When milliseconds define user experience, the architecture of your routing layer becomes your most critical engineering decision. We rebuilt our anycast topology from scratch — here's every lesson we learned.
We migrated all 47 edge nodes to TLS 1.3 over six weeks. The 0-RTT resumption gains were real — so were the unexpected replay attack vectors we had to mitigate.
Draining connections at line rate without dropping packets requires more than just a graceful shutdown signal. We open-source the tooling that makes our zero-downtime deploys possible.
HTTP/3 over QUIC promises better performance on unreliable connections. We ran 90 days of A/B tests across six mobile carriers in four countries. The results surprised us.
Most teams use BGP communities only for basic blackholing. We use them as a first-class traffic engineering primitive — steering flows across 12 upstream providers in real time.
Last November we absorbed the largest volumetric attack in our history. This post is an honest postmortem of what worked, what failed, and the architectural changes we made afterward.
We completed a full IPv6-only migration for our internal backbone in Q1 2026. Dual-stack is a crutch — here's how to rip it off cleanly without breaking your monitoring stack.