Cloudflare has crossed 500 Tbps of external network capacity across 330+ cities in 125+ countries, marking 16 years of growth from a single transit provider in 2010. The post details the technical architecture behind autonomous DDoS mitigation using XDP, eBPF, and a distributed denial-of-service daemon (dosd) that propagates mitigation rules globally within seconds without human intervention — demonstrated by absorbing a 31.4 Tbps attack in 2025. It also covers BGP security via RPKI and the emerging ASPA standard, the evolution from CDN to a full developer platform (Workers, KV, Durable Objects, Containers), and the growing challenge of distinguishing AI crawlers from attack traffic using TLS fingerprinting and behavioral analysis.
Table of contents
The early days of transit and peeringWhen the network became the security layerHow our network responds to an attackA distributed developer platformForward-looking protocols: IPv6, RPKI, ASPAAI agents and the evolving InternetHelp us build the next 500 TbpsSort: