Cloudflare has completed one of its most significant redesigns since its inception: FL2, a new implementation of the “brain” orchestrating security and performance across its global network. Built in Rust on the internal framework Oxy, FL2 is gradually replacing the long-standing FL1 (NGINX/OpenResty/LuaJIT) and is already delivering –10 ms median response times and a +25% improvement in independent performance tests. Additionally, it reduces CPU and memory consumption by more than half, enhances security by design, and shortens the rollout time for new features.
Meanwhile, the company updated its speed report: today, it claims to be the fastest network in 48% of the top 1,000 “eyeball” networks (major user-base operators) from November 2024 to March 2025, up from 44% in the previous period. The jump is especially noticeable in Africa — thanks to Edge Partner deployments in the last mile — and in markets like Japan, where the distance to the second provider already exceeds >5% in TCP connection p95. In Canada, the race is tight, with just about ~1 ms separating the top three providers.
Why rewrite the network’s “brain”
For 15 years, FL1 accumulated logic for security and acceleration (WAF, DDoS, rules, routing to Workers and R2…). That flexibility came with growing costs: complex coupling, incremental latency when adding products, and
FL2: Rust + Oxy + Modules with Strict Contracts
Rust at the core. Rust provides memory safety and performance close to C, with compile-time checks that eliminate entire classes of failures (overflows, data races). On this foundation, Oxy — the internal framework for high-performance proxies — offers reusable “plumbing”: telemetry, hot reload, dynamic configuration, and extensibility from Layer 3 to Layer 7.
Modular architecture. All product logic resides in modules with defined phases, typed inputs/outputs, and a golden rule: modules do not perform direct E/S. If one module needs output from another, it explicitly declares it. The compiler validates the contracts and prevents implicit dependencies. The result: less unnecessary work, less latency, and fewer regressions when introducing new products.
Request-based filtering. Each module defines filters to decide when it executes. The system selects only the essential ones for each request, removing the “fixed cost” per product that hampered FL1.
Corte de reinicios sin interrupciones. With Oxy and systemd socket activation, updates are deployed without breaking WebSockets, streams, or real-time APIs: the new process starts, the old stops accepting new connections but continues serving existing ones until they naturally close.
Migration: No Downtime, Rust Inside FL1, Extensive Testing, and Fallbacks
- Rust modules in FL1. To avoid maintaining two versions per product, Cloudflare allowed running Rust modules inside OpenResty. This enabled teams to migrate logic without halting releases.
- End-to-end testing at scale. The Flamingo system runs thousands of concurrent tests against preprod and prod, comparing FL1 vs FL2 in behavior, resource usage, and SLIs. Staged rollouts pause or revert automatically if discrepancies arise.
- Safety fallback. If FL2 encounters something it cannot yet handle, it defers the flow to FL1 (network-level fallback). This reduces risk while increasing the traffic percentage on FL2 and allows output comparison to ensure functional equivalence.
Today, most clients are served by FL2. The remaining task is completing the HTTP/TLS termination service (still in NGINX), which will be finished in 2026 along with the ultimate shutdown of FL1.
What the numbers (beyond metrics) tell us
- –10 ms in median response and peak reductions in p95/p99 translate to better conversion in ecommerce, less abandonment in media, and less jank in real-time apps.
- < ½ CPU and memory free room for new features (more inspection, rules, Workers) without penalizing latency.
- 48-hour delivery cycles (vs. weeks) enable quick responses to strategic clients and rapid product-market adjustments without organizational friction.
Where tangible speed gains are made
- Africa. Edge Partner deployments (presence points inside last-mile ISPs) avoid detours to distant hubs.
- Japan. More locations and local peering explain the advantage over #2.
- Canada. Fiercely competitive: only about ~1 ms separates the top three providers.
Security by design and process
Rust reduces memory error surface; the modular architecture limits change impact. Yet, Cloudflare maintains strict standards: strong linting, code reviews, testing suites, and a policy of investigating any unexplained crash. The combined effect: fewer incidents and more time for root cause analysis when issues occur.
Roadmap
- Finish HTTP/TLS in Rust and decommission FL1 early 2026.
- Optimize inter-module connections, expand support for non-HTTP traffic (RPC, streams), and continue microsecond-level improvements guided by RUM and surgical peering where data shows room for growth.
Conclusion
FL2 isn’t “Rust for Rust’s sake”. It’s architecture + process + operations aimed at three goals: less latency, more security, and faster delivery. A modular “brain” that runs only what’s necessary, proxies that restart without session cuts, and a self-measuring network that decides where to invest, explain the leap: –10 ms in median, +25% performance, and leadership in almost half of the world’s most relevant networks. The remaining challenge is simple to state but hard to achieve: identify where you’re not #1, fix it, and tell the story.
Frequently Asked Questions
What exactly is FL2, and how does it improve upon FL1?
FL2 is Cloudflare’s new orchestration platform, built in Rust on top of Oxy. It replaces FL1 (NGINX/OpenResty/LuaJIT) with typed modules, request-based filters, and hot restarts. The result: –10 ms median latency, +25% performance, and less than half the CPU/memory usage.
Why choose Rust for a large-scale data plane?
Because of memory safety (fewer crashes and use-after-free) and performance. Coupled with Oxy, Rust provides smooth reloads, dynamic configuration, and a common foundation for very different products, from Zero Trust to CDN.
How does FL2 prevent connection disruptions in production?
Through graceful restarts and systemd socket activation: the new process comes online, while the old continues handling existing connections until they close. This ensures WebSockets/streams aren’t interrupted during deployments or hotfixes.
What role do Edge Partners play in speed improvements?
They bring the point of service closer to users inside last-mile networks. In regions with limited peering, they reduce hops and latencies, as seen in Africa and Japan.
How does Cloudflare know where to invest to get faster?
Using RUM and continuous comparisons against other CDNs (e.g., TCP connection p95). If a region or ASN lags, priority is given to peering, capacity, or new PoPs.
What will change for my site or API if I am a customer?
You should notice faster TTFB and less variability during peak hours. No action is required: FL2 is transparent to the client.
When will everything be “in Rust”?
The major migration is already complete; the remaining work is finishing HTTP/TLS termination and shutting down FL1 early 2026.
Does modularity add overhead?
On the contrary: request filters prevent executing irrelevant modules. Less total work → less latency and more efficient CPU/memory usage.
What are the implications for security and compliance?
Typed contracts and bounded modules reduce the risk of side effects. With reviews, testing, and telemetry, it improves traceability for audits and incident response.