How (and why) we rewrote our production C++ front end infrastructure in Rust
17 hours ago
- #Infrastructure Migration
- #Rust
- #C++
- Rewrote production C++ frontend infrastructure in Rust, moving from a custom C++ server process ('nfsncore') to Rust for enhanced safety and maintainability.
- The frontend servers handle caching, proxying, routing, access control, and TLS, with nfsncore being critical for every request across all member sites.
- Key reasons for the switch: Rust offers top-notch safety, speed, a strong ecosystem, and easier development compared to C++, which often required complex workarounds for simple tasks (e.g., string lowercasing).
- The C++ codebase was relatively small (<10% of PHP codebase size) but complex due to accumulated knowledge, and had been treated similarly to Rust with RAII and smart pointers, easing the transition.
- Conversion process involved extensive testing: unit tests, interoperability tests, functional tests, fuzz testing, replay testing, proxy testing, statistical analysis, and staged deployment over months.
- Proxy testing revealed edge-case bugs in both C++ and Rust versions, which were fixed, and statistical analysis confirmed minimal performance differences (latency and status codes within 0.1-0.5% variation).
- Rust version is now fully deployed with slight performance differences (~2% slower) but ample headroom, and includes internal improvements like better telemetry and error reporting without added risk.
- Future enhancements are planned now that Rust's capabilities remove previous limitations, with the project demonstrating careful, adult-like engineering practices despite past disruptions.