/plushcap/analysis/cloudflare/cloudflare-servers-dont-own-ips-anymore

Cloudflare servers don't own IPs anymore – so how do they connect to the Internet?

What's this blog post about?

Cloudflare has rarely discussed its egress network design, which is critical for its operation. The company manages Cloudflare IP addresses used to retrieve data from the internet and optimizes them for efficient use of available IP space. It uses a combination of anycast on ingress and unicast on egress, with each server having its own unicast IP address. To work around traffic segmentation issues, it added an untrusted WARP IP address to each server. The company also tags its egress IP addresses with country codes and publishes them as a geofeed. It has developed a solution called "soft-unicast" that allows sharing of a /32 egress IP among many servers by splitting the IP across servers using port ranges, improving utilization of IP space and reducing costs.

Company
Cloudflare

Date published
Nov. 25, 2022

Author(s)
Marek Majkowski

Word count
2675

Language
English

Hacker News points
505


By Matt Makai. 2021-2024.