeting the requirements to participate in Germany’s cloud security industry requires adherence to international, regional, and country-specific standards. Cloudflare is pleased to announce that we have taken appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity, and confidentiality of Cloudflare’s production systems in accordance with BSI-KritisV. TÜViT, the auditing body tasked with auditing Cloudflare and providing the evidence to BSI every two years. Completion of this audit allows us to comply with the NIS Directive within Germany.

In 2019, Cloudflare registered as an Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems (NIS Directive). The NIS Directive is cybersecurity legislation with the goal to enhance cybersecurity across the EU. Every member state has started to adopt national legislation for the NIS Directive and the criteria for compliance is set individually by each country. As an ‘Operator of Essential Services’ in Germany, Cloudflare is regulated by the Federal Office for Information Security (The BSI) and must adhere to the requirements set by The BSI.

This audit includes a thorough review of Cloudflare’s security controls in the following areas:

• Asset Management

• Risk Analysis

• Business Continuity and Disaster Recovery

• Personnel and Organizational Security

• Encryption

• Network Security

• Security Authentication

• Incident Response

• Vendor Security

• Physical Security

In addition to an audit of Cloudflare’s security controls in the aforementioned areas, TÜViT also conducted a thorough review of Cloudflare’s Information Security Management System (ISMS).

By having these areas audited, German customers can rest assured that Cloudflare respects the requirements put forth by the governing bodies tasked with protecting their data.

Yes. Cloudflare is currently undergoing an independent third-party audit for the Cloud Computing Compliance Criteria Catalog (C5) certification. The C5 was introduced by BSI Germany in 2016 and reviews operational security within cloud services. Industries that place a high level of importance on C5 include cloud computing and German federal agencies. Learn more here.

Different certifications measure different elements of a company’s security or privacy posture. Cloudflare has met the requirements of the following standards:

• ISO 27001 - Cloudflare has been ISO 27001 certified since 2019. Customers can be assured that Cloudflare has a formal information security management program that adheres to a globally recognized standard.

• SOC2 Type II - Cloudflare maintains SOC reports that include the security, confidentiality, and availability trust principles.

• PCI DSS - Cloudflare engages with a QSA (Qualified Security Assessor) on an annual basis to evaluate us as a Level 1 Merchant and a Service Provider.

• ISO 27701 - Cloudflare was one of the first companies in the industry to achieve ISO 27701 certification as both a data processor and controller. The certification provides assurance to our customers that we have a formal privacy program that is aligned to GDPR.

• FedRAMP In Process - Cloudflare hit a major milestone by being listed on the FedRAMP Marketplace as ‘In Process’ for receiving an agency authorization at a moderate baseline. Once an Authorization to Operate (ATO) is granted, it will allow agencies and other cloud service providers to leverage our product and services in a public sector capacity.

Pro, Business, and Enterprise customers now have the ability to obtain a copy of Cloudflare’s certifications, reports, and overview through the Cloudflare Dashboard. For the latest information about our certifications and reports, please visit our Trust Hub.

Black Friday by Per-Olof Forsberg, license: CC BY 2.0

To try and answer this question, we took a look at anonymised samples of HTTP requests crossing our network. First of all, let’s look at total page views from across our global network from the last few weeks and see if we can spot Black Friday and Cyber Monday:

All page views

So this is total page views by day (UTC) from November 19 (a week before Cyber Monday) until Monday December 3. Other than follow-the-sun fluctuations in a repeating daily pattern, each whole day is pretty similar in shape and size compared to the last. Black Friday and Cyber Monday aren’t visible in overall traffic patterns.

We have a very diverse set of customers across 12 million domain names and not all of them are selling products or doing so directly online. To identify those websites that are, I used metadata from the wonderful HTTP Archive project to export a list of domains using Cloudflare that were also running ecommerce software.

Here are the page views for these ecommerce sites over the same time period:

Ecommerce page views

So we can see clearly that our ecommerce customers are seeing a big increase in page views on November 23 and 26. Black Friday and Cyber Monday are most certainly a thing. This year Black Friday was quite a bit busier than Cyber Monday - around 22% busier in terms of page views. If we compare the page views of each day to the week prior, we can see the changes clearly:

% page view change vs previous week

The uplift starts on Wednesday but really kicks in during Thanksgiving with an increase of more than 100% on Black Friday.

So we’ve established that these shopping days are important in terms of visitor activity. More pages are being viewed on these days - but is anyone buying anything?

We’re dealing with trillions of requests across a really large data set of different websites without any specific knowledge of what a purchase transaction would look like for each - so to approximate this I took a crude approach, which is to look for successful checkout interactions in the data. If you imagine a typical ecommerce application makes a purchase with a HTTP request like “POST /store/checkout HTTP/1.1” we can look for requests similar to this to understand the activity.

