|
| 1 | ++++ |
| 2 | +title = "71 - Production Rust at Internet Scale" |
| 3 | +date = "2025-11-02" |
| 4 | +slug = "production-rust-internet-scale" |
| 5 | +description = "Cloudflare's 90M req/sec with Pingora, the ecosystem maintenance debate that shook Reddit, and why your mutex choice matters more than you think." |
| 6 | +[extra] |
| 7 | +toc_not_generate = true |
| 8 | ++++ |
| 9 | + |
| 10 | +Here's a question worth pondering: when is "unmaintained" not actually a problem? |
| 11 | + |
| 12 | +This week, a frustrated developer sparked one of the most honest conversations about Rust's ecosystem maturity I've seen in months. Their concern? Too many crates haven't been touched in years, maintained by solo developers, while competitors like Go have corporate-backed libraries. The community's response revealed something fascinating about how Rust code ages differently. |
| 13 | + |
| 14 | +Meanwhile, Cloudflare is proving that production Rust isn't just ready it's rewriting the rules. They're handling 90 million requests per second with 70% less CPU than nginx. And if you've ever wondered whether choosing between `std::sync::Mutex` and `parking_lot` actually matters, new benchmarks show the performance gap is way more nuanced than "just use parking_lot." |
| 15 | + |
| 16 | +From internet-scale infrastructure to the hidden complexities of diagnostic rendering, this edition dives deep into what it really means to ship Rust in production. |
| 17 | + |
| 18 | +Let's get into it. |
| 19 | + |
| 20 | +# How Cloudflare Handles 90 Million Requests Per Second with Rust |
| 21 | + |
| 22 | +Ever wondered what it takes to handle a quarter of the internet's traffic? In a recent <a href="https://corrode.dev/podcast/s05e03-cloudflare/" target="_blank">Rust in Production podcast episode</a>, Cloudflare engineers Edward Wang and Kevin Guthrie share how they replaced nginx with <a href="https://github.com/cloudflare/pingora" target="_blank">Pingora</a>, their Rust-based HTTP proxy. |
| 23 | + |
| 24 | +The numbers are striking: 90 million requests per second with **70% less CPU** and **67% less memory** compared to their nginx infrastructure. The key? Moving from multi-process to multi-threaded architecture, enabled by Rust's memory safety guarantees. |
| 25 | + |
| 26 | +## Why It Works |
| 27 | + |
| 28 | +nginx's process-based model couldn't share connections efficiently at Cloudflare's scale. Pingora leverages <a href="https://tokio.rs" target="_blank">Tokio</a> for async operations and integrates <a href="https://github.com/rustls/rustls" target="_blank">Rustls</a> for TLS. The result: 5ms faster median TTFB and better resource utilization across hundreds of data centers. |
| 29 | + |
| 30 | +Cloudflare open-sourced <a href="https://github.com/cloudflare/shellflip" target="_blank">shellflip</a> for graceful process restarts and uses <a href="https://github.com/xacrimon/dashmap" target="_blank">DashMap</a> for high-performance concurrent operations. They also built custom tooling for logging and metrics, critical when running Rust at internet scale. |
| 31 | + |
| 32 | +## The Community Impact |
| 33 | + |
| 34 | +While Pingora is a framework requiring code, <a href="https://www.memorysafety.org/blog/introducing-river/" target="_blank">River</a> a collaboration between Prossimo, Cloudflare, Shopify, and Chainguard, aims to be a ready-to-run nginx replacement with load balancing, KDL configuration, and WASM scriptability. |
| 35 | + |
| 36 | +The takeaway? Async Rust handles internet-scale workloads, memory safety enables confident refactoring, and open sourcing core infrastructure elevates the entire ecosystem. If you're building network services in Rust, this <a href="https://corrode.dev/podcast/s05e03-cloudflare/" target="_blank">episode</a> is required listening. |
| 37 | + |
| 38 | + |
| 39 | +# The Secret Behind Rust's Beautiful Error Messages |
| 40 | + |
| 41 | +If you've ever compiled Rust code, you know the feeling: an error message that doesn't just tell you what went wrong, but guides you toward the solution. Those beautifully formatted diagnostics? They're the result of over a decade of intentional design by hundreds of contributors. |
| 42 | + |
| 43 | +And now, that same power is becoming available to everyone. |
| 44 | + |
| 45 | +## From Compiler to Ecosystem |
| 46 | + |
| 47 | +Back in March 2019, <a href="https://github.com/rust-lang/rust/issues/59346" target="_blank">someone proposed</a> extracting the compiler's error formatting into a standalone crate. Enter <a href="https://github.com/rust-lang/annotate-snippets-rs" target="_blank">annotate-snippets</a>, created by Zibi Braniecki (ICU4X, Firefox i18n). Today, <a href="https://rust-lang.github.io/rust-project-goals/2024h2/annotate-snippets.html" target="_blank">rustc is switching to use it by default</a>, a six-year journey coming full circle. |
| 48 | + |
| 49 | +As <a href="https://kobzol.github.io/rust/rustc/2025/05/16/evolution-of-rustc-errors.html" target="_blank">Jakub Beránek documented</a>, those error messages represent "continuous design, implementation, review and testing by hundreds of contributors over ten years." Every colored highlight and helpful arrow required deliberate craft. |
| 50 | + |
| 51 | +Now that capability is packaged as a general-purpose library, already used by ~9,000 projects. The integration work—handling rustc's complex needs, porting thousands of UI tests, fixing bugs has been meticulous, led by Scott Schafer (Muscraft). |
