Cloudflare quit Nginx and uses Pingora written in internal Rust
2 min readCloudflare quit Nginx and uses Pingora written in internal Rust
Cloudflare quit Nginx and uses Pingora written in internal Rust.
Cloudflare has long relied on Nginx as part of their HTTP proxy stack; but now, they announced that they have replaced Nginx with their in-house Pingora software written in Rust, ” We’ve built a faster, more efficient, more general internal agency, as a platform for our current and future products “.
According to the introduction, the software can handle more than one trillion requests per day, and can provide better performance while using only about one-third of the original CPU and memory resources.
“As Cloudflare scales, we’ve surpassed NGINX. It’s been great over the years, but its limitations at our scale over time meant it made sense to build something new.
We can no longer get the performance we need and NGINX doesn’t have the features we need for our very complex environment.”
Cloudflare is now primarily focused on services that proxy traffic between its network and servers on the internet, with the Pingora proxy service powering its CDN, Workers fetch, Tunnel, Stream, R2, and many other features and products.
Cloudflare said the reason they chose to build another new proxy was due to the many limitations they had encountered with NGINX over the years.
These include architectural limitations that hurt performance, and the difficulty of adding certain types of functionality
. And pointed out that the NGINX community is not very active, and development is often “closed door . “
And they chose Rust as the language for the project because it can do what C can do in a memory-safe way without compromising performance.
Cloudflare also implemented their own HTTP library for Rust to meet all their different needs. Pingora uses a multi-threaded architecture instead of multi-process.
Overall traffic on Pingora showed a median TTFB reduction of 5ms and a 95th percentile reduction of 80ms.
Among all customers, Pingora has only one third of new connections per second compared to the old service.
For one major customer, it increased connection reuse from 87.1% to 99.92%, which resulted in a 160x reduction in new connections to its origins.
“To visualize this number more clearly, by switching to Pingora, we are saving our customers and users 434 years of handshake time every day.”
In a production environment, Pingora consumes about 70% and 67% less CPU and memory compared to the old service under the same traffic load.
In addition to the performance benefits, Pingora is also considered to be more secure, thanks in large part to the use of Rust.
Pingora isn’t open-sourced yet, and Cloudflare says they’re working on plans, but the HTTP proxy isn’t publicly available yet.
More details can be found on the official blog .