% of checkout interactions vs prior week

We can see here that Black Friday has an almost 200% increase in checkout interactions compared to the previous Friday.

Using this raw number of checkout interactions to compare with the page views we have something approximating a conversion %. This is not a true conversion figure - calculating a true conversion figure would require data that identifies individuals and detailed action tracking for each website. What we have is the total number of page views (HTTP requests that return HTML successfully) compared to the total number of POST requests to a checkout. This gives us a baseline to compare changes in “conversion” over these big November shopping days:

% of checkout interactions / page views vs prior week

Each bar on this chart represents the % change in checkout interactions as a proportion of page views compared to the same day the previous week. We can see this increased by 45% on Black Friday compared to the Friday before (boring old beige Friday November 16). The following Saturday was booming at 60% - because we’re dealing with time in UTC, a UTC Saturday actually includes Black Friday traffic for some parts of the world, the same can be said of Tuesday which contains overlap from Cyber Monday - we’ll break this down a bit later.

On Cyber Monday, the increase actually beats Black Friday, meaning page views lead to cart interactions 57% more often than the prior Monday (boring old vanilla Monday November 19), albeit from a lower number of transactions.

What we see here is just how much more browsing people do on mobiles today vs desktop, with mobile winning most days:

Page Views by Device Type

When it comes to checkout interactions though, we can see the situation is switched with visitors more likely to interact with the checkout on a desktop overall, but even more so on Black Friday (14% more likely) and Cyber Monday (20% more likely).

Checkout Interaction as % of Page Views

Let’s look at a specific region to understand more, starting with the US:

USA Page Views (PST)

We can see a more normal weekday pattern on the prior Thursday & Friday (15 & 16 Nov) whereby desktop page views eclipse mobile during the daytime while people are at their desks. In the evenings and weekends, mobile takes over. What we see from the 21st onward is evidence of people taking time off work and doing more with their mobile devices. Even on Thanksgiving, there is still a big rise in activity as people start gearing up for Friday’s deals or finding ways to avoid political discussion with relatives at home!

On Cyber Monday, traffic earlier in the day is lower as people return to work, however we are seeing heavy use of desktop devices. As the working day ends, mobile once again dominates. Things begin to settle back into a more regular pattern from Tuesday November 27 onwards.

Let's take a look at checkout interaction over the Black Friday to Cyber Monday weekend by device type.

USA Checkout Interaction % (PST)

Despite all of that mobile browsing activity, desktop devices are more commonly used for checkout actions. People seem to browse more on mobile, committing to buy more often with desktop, it may also just be that mobile users have more distractions both on the device and in the real world and are therefore less likely to complete a purchase. From personal experience, I also think the poor mobile optimisation of some sites’ checkout flows make desktop preferrable - and when customers are incentivised with discounts & deals, they are more likely to switch devices to complete a transaction if they hit an issue.

It might be obvious if you’re reading this from the UK, but despite the fact that Thanksgiving is not a holiday here, retailers have very much picked up the mantle from US retailers and seized the opportunity to drive sales over this weekend.

UK Page Views (UTC)

Page views to ecommerce websites on Cloudflare look very similar in shape to the US on Black Friday. However, mobile is more dominant in the UK, even during working hours. It’s worth noting one big difference here - Cyber Monday in the UK was only 22% up in terms of page views compared to the prior Monday - in the US the increase was more than 4x that.

UK Checkout Interaction as % of Page Views

When it comes to checkout, it also looks like UK visitors to ecommerce sites commit more with their mobile, but desktop is still more likely to lead to more conversion.

Taking Germany as another example, here’s how page views look:

Germany Page Views (CET)

Desktop use during typical working hours is much more pronounced in Germany. Black Friday and Cyber Monday show higher page views than a normal Friday / Monday but the difference is much smaller than regions such as the US & UK.

Black Friday is spreading internationally despite these still being normal working days for the rest of the world. Cyber Monday is also increasing ecommerce activity internationally but tends to be quieter than Black Friday. Overall, mobile browsing eclipses desktop, but those desktop page views tend to lead to checkout more often.

Retailers should continue to invest in making their mobile & desktop ecommerce experiences fast & resilient to seize on these key days.

I am incredibly excited to announce that I’m joining Cloudflare as the Head of DACH (Deutschland, Austria & Switzerland-CH) to help to expand Cloudflare’s demand in Germany, Austria, and Switzerland. Having been in the technology industry for many years, Cloudflare’s mission to help build a better Internet was frankly the reason I joined, and I’m now very eager to start working towards this.

