Home/Case Studies/Cloudflare
CLOUDFLARE · Rust (Pingora) · 2022

Cloudflare Pingora: 70% less CPU, 67% less memory vs NGINX

70%
Less CPU
67%
Less memory
1T
Requests/day

Source: blog.cloudflare.com/how-we-built-pingora

What Cloudflare built

Cloudflare's network handles over 1 trillion HTTP requests per day. For years, their proxy layer was NGINX. NGINX is written in C, reliable, and fast. But NGINX has architectural limitations: it was designed for a simpler era of HTTP (pre-HTTP/2, pre-HTTP/3), its connection pooling is per-worker, and it's notoriously difficult to extend safely.

In 2022, Cloudflare announced Pingora: a new proxy written entirely in Rust. Built from scratch over 2 years by their internal team. Pingora now handles the majority of Cloudflare's traffic.

Why Rust specifically

Memory safety without GC
At 1T req/day, a memory safety bug (use-after-free, buffer overflow) could be catastrophic and hard to reproduce. Rust catches these at compile time. C/C++ cannot guarantee this without runtime overhead.
Connection reuse (NGINX limitation)
NGINX's connection pool is per-worker-process. Workers can't share connections to upstream servers. Pingora's Rust architecture allows a global connection pool shared across threads, dramatically reducing upstream TCP handshakes.
HTTP/2 and HTTP/3 from scratch
NGINX's HTTP/2 support is bolted on. Pingora was designed from the start for HTTP/3, QUIC, and TLS 1.3 with full async support. Rust's async ecosystem (Tokio) made this practical.
Custom TLS implementations
Cloudflare operates a major TLS infrastructure (cf-ssl, BoringSSL). Rust's safe FFI and memory model allows tight integration with C crypto libraries without memory safety risk.

Open-source: Pingora is available on GitHub

Cloudflare open-sourced Pingora as a Rust framework for building HTTP proxies (github.com/cloudflare/pingora). It's not just the Cloudflare binary; it's a reusable Rust library you can use to build your own proxy or edge service. This is significant: Cloudflare bet their core infrastructure on it and then open-sourced it.

All case studies →Benchmark data →HTTP server code comparison →