Worth Reading: Egress Anycast in Cloudflare Network

Cloudflare has been using ingress anycast (advertising the same set of prefixes from all data centers) for ages. Now they did a giant leap forward and implemented another “this thing can never work” technology: egress anycast. Servers from multiple data centers use source addresses from the prefix that’s advertised by all data centers.

Not only that, in the long-established tradition they described their implementation in enough details that someone determined enough could go and implement it (as opposed to the typical look how awesome our secret sauce is approach from Google).

Latest blog posts in Anycast Resources series


  1. Quote: "... due to our design, semantically an IP identifies a datacenter and an IP and port range identify a specific machine. It behaves almost like a unicast."
    FMPOV they're still using some sort of address translation. Now their load balancer solution (Unimog) carries all the state. No magic to me.
    1. Their load balancer carries static state, i.e., additional configuration. Thus they avoid the dynamic per-session state of one-to-many NAT.

      At first glance, this idea seems similar to that behind RFC 6346: The Address plus Port (A+P) Approach to the IPv4 Address Shortage.

Add comment