I quickly learned how Cloudflare helps to speed up and secure over 10 million Internet properties by protecting these customers from a wide range of online attacks and providing the reliability needed to run strong businesses. Security, privacy, and performance are key drivers for almost every business: from large traditional enterprises to purely online businesses and even individuals building their own personal brand. I could go on and on. The more I learned, the more excited I became.

One of Cloudflare’s major strengths is its global network. Cloudflare already has data centers in seven cities in the DACH region (with more to come) helping to ensure the Internet is fast, safe, and reliable for users online in the region. So while I get the honor of opening our first office in Germany (in Munich), I loved that Cloudflare had already been working towards this and in the market with customers.

Another important aspect for me was the company’s culture. During my interview experience with Cloudflare, I witnessed an incredible passion for the company from everyone, which left me with a strong feeling that this is the right environment for me. This team wants to make a difference. Cloudflare has a very determined team, and everyone is aligned behind the same goal: to help make the Internet better, for everyone. I also appreciated the company’s commitment to diversity in our employee base, and I will be building up the DACH team with that same commitment in mind. I can’t wait for what’s ahead.

Cloudflare is at the forefront of the direction the market is heading. We have an extremely talented and passionate team, and I am thrilled to now be a part of achieving Cloudflare’s mission.

Over the last 17 years, I have helped Symantec and Veritas to build strong teams and grow their businesses in Central Europe, including in the DACH region. I’m now excited to help expand on our strong global network and to build an even greater presence for Cloudflare in the DACH region.

Germany has the largest national economy in Europe and the fourth-largest by nominal GDP in the world.  From many of the largest corporations in the world, to the thriving German “Mittelstand” companies, I see organisations in the region trying to gain advantages from technology in a secure, reliable, and scalable way. With the opening of the new office in Munich, and the ongoing support of our EMEA headquarters in London, we will be able to significantly step up our support for DACH customers and partners.

I’m excited to get started. Please look out for announcements about upcoming customer events and webinars. I’d be delighted to meet you there in person. Or, you can get in touch with me at shenke (at) cloudflare.com.

And, in case you are wondering, yes, we are hiring in the region. We are looking for Account Executives and Solution Engineers in Munich. If you are interested in exploring a career on our team in Germany, please keep in touch.

Oktoberfest kommt früh in diesem Jahr! Wir haben gerade unser 110. Rechenzentrum in München angeschaltet. Wir haben somit fünf Rechenzentren in Deutschland (Frankfurt, Düsseldorf, Berlin, Hamburg und München). Nur ca. 2 Kilometer entfernt vom historischen Hofbräuhaus, wird unser neustes Rechenzentrum sechs Millionen Webseiten im Raum Bayern schneller machen, und zugleich größere Kapazitäten gegen DDoS Attacken bereitstellen.

As TripAdvisor put it: Germany’s third largest city reflects the character of a city and a post card village at the same time.

Wie TripAdvisor es ausdrückt: Deutschlands drittgrößte Stadt spiegelt zugleich den Charakter einer Stadt und eines Dorfes wider.

_CC BY-NC-ND 2.0 image by Werner Nieke_

We have several additional locations being added to our fast expanding network that spans 55 countries. If you have a new city in mind, let us know, and we'll get to work!

Wir haben mehrere weitere Standorte zu unserem schnell expandierenden Netzwerk hinzugefügt. Unser Netzwerk erstreckt sich nun über 55 Länder. Wenn Sie eine neue Stadt im Sinn haben, lassen Sie uns wissen, und wir machen uns an die Arbeit!

-The Cloudflare Team

Moin Hamburg! Ensconced alongside the Elbe River, Hamburg, a major port city in northern Germany, is the second largest city in the country, and the eight largest in the European Union. Our data center in Hamburg is our 4th in Germany following deployments in Frankfurt, Düsseldorf and Berlin, our 19th in Europe, and 72nd globally. This means not only better performance in Germany, but additional redundancy for our 3 other data centers throughout the country. As of this moment, CloudFlare has a point of presence (PoP) in 8 out of Europe's 10 most populous* cities, and we're headed for a perfect 10-for-10 (look out Budapest...).

For the local audience: Liebe Freunde in Hamburg, Euer Internetanschluss ist schneller geworden und ihr könnt jetzt sicherer surfen. Viel Spaß.

Be sure to have some Glühwein if you visit the Christkindlmärkte this holiday season

Yesterday we announced new points of presence (PoPs) in Montreal and Vancouver. Today: Hamburg. However, the holidays are hardly over, and we have lots more cheer to spread. We've sent planes sleighs full of servers, switches, routers and PDUs to many corners of the globe. And to cap it off, we'll gift some CloudFlare gear to the first person to guess how many data centers we reach by year end, as well as to the person who can guess the next data center (that isn't on the system status page)! Happy guessing...

