Jeff Bruchado
Back to blog

Cloudflare Rewrites Main System in Rust and Achieves 25% Performance Gain

Hello HaWkers, Cloudflare has just completed one of the most ambitious migrations in web history: rewriting its main proxy system, which processes 20% of internet traffic, completely in Rust.

The results are impressive: 25% increase in performance, 10ms reduction in latency, and all of this using only half the computational resources of the previous system. How was this possible?

The Historic Migration: From FL1 to FL2

Cloudflare operated for 15 years with a system called FL1 (Firewall Layer 1), built mainly in C and NGINX, with some parts in Lua. This system processed billions of requests daily for millions of websites around the world.

Why Migrate a System That Worked?

The decision to rewrite was not taken lightly. The old system had fundamental limitations:

FL1 Problems:

  • Mix of languages (C, Rust, Lua) caused conversion overhead
  • Constant conversion of data representation between languages
  • Limited memory safety (C is not memory-safe)
  • Difficulty adding new features quickly
  • Inefficient resource usage (CPU and memory)

FL2's Promise:

  • 100% Rust system (memory-safe language)
  • Modular architecture from the start
  • Superior performance with fewer resources
  • Security guaranteed at compile time
  • Faster development of new products

Migration Numbers

Metric FL1 (Old) FL2 (Rust) Improvement
CPU Usage 100% 50% -50%
Memory Usage 100% <50% -50%+
Latency Baseline -10ms Lower
Performance Baseline +25% Higher
Crashes Frequent Rare* Drastic reduction

*Most crashes in FL2 are caused by hardware failures, not software bugs.

🔥 Context: Processing 20% of global internet traffic with half the resources means saving millions of dollars in infrastructure.

Migration Timeline

The migration was gradual and carefully planned:

2020-2023: Development

  • Team started FL2 development in Rust
  • Modular architecture designed from the beginning
  • Extensive testing in isolated environments

Early 2025: First Customers

  • FL2 started processing real customer traffic
  • Intensive performance and stability monitoring
  • Gradual increase in traffic volume

Throughout 2025: Progressive Scale

  • Gradual migration of more customers
  • Fine-tuning based on real metrics
  • Validation of performance gains

Early 2026: FL1 Retirement

  • Planned complete shutdown of old system
  • 100% of traffic being processed by FL2

Why Rust Was the Right Choice

Rust has unique characteristics that make it ideal for critical infrastructure systems:

1. Memory Safety Without Garbage Collection

Rust guarantees memory safety at compile time, without runtime overhead:

// Example of ownership in Rust
fn process_request(request: Request) -> Response {
    // Rust guarantees that 'request' is valid here
    let data = request.extract_data();

    // If we try to use 'request' after moving 'data',
    // the compiler prevents it at COMPILE TIME
    generate_response(data)
}

// No garbage collector, no unexpected pauses
// No memory leaks, no use-after-free
// Everything checked before code runs

Benefits:

  • Zero runtime overhead
  • Predictable performance (no GC pauses)
  • Impossible to have use-after-free or memory leaks
  • Thread safety guaranteed by compiler

2. Performance Equivalent to C/C++

Rust compiles to extremely efficient native machine code:

// High-performance processing in Rust
use rayon::prelude::*;

fn process_parallel_requests(reqs: Vec<Request>) -> Vec<Response> {
    reqs.par_iter()
        .map(|req| {
            // Automatic parallel processing
            // Thread-safe guaranteed by compiler
            process_safely(req)
        })
        .collect()
}

Advantages over C/C++:

  • Equivalent or superior performance
  • Guaranteed safety at compilation
  • Concurrency without data races
  • Zero-cost abstractions

3. Expressive Type System

Rust allows modeling business rules in the type system:

// Impossible states are impossible to represent
enum ConnectionState {
    Connecting { timeout: Duration },
    Connected { socket: TcpStream },
    Disconnected { reason: String },
}

// Compiler guarantees you handle all cases
fn handle_connection(state: ConnectionState) {
    match state {
        ConnectionState::Connecting { timeout } => {
            // Can only access 'timeout' here
        },
        ConnectionState::Connected { socket } => {
            // Can only access 'socket' here
        },
        ConnectionState::Disconnected { reason } => {
            // Compiler forces you to handle this case
        },
    }
}

4. Safe Concurrency

Rust makes data races impossible at compile time:

use tokio::sync::Mutex;
use std::sync::Arc;

// Safe sharing between threads
async fn process_with_cache(
    cache: Arc<Mutex<HashMap<String, Data>>>
) {
    // Rust guarantees only one thread accesses at a time
    let mut cache = cache.lock().await;
    cache.insert("key".to_string(), data);

    // Lock is automatically released here
}

Real Impact on Cloudflare Customers

The gains are not just theoretical. Cloudflare customers are seeing real improvements:

Latency Reduction

Before (FL1):

  • Average latency: X ms
  • Variation: High due to GC pauses and conversions

After (FL2):

  • Average latency: X - 10ms
  • Variation: Low and predictable
  • Significantly better P99

Resource Efficiency

Resource savings are substantial:

Resources Saved:

  • 50% less CPU per request
  • More than 50% less memory
  • Ability to serve more traffic with same infrastructure
  • Or maintain same traffic with fewer servers

Environmental Impact:
Fewer resources = less energy = smaller carbon footprint for 20% of the internet.

