Introducing Custom Regions for precision data control
A key part of our mission to help build a better Internet is giving our customers the tools they need to operate securely and efficiently, no matter their compliance requirements. Our Regional Services product helps customers do just that, allowing them to meet data sovereignty legal obligations using the power of Cloudflare’s global network.
Today, we're taking two major steps forward: First, we’re expanding the pre-defined regions for Regional Services to include Turkey, the United Arab Emirates (UAE), IRAP (Australian compliance) and ISMAP (Japanese compliance). Second, we’re introducing the next evolution of our platform: Custom Regions.
Before we dive into what’s new, let’s revisit how Regional Services provides the best of both worlds: local compliance and global-scale security. Our approach is fundamentally different from many sovereign cloud providers. Instead of isolating your traffic to a single geography (and a smaller capacity for attack mitigation), we leverage the full scale of our global network for protection and only inspect your data where you tell us to.
Here’s an overview of how it works:
Global ingestion & L3/L4 DDoS defense: Traffic is ingested at the closest Cloudflare data center, wherever in the world that Continue reading
BGP Labs: Goodbye, Cumulus Linux
When I started the Online BGP Labs project in mid-2023, Cumulus Linux still seemed like a good platform to use. You could run devices as virtual machines (we were still supporting VirtualBox) or in containers (containerlab was improving with every release), and it looked more polished than bare-bones FRRouting.
Things only went downhill from there (from the perspective of offering a free and easy-to-use solution with a CLI resembling commonly-used devices):
The Value of Concise Communication
When I first started working at Tech Field Day, one of the things that I struggled with was writing. Sure, I’d been writing blog posts for almost three years at that point. But what I really had issues with was my communication style through email. Every message became a small blog post unto itself. I spent more time answering every possible question and providing way more information than was needed. Luckily, Stephen Foskett helped me figure out that concise communication was critical. That lesson has grown on me through the current day.
Working With a Watch
I want you to think back to an interaction that you’ve had recently where you were talking to someone. Maybe you were asking them a question or looking for them to provide an opinion about something. How much did they talk? Was it a short pointed answer? Or did it feel as if it was going on forever? It’s something I’ve noticed recently with people I talk to in real life. The discussions aren’t short and focused. Instead they carry a lot of extra information and exposition that makes things take far too long.
Yes, I know the irony of that statement for Continue reading
MANRS for Enterprise Customers
In October 2023, I was talking about Internet routing security at the DEEP conference in Zadar, Croatia. After explaining the (obvious) challenges and the initiatives aimed at making Internet routing more secure (MANRS), I made my usual recommendation: vote with your wallet. However, if you’re a company in Croatia (or Slovenia, or a number of other countries), you’re stuck.
While ISPs in Croatia might be doing a great job, none of them is a MANRS participant1, so we don’t know how good they are. The situation is not much better in Slovenia; the only ISPs claiming to serve Slovenia are Anexia (a cloud provider) and Go6 Institute, the small network operated by my good friend (and True Believer in IPv6 and MANRS) Jan Žorž. Moving further north, I was unable to get any useful data for Austria, as its country code (AT) also matches “No Data” string in MANRS table, resulting in over 500 hits.
Standing up for the open Internet: why we appealed Italy’s “Piracy Shield” fine
At Cloudflare, our mission is to help build a better Internet. Usually, that means rolling out new services to our millions of users or defending the web against the world’s largest cyber attacks. But sometimes, building a better Internet requires us to stand up against laws or regulations that threaten its fundamental architecture.
Last week, Cloudflare continued its legal battle against "Piracy Shield,” a misguided Italian regulatory scheme designed to protect large rightsholder interests at the expense of the broader Internet. After Cloudflare resisted registering for Piracy Shield and challenged it in court, the Italian communications regulator, AGCOM, fined Cloudflare a staggering €14 million (~$17 million). We appealed that fine on March 8, and we continue to challenge the legality of Piracy Shield itself.
While the fine is significant, the principles at stake are even larger. This case isn't just about a single penalty; it’s about whether a handful of private entities can prioritize their own economic interests over those of Internet users by forcing global infrastructure providers to block large swaths of the Internet without oversight, transparency, or due process.
To understand why we are fighting this, it’s necessary to take a step back Continue reading
netlab Graphs with Multi-Access Links
A netlab user wanted to create a nice-looking topology graph from a simple topology connecting a few devices to a broadcast (multi-access) link. I don’t have his exact topology, so we’ll use this one (skipping the details like setting device types)
nodes: [ r1, r2, h1, h2 ]
links:
- r1-r2
- interfaces: [ r1, r2, h1, h2 ]
This is what GraphViz generates based on netlab’s description of the lab topology:
Profil Wu Jingyu, Atlet Taekwondo Tiongkok Paling Dominan di Olimpiade
Daftar Pustaka
Wu Jingyu dikenal sebagai atlet taekwondo Tiongkok paling sukses sepanjang sejarah. Ia membangun reputasi global melalui kecepatan, ketepatan, dan mental juara. Selain itu, Wu Jingyu menginspirasi generasi muda lewat dedikasi dan konsistensi. Oleh karena itu, namanya selalu muncul dalam pembahasan taekwondo dunia.
Sejak awal karier, Wu Jingyu menunjukkan bakat luar biasa. Ia berlatih keras dan fokus pada detail teknik. Dengan demikian, ia mampu bersaing di level internasional. Bahkan, ia mendominasi kelas -49 kg putri selama bertahun-tahun.
