Cloudflare achieves 10x increase in global scanning capacity

๐กLearn how to scale high-frequency data processing by 10x through software optimization instead of expensive hardware.
โก 30-Second TL;DR
What Changed
Achieved 10x throughput increase without additional hardware
Why It Matters
This demonstrates how architectural refinement can significantly improve large-scale data processing efficiency. It provides a blueprint for developers handling high-frequency security or telemetry data streams.
What To Do Next
Review your high-throughput data pipelines for Kafka consumer bottlenecks and Postgres query execution plans to identify similar optimization opportunities.
Key Points
- โขAchieved 10x throughput increase without additional hardware
- โขSystem now processes over 120 scans per second
- โขOptimizations focused on Kafka consumers, Postgres queries, and API performance
๐ง Deep Insight
Web-grounded analysis with 12 cited sources.
๐ Enhanced Key Takeaways
- โขThe 10x capacity increase enabled Cloudflare to activate automatic security scanning for all free accounts and significantly boost scanning frequency across all plans, now offering daily scans for Enterprise, every three days for Pro/Business, and weekly for Free accounts.
- โขCloudflare's Security Insights system generates over 10 million actionable insights daily, identifying potential security risks and misconfigurations across various Cloudflare environment aspects, including account settings, DNS record configurations, SSL/TLS certificates, Cloudflare Access, and Web Application Firewall (WAF) configurations.
- โขThe performance boost was achieved through a deep engineering approach, prioritizing software and architectural improvements like parallel processing for Kafka consumers, optimized Postgres queries, and enhanced API performance, rather than relying on additional hardware resources.
- โขSecurity Insights scans extend beyond proxied traffic to include non-proxied (DNS-only) hostnames, ensuring a broader detection of potential risks even for assets not fully routed through Cloudflare's application security features.
๐ ๏ธ Technical Deep Dive
- Kafka Optimizations: Cloudflare implemented batch consumption, where specialized Go microservices (checkers) process multiple Kafka messages concurrently using separate goroutines to handle high throughput and absorb production spikes without accumulating consumer lag. Their Kafka infrastructure runs on self-managed bare metal across 14 distinct clusters and utilizes an internal Go-based message bus client library that enforces a one-to-one mapping between Protobuf message types and Kafka topics.
- Postgres Optimizations: Performance improvements involved optimizing Postgres queries within Cloudflare's distributed PostgreSQL clusters, which leverage PgBouncer for efficient connection pooling and HAProxy for load balancing across multiple database instances. Cloudflare also employs strategies such as dynamic connection pool sizing and gateway query queuing to manage performance in multi-tenant environments and prevent resource starvation.
- API Performance Optimizations: Enhancements included addressing latency issues, particularly between active-active API instances and a primary database, by optimizing database queries from remote API instances. Cloudflare also utilizes technologies like Ricochet for API Gateway to reduce latency through intelligent caching of API requests, even for previously uncacheable items such as GraphQL POST requests.
๐ฎ Future ImplicationsAI analysis grounded in cited sources
โณ Timeline
๐ Sources (12)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: Cloudflare Blog โ