Cloudflare servers don't own IPs anymore – so how do they connect to the Internet?
Cloudflare has rarely discussed its egress network design, which is critical for its operation. The company manages Cloudflare IP addresses used to retrieve data from the internet and optimizes them for efficient use of available IP space. It uses a combination of anycast on ingress and unicast on egress, with each server having its own unicast IP address. To work around traffic segmentation issues, it added an untrusted WARP IP address to each server. The company also tags its egress IP addresses with country codes and publishes them as a geofeed. It has developed a solution called "soft-unicast" that allows sharing of a /32 egress IP among many servers by splitting the IP across servers using port ranges, improving utilization of IP space and reducing costs.
Company
Cloudflare
Date published
Nov. 25, 2022
Author(s)
Marek Majkowski
Word count
2675
Hacker News points
505
Language
English