—Mit freundlichen Grüßen Euer CloudFlare

* By population within city limits.

Our data center in Berlin is our 3rd in Germany following Frankfurt and Düsseldorf, 14th in Europe, and 44th globally. Berlin is of considerable importance not just because it is the capital of Europe's most populous country, but also because it is the 2nd largest city in the European Union by population* trailing only London. As of this moment, CloudFlare has a point of presence (PoP) in 7 out of Europe's 10 most populous cities, and we're headed for a perfect 10-for-10.

"I am one with the people of Berlin," best expresses our sentiments following this latest launch, but is more famously a reference to U.S. President John F. Kennedy's June 26th, 1963 speech in West Berlin (and also the source of an amusing urban legend). The story goes that Kennedy should have said "Ich bin Berliner" ("I am a citizen of Berlin"), but instead remarked "Ich bin ein Berliner" which translates as "I am a jelly doughnut."

The Berliner: we treated ourselves to one a few in celebration of the launch

As it turns out, and despite decades of misinformation, Kennedy was linguistically correct. While in proper German an actual Berliner would say "Ich bin Berliner, " that wouldn't have been the right phrase for Kennedy to use as a non-resident. The addition of the indefinite article "ein" is required to express a metaphorical identification between subject and predicate. That being said, in any other context, it is indeed a way to say "I am a jelly doughnut."

Speaking on behalf of the entire team here at CloudFlare, we can empathize. Every new PoP we turn-up involves thousands of details and a fair share of "lost in translation" moments. Over the course of the following months we plan to launch a series of technical blog posts on how we rapidly deploy (and manage) an increasingly large and complex global infrastructure footprint.

In our Düsseldorf post we referenced the wave of imminent new CloudFlare datacenters to come over the remainder of the year. We've already added 14 new PoPs year to date, and we're not even half-way done. Stay tuned...

—Mit freundlichen Grüßen Ihr CloudFlare

* By population within city limits.Photo source: Jean-Pierre Dalbéra; images used under creative commons license.

Hallo Düsseldorf. Nestled in the center of the Lower Rhine basin lies the bustling city of Düsseldorf, capital of Germany’s most populous state, Northern Rhine-Westphalia. Provided its status as an international business and telecommunications hub, and serving a population larger than the Netherlands, our data center in Düsseldorf is an important addition to our European network. This means not only better performance in Germany and Northern Europe, but additional redundancy for our 10 other data centers throughout Europe, including our first German data center in Frankfurt.

For the local audience: Liebe Freunde in Düsseldorf, euer Internetanschluss ist schneller geworden und ihr könnt jetzt sicher surfen. Viel Spaß.

Dusseldorf comes to life.

Our Düsseldorf data center holds a special place in the heart of our legal counsel Ken Carter. When he’s not helping to build a better Internet, he is likely to be found regaling the office with tales of his adventures in the quaint medieval town of Bad Honnef am Rhein, just south of our new data center. Ban Honnef, most famously known as the world-wide headquarters for Birkenstock, can now add one more tale of note. Equidistant between Frankfurt and Dusseldorf, it is now one of the best served cities by CloudFlare in Germany.

Dusseldorf is the first in a wave of new CloudFlare data centers yet to come this year. At this very moment we have infrastructure present in, or in flight to, over 10 new sites. If you can guess one of the next three (in the comments below), we'll send you some free CloudFlare gear.

Mit freundlichen Grüßen Ihr CloudFlare

Photo source: Sergey Sokolov; image used under creative commons license.

Frankfurt has been known for its business center, its techno music, and, well, its frankfurters. Now add another item to the list: CloudFlare's newest data center! Frankfurt turns CloudFlare's dance music volume past 10 to 11 data centers worldwide. Frankfurt is an increasingly important hub for European Internet traffic, and the Frankfurt data center will increase performance for areas that had previously been serviced by our facilities in Paris and Amsterdam.

Special thanks to the U.S. Department of Commerce and the representatives from the German Region of Hessen who helped us clear an issue with the customs paperwork for one of our router shipments. Turns out you learn a lot of things and meet a lot of interesting people when you're building a global network, and the folks from the Region of Hessen, where Frankfurt is situated, were terrific to work with.

Next up: we expect Singapore will be online later this week. After that, we're planning to work on Miami and London to finish up our Phase 2 data center deployment and bring the total footprint to 14 core Internet exchange points. And then we'll begin work on Phase 3 where things really get interesting..... stay tuned!