Meet Gatebot - a bot that allows us to sleep

Cloudflare's architecture is designed to handle large DDoS attacks by distributing traffic across a large number of edge servers, using Anycast and ECMP. The company does not use separate scrubbing boxes or specialized hardware; instead, every edge server can perform advanced traffic filtering if needed. During normal operations, Cloudflare's attitude towards attacks is pragmatic, as the inbound traffic is distributed across hundreds of servers. However, during large attacks, mitigations are deployed to reduce the CPU consumed by malicious traffic. These mitigations include scattering domains between IP addresses, using iptables with specific extensions, and shifting attack traffic from kernel iptables to a kernel bypass user space program called floodgate. The company also developed an automatic mitigation system called Gatebot, which automates the detection, analysis, and deployment of mitigations across its servers and applications.