Cloudflare recently crossed a major infrastructure milestone that few networks in the world have achieved: 500 terabits per second of total provisioned external network capacity. This figure represents the aggregate capacity across all transit providers, private peering partners, Internet exchange connections, and Cloudflare Network Interconnect ports spanning their network of more than 330 cities worldwide. To put this in perspective, 500 Tbps is sufficient capacity to absorb the largest DDoS attacks ever recorded while still serving legitimate traffic for more than twenty percent of the entire web.
From Palo Alto to 500 Tbps
In 2010, Cloudflare launched from a small office above a nail salon in Palo Alto with a single transit provider and a simple reverse proxy service that users could activate by changing two nameservers. That first transit provider, nLayer Communications (now part of GTT), gave the company its initial capacity and its first hands-on experience with peering relationships and the delicate balance between cost and performance in internet infrastructure.
From those humble beginnings, Cloudflare grew city by city: Chicago, Ashburn, San Jose, Amsterdam, Tokyo, and eventually to over 330 locations globally. Each new data center meant negotiating colocation contracts, pulling fiber, racking servers, and establishing peering through Internet exchanges. The internet is not actually a cloud—it is a collection of specific rooms full of cables, switches, and routers, and Cloudflare spent years learning the nuances of every one of them.
Not every deployment was straightforward. The company dealt with missing hardware, customs strikes, and even dental floss—whatever it took to keep expanding. In a single month in 2018, Cloudflare opened 31 cities in 24 days, from Kathmandu and Baghdad to Reykjavik and Chișinău. When they opened their 127th data center in Macau, they were protecting 7 million internet properties. Today, with data centers in over 330 cities, they protect more than 20 percent of the web.
When the Network Became the Security Layer
As Cloudflare’s footprint grew, customers began asking for more than just website caching and content delivery. They needed to protect employees, replace aging MPLS circuits, and secure entire enterprise networks. Rather than deploying traditional security appliances at every location, Cloudflare built systems to establish secure tunnels to private subnets and advertise enterprise IP space directly from their global network via BGP.
The scale of threats grew in parallel with the network. In 2025, Cloudflare mitigated a 31.4 Tbps DDoS attack lasting 35 seconds, sourced from the Aisuru-Kimwolf botnet that included many infected Android TVs. It was one of over 5,000 attacks blocked that single day. No engineer was paged, no manual intervention was required, and legitimate traffic continued flowing.
A decade ago, an attack of that magnitude would have required nation-state resources to counter. Today, Cloudflare’s network handles it in seconds without human intervention. That is what operating at 500 Tbps scale requires: moving the intelligence to every server in the network so the network can defend itself autonomously.
eBPF and Autonomous Edge Protection
The technical implementation of Cloudflare’s DDoS protection illustrates the power of modern kernel technologies. When packets arrive at a network interface card, they immediately enter an eXpress Data Path program chain managed by xdpd running in driver mode. Among the first programs in that chain is l4drop, which evaluates each packet against mitigation rules using extended Berkeley Packet Filter.
Those rules are generated by dosd, Cloudflare’s denial of service daemon that runs on every server in their fleet. Each dosd instance samples incoming traffic, builds a table of the heaviest hitters it observes, and broadcasts that table to every other instance in the colocation. The result is a shared colocation-wide view of traffic, and because every server works from the same data, they reach the same mitigation decisions without requiring centralized coordination.
This architecture—distributing intelligence to the edge rather than centralizing it—enables the network to respond to attacks in microseconds rather than milliseconds. It also provides remarkable resilience: there is no single point of failure that could disable protection across the network.
Implications for the Industry
Cloudflare’s 500 Tbps milestone has implications beyond their own business. It demonstrates what is possible when networking, security, and software engineering are treated as integrated disciplines rather than separate silos. The eBPF-based approach they pioneered is being adopted by other infrastructure providers, and the concept of autonomous edge protection is reshaping how the industry thinks about DDoS mitigation.
For organizations building their own infrastructure, the lesson is clear: scale and security must be designed together from the beginning. Retrofitting security onto a network that was not designed for it becomes exponentially more difficult as scale increases. Cloudflare’s trajectory shows that building both capabilities simultaneously enables capabilities that would be impossible otherwise.
Sources
- Cloudflare Blog: 500 Tbps of capacity: 16 years of scaling our global network (April 10, 2026)