Cloudflare just got faster and more secure, powered by Rust
6 months ago
- #Cloudflare
- #Network Performance
- #Rust
- Cloudflare has upgraded its network software, reducing median response time by 10ms and improving performance by 25%.
- The new system, FL2, is built in Rust on the Oxy framework, replacing the older FL1 system based on NGINX and LuaJIT.
- FL2 introduces a modular architecture with strict rules to ensure explicit interactions between product logic, improving maintainability and performance.
- Oxy enables graceful restarts, reducing downtime during updates and improving reliability for long-lived connections like WebSockets.
- Cloudflare has gradually rolled out FL2, starting with free customers and progressively onboarding paying customers, with plans to fully retire FL1 by early 2026.
- FL2 uses less than half the CPU and memory of FL1, allowing Cloudflare to deliver more features efficiently.
- The migration to FL2 has been supported by a robust testing framework, automated rollouts, and feedback from the Cloudflare community.
- FL2 is more secure by design, leveraging Rust's memory safety features and strict coding standards to reduce vulnerabilities.
- Cloudflare plans to complete the migration of its HTTP & TLS termination service to Rust by early next year, further optimizing its network.