The Cloudflare Blog: Cloudflare just got faster and more secure, powered by Rust

Sep 26, 2025

—

Source URL: https://blog.cloudflare.com/20-percent-internet-upgrade/
Source: The Cloudflare Blog
Title: Cloudflare just got faster and more secure, powered by Rust

Feedly Summary: We’ve replaced the original core system in Cloudflare with a new modular Rust-based proxy, replacing NGINX.

AI Summary and Description: Yes

**Summary:** The text discusses Cloudflare’s significant updates to its network software, transitioning from FL1 to FL2, which results in a performance boost and improved security. This upgrade is noteworthy for professionals in AI, cloud, and infrastructure security as it emphasizes the importance of performance optimization and secure software architecture in modern networking environments.

**Detailed Description:**
The document outlines Cloudflare’s ongoing efforts to enhance its network performance through a substantial software upgrade. The transition from FL1 to FL2 is characterized by several key improvements that are crucial for maintaining high efficiency and security in cloud networking.

– **Performance Optimization:**
– **Latency Reduction:** The upgrade reduces response times by 10 ms, leading to a 25% boost in performance.
– **Unified Codebase in Rust:** FL2 is built using Rust, which helps to streamline operations and reduce conversion overhead between different programming languages used in FL1, allowing for faster execution and lower memory consumption.
– **Modular Architecture:** The design enables selective execution of modules, minimizing unnecessary processing.

– **Security Enhancements:**
– **Inherent Safety Features of Rust:** The transition utilizes Rust’s compile-time memory checks and strict type system to mitigate common security vulnerabilities, which were more prevalent in the previous LuaJIT implementation.
– **Structured Module System:** Each module in FL2 has strict input-output definitions and is self-contained, improving code safety and reducing error rates during interactions.

– **Continuous Development:**
– **Smooth Rollouts and Testing:** Cloudflare employs an automated testing and deployment framework to ensure seamless updates without disrupting service for customers, allowing for quick adaptations and improvements.
– **Fallback Mechanisms:** The design includes fallback provisions to FL1, ensuring service continuity and effective comparisons between old and new implementations for validating functionality.

– **Future Enhancements:**
– Ongoing plans to fully decommission FL1 by early 2026 and expand the capabilities of FL2 to support more traffic protocols and optimize the networking stack further.

This transformation reflects a broader trend in cloud service infrastructure where security and performance are critical to service delivery. For professionals in infrastructure security, the lessons learned from implementing FL2, particularly in terms of modular design and programming language safety, can serve as best practices for developing resilient and efficient cloud solutions.

1 10 2 5 a Act actions adaptation age AI All allow and anti Arch architecture art as at ated Auto automated testing based Best best practices Bi built by C capabilities CI CIA Cloud Cloud Network Cloud Networking cloud service Cloud Solutions Cloudflare co code codebase Col consumption continuous continuous development core critical custom Customer D de DeFi definition definitions deployment design development document e effective efficiency efficient ELF end environment environments error error rate error rates execution exp fast faster feature features for framework full function functionality future g Go grade H high HR http HTTPS implementation improving in infrastructure infrastructure security inter interaction interactions intern internet io Iron ite J Just k Key l language latency latency reduction leading led Li line line operations low M man memory memory consumption mini mission ML Mode Modern modular modular architecture modular design N network network performance Networking new Nginx NGO no NPU o of on ons oost operation operations OPM opt optimization ory oS out output over Paris per performance performance boost performance optimization Power powered practices pre pro process processing professionals programming programming language programming languages protocol protocols proxy ps Q QUIC R rate RCE re red reduction Resil response response times Ro RoT Rust s safe safety safety features sec secure secure software security security enhancements Security Vulnerabilities self service service continuity service delivery Sig size sizes software software architecture software upgrade solutions source SSE SSO stack structured support system T ted test Testing text the Time times to TP traffic Transform transformation transition two type UI UN up update updates upgrade US use V val Valid version Vision vulnerabilities Ware Wi x z