Lessons For Developers

Cloudflare's migration offers valuable insights:

1. Rust is Viable in Critical Production

If Cloudflare can trust Rust for 20% of the internet, you can trust it for your application:

Ideal Use Cases:

  • High-performance APIs
  • Systems processing many requests
  • Services that cannot fail
  • Network infrastructure
  • Real-time data processing

2. Gradual Migration is Possible

You don't need to rewrite everything at once:

Migration Strategy:

  1. Identify critical performance components
  2. Rewrite isolated parts first
  3. Validate gains before proceeding
  4. Keep old systems running in parallel
  5. Migrate gradually as confidence increases

3. Performance and Security Are Not Trade-offs

Rust proves you can have both:

Winning Combination:

  • C/C++ performance
  • Managed language safety
  • No garbage collector
  • No undefined behavior
  • Safe concurrency by design

The Future of Rust in Web Infrastructure

Cloudflare's migration is part of a larger trend:

Companies Adopting Rust

Known Cases:

  • Discord: rewrote critical services, saw latency reduction
  • AWS: Firecracker, Bottlerocket
  • Microsoft: Windows components
  • Meta: Folly, Watchman
  • Dropbox: sync engine
  • 1Password: desktop client

Areas Where Rust Is Growing

Area Reason
Web Infrastructure Performance + Security
Blockchain Critical security
Embedded Systems Zero overhead
WebAssembly Ideal compile target
CLI Tools Performance + UX
Game Dev Performance without GC

Comparison: Rust vs Other Languages

For context, see how Rust compares:

Rust vs Go

Go:

  • Easier to learn
  • Garbage collector (pauses)
  • Great for microservices

Rust:

  • Steep learning curve
  • Zero runtime overhead
  • Ideal for maximum performance

Rust vs C++

C++:

  • More mature, more libraries
  • Unsafe by default
  • Smaller compile times

Rust:

  • Memory safe by default
  • Modern tooling (Cargo)
  • Larger compile times

Rust vs Node.js

Node.js:

  • JavaScript, familiar to many
  • Garbage collector overhead
  • Single-threaded (by default)

Rust:

  • Bigger learning curve
  • Much superior performance
  • Real concurrency

How to Get Started with Rust

If you were inspired by Cloudflare's story:

Learning Resources

To Start:

  1. "The Rust Programming Language" (The Book) - official and free
  2. Rustlings - interactive exercises
  3. Rust by Example - practical examples
  4. Exercism Rust track - practice with mentorship

To Go Deeper:

  1. "Rust for Rustaceans" - advanced techniques
  2. "Zero To Production In Rust" - web services
  3. "Programming Rust" - complete reference

Projects To Practice

Beginner:

  • Simple CLI tool (grep, cat, ls)
  • Web scraper
  • Basic REST API with Actix-web

Intermediate:

  • Distributed cache system
  • HTTP proxy
  • Simple game engine

Advanced:

  • Database engine
  • Container runtime
  • Custom network system

Conclusion

Cloudflare's rewrite of its main system in Rust is a milestone for the industry. It demonstrates that Rust is not just hype, but a proven tool for production systems at the most critical scale possible.

The 25% performance gains and 50% resource savings are not just impressive numbers - they represent millions of dollars saved and a faster internet for everyone. More importantly, they prove that security and performance can go hand in hand.

For developers, the message is clear: Rust is a skill worth investing in. Not just because it's "trendy," but because it solves real problems that other languages cannot solve as well. The learning curve is steep, but the benefits are tangible.

If you want to explore more about modern languages and their applications, I recommend checking out another article: TypeScript Becomes the Most Used Language on GitHub where you'll discover another revolution happening in the development world.

Let's go! 🦅

📚 Want to Deepen Your Rust and Performance Knowledge?

This article covered Cloudflare's incredible migration to Rust, but there's much more to explore in the world of high-performance development.

Developers who master multiple languages and paradigms tend to have more market opportunities.

If you want to master JavaScript (which perfectly complements Rust in full-stack applications), I've prepared a complete guide:

Investment options:

  • $4.90 (single payment)

👉 Learn About JavaScript Guide

💡 Material updated with industry best practices

Comments (0)

This article has no comments yet 😢. Be the first! 🚀🦅

Add comments