Why Cloudflare Transitioned from NGINX to Pingora for Enhanced Performance
Written on
Understanding Cloudflare's Role
Before diving into the technical aspects of proxy servers and reverse proxies, it's essential to clarify what Cloudflare is and the customer base it serves.
Cloudflare operates as a robust network designed to enhance the security and performance of internet-based applications. Picture Cloudflare as a mediator between the client and the server; it functions as a reverse proxy that optimizes data flow.
Additionally, Cloudflare serves as a Content Delivery Network (CDN), caching static resources to significantly improve web application speed and efficiency.
What is a Reverse Proxy?
Clients communicate with servers through URLs, such as www.myserver.com. However, this URL is linked to an IP address, typically represented as 127.0.0.1. The conversion of a URL to its corresponding IP address is referred to as DNS lookup.
In the absence of a service like Cloudflare or NGINX, when a client attempts to access www.myserver.com, they will be directed to the actual server's IP address. By utilizing a system like Cloudflare, the DNS lookup instead returns the middleman’s IP address, enhancing security by keeping the server’s IP private. This also allows Cloudflare to identify and mitigate security threats effectively, improving overall application performance.
Thus, a reverse proxy serves as a gateway in front of application servers.
What is NGINX?
Launched in October 2004, NGINX is an open-source web server that functions as a reverse proxy. It operates on an event-driven architecture, where it manages multiple web requests using worker processes. Each worker can handle numerous threads through smaller units called worker connections, allowing NGINX to process thousands of requests efficiently.
What is Pingora?
For a long time, Cloudflare utilized NGINX within its proxy stack, but recently, the company transitioned to its in-house solution, Pingora. Unlike NGINX, which is developed in C, Pingora is built using the modern, memory-safe Rust programming language. Furthermore, Pingora employs a multithreaded approach rather than a multiprocess one, which NGINX uses.
Why Did Cloudflare Switch to Pingora?
Cloudflare identified several limitations in NGINX's worker process architecture. One significant factor in optimizing the connection between the proxy server and the origin server is the ability to reuse established TCP connections. NGINX processes each web request with a dedicated worker, meaning connections can only be reused within that specific worker. This restriction can hinder proxy server performance and increase resource usage and costs for Cloudflare.
In response, Pingora shifted from a multiprocess to a multithreaded model, enabling shared resource utilization, such as connection pools. Cloudflare claims that Pingora outperforms NGINX, using only a third of the memory and CPU resources.
Should You Ditch NGINX in Your Project?
Cloudflare has relied on NGINX for an extended period. Considering that the company handles over 1 trillion requests daily, they recognized the need to tackle the performance limitations presented by NGINX. Evaluate whether your applications have outgrown NGINX's capabilities; if they have not, there may be no immediate cause for concern.
The first video discusses Cloudflare's decision to open-source Pingora, highlighting the benefits and implications of this move.
The second video explores the reasons behind Cloudflare's abandonment of NGINX in favor of Pingora, providing insights into the technical advantages of this transition.