Cloudflare has long relied on Nginx as part of their HTTP proxy stack; but now, they announced that they have replaced Nginx with their in-house Pingora software written in Rust,”We’ve built a faster, more efficient, and more versatile internal agency to serve as a platform for our current and future products“.

According to the introduction, the software can handle more than one trillion requests per day, and can provide better performance while using only about one-third of the original CPU and memory resources.

As Cloudflare scales, we’ve surpassed NGINX. It’s been great over the years, but its limitations at our scale over time meant it made sense to build something new. We can no longer get the performance we need and NGINX doesn’t have the features we need for our very complex environment.

Cloudflare is now primarily focused on services that proxy traffic between servers on its network and the Internet, with the Pingora proxy service powering its CDN, Workers fetch, Tunnel, Stream, R2, and many other features and products.

According to Cloudflare,they chooseThe reason for the creation of another new proxy is that over the years there have been many limitations in the use of NGINX. These include architectural limitations that hurt performance, and the difficulty of adding certain types of functionality. And noted,The NGINX community is also not very active, and development is often“Closed Doors”.

And they choose Rust As the language of the project, because it can do what C can do in a memory-safe way without compromising performance.Cloudflare also implemented their own HTTP library for Rust to meet all their different needs. Pingora uses a multi-threaded architecture instead of multi-process.

Overall traffic on Pingora showed a median TTFB reduction of 5ms and a 95th percentile reduction of 80ms.Among all customers, Pingora has only one third of new connections per second compared to the old service. For one major customer, it increased connection reuse from 87.1% to 99.92%, which resulted in a 160x reduction in new connections to its origins. “To visualize this number more clearly, by switching to Pingora, we are saving our customers and users 434 years of handshake time every day.”

In a production environment, Pingora consumes about 70% and 67% less CPU and memory compared to the old service under the same traffic load. In addition to the performance benefits, Pingora is also considered to be more secure, thanks in large part to the use of Rust.Pingora isn’t open-sourced yet, and Cloudflare says they’re working on plans, but the HTTP proxy isn’t publicly available yet.

More details can be found on the official blog.