Profil Singkat Wu Jingyu
Wu Jingyu lahir di Jingdezhen, Jiangxi, pada 23 Maret 1987. Ia mulai mengenal taekwondo sejak usia remaja. Selanjutnya, ia bergabung dengan sistem pelatnas Tiongkok. Di sana, ia menempa kemampuan fisik dan mental secara intensif.
Sebagai atlet, Wu Jingyu terkenal disiplin. Ia menjaga kondisi fisik, pola makan, dan fokus mental. Oleh sebab itu, performanya tetap stabil dalam tekanan tinggi. Selain itu, ia selalu mempelajari gaya lawan sebelum bertanding.
Perjalanan Karier Internasional
Karier internasional Wu Jingyu berkembang pesat. Ia meraih gelar dunia dan Olimpiade secara konsisten. Dengan kata lain, Continue reading
Honda Prelude: Coupe Legendaris dengan Performa dan Desain Ikonik
Daftar Pustaka
Honda Prelude merupakan coupe legendaris yang mencerminkan inovasi, performa, dan karakter sporty khas Honda. Sejak awal kemunculannya, mobil ini langsung menarik perhatian penggemar otomotif dunia. Selain itu, Honda Prelude menghadirkan keseimbangan antara kenyamanan, teknologi, dan pengendalian presisi. Oleh karena itu, banyak kolektor hingga pecinta JDM masih memburunya hingga sekarang.
Sejarah Honda Prelude yang Menginspirasi
Honda pertama kali memperkenalkan Honda Prelude pada tahun 1978. Saat itu, Honda ingin menciptakan coupe sporty dengan teknologi modern. Selanjutnya, Prelude berkembang melalui lima generasi berbeda. Setiap generasi membawa peningkatan desain, mesin lebih bertenaga, dan fitur canggih.
Selain itu, Prelude menjadi pelopor teknologi four wheel steering pada era 1980-an. Teknologi ini meningkatkan stabilitas saat menikung. Oleh sebab itu, Honda Prelude dikenal sebagai mobil yang menyenangkan untuk dikendarai. Bahkan, banyak jurnalis otomotif memuji keseimbangan sasisnya.
Desain Eksterior yang Sporty dan Elegan
Dari segi visual, Honda Prelude selalu tampil menawan. Garis bodinya terlihat aerodinamis dan tegas. Selain itu, lampu depan pop-up pada Continue reading
Hedge 299: 6G
As we discussed in the prior episode, the 6G hype is building. What’s in 6G, though, and how realistic is it that a new wireless technology is going to radically change the world? In this episode of the Hedge, George Michaelson joins us from Australia to discuss the ins and outs of 6G.
download
Network Device Telemetry Protocols with Dinesh Dutt
Whenever I’m ranting about vendors changing their data models or APIs with every other release, there is inevitably a vendor engineer chiming in, saying, “Life would be so much better if the customers wouldn’t insist on doing screen scraping for the last 50 years.”
While some of that screen scraping is pure inertia, we sometimes have good reasons to do it rather than use protocols like NETCONF, gNMI, or protobufs. In Episode 205 of Software Gone Wild, I’m discussing some of those reasons and exploring the gap between vendor theory and reality with Dinesh Dutt, who is unlucky enough to have become the world’s foremost expert on crappy network telemetry.
From legacy architecture to Cloudflare One
For a network engineer, the cutover weekend is often the most stressful 48 hours of their career. Imagine a 30,000-user organization attempting to flip 1,000+ legacy applications from fragmented VPNs to a new architecture in a single window. The stakes are immense: a single misconfigured firewall rule or a timed-out session can halt essential services and lead to operational gridlock.
This "big bang" migration risk is the single greatest barrier to Zero Trust adoption. Organizations often feel trapped between an aging, vulnerable infrastructure and a migration process that feels too risky to attempt.
Cloudflare and Technology Solutions Provider CDW are changing this narrative. We believe that a successful transition to SASE (Secure Access Service Edge) shouldn't feel like a leap into the dark. By combining Cloudflare’s global Zero Trust platform with CDW’s experience navigating the industry’s most complex deployment failures, we provide the strategic roadmap to de-risk the journey. We don't just move your "plumbing" — we ensure your legacy debt is transformed into a modern, agile security posture without the downtime.
Traditional migrations often fail because they treat the network as simple plumbing rather than a complex ecosystem of applications. Without a Continue reading
NetFlow/sFlow Monitoring in AI Environments
If you’ve spent time supporting AI infrastructure, whether that’s a GPU training cluster, a fleet of inference nodes, or a multi-tenant model serving platform, you’ve probably noticed something: the network telemetry tools that served you well in a traditional data center feel slightly out of place here. Not useless. Just not quite designed for this.
The traffic patterns are different. The failure modes are different. The things you need to catch early are different. And if you’re running NetFlow or sFlow collection – which you should be – understanding where that data genuinely helps versus where you’re looking at the wrong instrument is the difference between a useful monitoring stack and a false sense of coverage.
Why AI Traffic Is Different
Most of the networking intuition you’ve built over a career was forged on north-south traffic – clients reaching services, users reaching the internet, workloads reaching storage. Even in modern microservices environments with heavy east-west traffic, flows are relatively short-lived, heterogeneous in size, and largely TCP-based with normal congestion dynamics.
AI training breaks most of those assumptions simultaneously.
A distributed training job across a GPU cluster is synchronous in a way that most networked workloads are not. Every GPU in Continue reading
How far can you go with IX Route Servers only?
How far can you go with IX Route Servers only?
On paper internet exchanges (IX) are very simple in their implementation, simply put together a bunch of routers on a shared layer 2 ethernet switch