How do you build a system that handles 90 million requests per second? That’s the scale that Cloudflare operates at, processing roughly 25% of all internet traffic through their global network of 330+ edge locations.

In this episode, we talk to Kevin Guthrie and Edward Wang from Cloudflare about Pingora, their open-source Rust-based proxy that replaced nginx across their entire infrastructure. We’ll find out why they chose Rust for mission-critical systems handling such massive scale, the technical challenges of replacing battle-tested infrastructure, and the lessons learned from “oxidizing” one of the internet’s largest networks.
About Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable. Their network spans 330+ cities worldwide and handles approximately 25% of all internet traffic. Cloudflare provides a range of services including DDoS protection, CDN, DNS, and serverless computing—all built on infrastructure that processes billions of requests every day.

About Kevin Guthrie

Kevin Guthrie is a Software Architect and Principal Distributed Systems Engineer at Cloudflare working on Pingora and the production services built upon it. He specializes in performance optimization at scale. Kevin has deep expertise in building high-performance systems and has contributed to open-source projects that power critical internet infrastructure.

About Edward Wang

Edward Wang is a Systems Engineer at Cloudflare who has been instrumental in developing Pingora, Cloudflare’s Rust-based HTTP proxy framework. He co-authored the announcement of Pingora’s open source release. Edward’s work focuses on performance optimization, security, and building developer-friendly APIs for network programming.

Links From The Episode

• Pingora - Serving 90+ million requests per second (7e12 per day) at Cloudflare
• How we built Pingora - Cloudflare blog post on Pingora’s architecture
• Open sourcing Pingora - Announcement of Pingora’s open source release
• Rust in Production: Oxide - Interview with Steve Klabnik
• Anycast - Routing traffic to the closest point of presence
• Lua - A small, embeddable scripting language
• nginx - The HTTP server and reverse proxy that Pingora replaced
• coredump - File capturing the memory of a running process for debugging
• OpenResty - Extending nginx with Lua
• Oxy - Another proxy developed at Cloudflare in Rust
• Ashley Williams - Famous Rust developer who worked at Cloudflare at one point
• Yuchen Wu - One of the first drivers of Pingora development
• Andrew Hauck - Early driver of Pingora development
• Pingora Peak - The actual mountain in Wyoming where a Cloudflare product manager almost fell off
• shellflip - Graceful process restarter in Rust, used by Pingora
• tableflip - Go library that inspired shellflip
• bytes - Reference-counted byte buffers for Rust
• The Cargo Book: Specifying dependencies from git repositories - Who needs a registry anyway?
• cargo audit - Security vulnerability scanner for Rust dependencies
• epoll - Async I/O API in Linux
• Tokio - The async runtime powering Pingora
• mio - Tokio’s abstraction over epoll and other async I/O OS interfaces
• Noah Kennedy - An actual Tokio expert on the Pingora team
• Rain: Cancelling Async Rust - RustConf 2025 talk with many examples of pitfalls
• foundations - Cloudflare’s foundational crate for Rust project that exposes Tokio internal metrics
• io_uring - Shiny new kernel toy for async I/O
• ThePrimeTime: Cloudflare - Trie Hard - Big Savings On Cloud - “It’s not a millie, it’s not a billie, it’s a trillie”
• valuable - Invaluable crate for introspection of objects for logging and tracing
• bytes - Very foundational crate for reference counted byte buffers
• DashMap - Concurrent HashMap with as little lock contention as possible
• Prossimo - Initiative for memory safety in critical internet infrastructure
• River - Prossimo-funded reverse proxy based on Pingora
• Rustls - Memory-safe TLS implementation in Rust, also funded by Prossimo
• http crate - HTTP types for Rust
• h2 - HTTP/2 implementation in Rust
• hyper - Fast HTTP implementation for Rust
• ClickHouse Rust client - Official Rust client by Paul Loyd
• Pingap - Reverse proxy built on Pingora
• PR: Add Rustls to Pingora - by Harald Gutmann
• PR: Add s2n-tls to Pingora - by Bryan Gilbert

Official Links

• Cloudflare
• Cloudflare Blog
• Pingora on GitHub
• Edward Wang’s Blog Posts
• Kevin Guthrie’s Blog Posts