| 52 | + |
| 53 | +## What's Coming |
| 54 | + |
| 55 | +The library supports **Unicode decorations** for even more polished output (try <a href="https://github.com/crate-ci/typos" target="_blank">typos</a> to see it in action). Once it's the standard renderer, the library can evolve independently of compiler releases, and the ecosystem gets consistent, high-quality diagnostics. |
| 56 | + |
| 57 | +You might know <a href="https://github.com/zkat/miette" target="_blank">miette</a>, a full diagnostic framework. annotate-snippets is different it's purely the renderer, but battle-tested by rustc itself. As <a href="https://github.com/oli-obk" target="_blank">oli-obk noted</a>: "use it and get pretty diagnostics instead of rolling your own." |
| 58 | + |
| 59 | +Rust could have shipped "good enough" errors. Instead, the community invested a decade perfecting them. Now that investment multiplies across every tool that adopts <a href="https://github.com/rust-lang/annotate-snippets-rs" target="_blank">annotate-snippets</a>. Build something excellent once, then share it widely. |
| 60 | + |
| 61 | +# The Great Rust Maintenance Debate: When "Unmaintained" Doesn't Mean Broken |
| 62 | + |
| 63 | +A <a href="https://www.reddit.com/r/rust/comments/1fa2k3j/frustrated_by_lack_of_maintained_crates/" target="_blank">heated Reddit discussion</a> sparked honest conversations about what "maintenance" really means. The concern? Too many crates haven't been touched in years, maintained by solo developers, while Go has corporate-backed libraries. Add FFI wrappers around C libraries, and Rust's safety benefits feel like a facade. |
| 64 | + |
| 65 | +But here's the twist: the community pushes back hard. User trailing_zero_count shared <a href="https://crates.io/crates/serde_json_any_key" target="_blank">serde_json_any_key</a>—500K downloads, no updates in 3 years, zero issues. Why update? It's **done**. fxhash went 8 years without changes because its hash algorithm simply didn't need updates. Safe Rust code doesn't rot like other languages. |
| 66 | + |
| 67 | +## The Reality Is More Complex |
| 68 | + |
| 69 | +A <a href="https://00f.net/2025/10/17/state-of-the-rust-ecosystem/" target="_blank">comprehensive October 2025 analysis by Frank Denis</a> reveals the other side: **45.2%** of 200,000+ crates haven't been updated in 2+ years, and **249 abandoned dependencies** exist in the top 1,000 most-downloaded crates. quickcheck: unmaintained 4.8 years, 52 dependents. fxhash? Now officially <a href="https://rustsec.org/advisories/RUSTSEC-2025-0057.html" target="_blank">unmaintained</a>, migrate to rustc-hash. |
| 70 | + |
| 71 | +On FFI wrappers: yes, they depend on C, but battle-tested C libraries have decades of hardening. The Rust wrapper gives *your* application code, the untested part, memory safety guarantees. Even Python's popular libraries wrap C/C++. Pure Rust alternatives like <a href="https://github.com/Eugeny/russh" target="_blank">russh</a> (1.5M downloads) are emerging, just not at enterprise speed. |
| 72 | + |
| 73 | +## Stone Soup Economics |
| 74 | + |
| 75 | +The uncomfortable truth: companies profit from volunteer-maintained open source while contributing little. The solution? "Fork, clone, maintain, push PR during work hours. Not for all crates, just one." |
| 76 | + |
| 77 | +<a href="https://corrode.dev/blog/long-term-rust-maintenance/" target="_blank">Long-term maintenance strategies</a> matter: minimize dependencies, prefer 1.0+ crates, use Dependabot, budget time for upstream contributions. Use Go where it dominates (containerization). Use Rust where it excels (parsing, systems programming, web services). |
| 78 | + |
| 79 | +The debate reflects Rust's adolescence. The language is mature; the ecosystem is maturing. The question isn't whether to use Rust, but whether your organization can participate not just extract. |
| 80 | + |
| 81 | +# Mutex Showdown: When parking_lot Beats std (And When It Doesn't) |
| 82 | + |
| 83 | +Think all mutexes are created equal? A <a href="https://blog.cuongle.dev/p/inside-rusts-std-and-parking-lot-mutexes-who-win" target="_blank">detailed deep-dive by Cuong Le</a> reveals the choice between `std::sync::Mutex` and <a href="https://github.com/Amanieu/parking_lot" target="_blank">parking_lot</a> is more nuanced than "just use parking_lot." |
| 84 | + |
| 85 | +**std wins** by 9% in short-hold scenarios with moderate contention. **parking_lot dominates** elsewhere: 18.5% faster in bursty workloads, 261.6% higher throughput preventing monopolization, and 49x better fairness under heavy contention (3.67ms vs 188.73ms latency variation). |
| 86 | + |
| 87 | +The starvation problem is dramatic: with one aggressive thread, std showed **95.3% variation** in lock acquisitions—some threads barely got the lock. parking_lot: **1.9% variation**. Why? std's futex uses "barging" (any thread grabs the lock), maximizing throughput but causing starvation. parking_lot implements "eventual fairness"—unfair for performance, but forces fair unlocks every ~0.5ms to prevent starvation. |
| 88 | + |
| 89 | +**Use std** for: low-moderate contention, brief critical sections, no dependencies, debugging panics. **Use parking_lot** for: fairness guarantees, monopolization risk, bursty workloads, predictable latency. Performance isn't one-dimensional—sometimes fairness matters more than raw speed. |
| 90 | + |
| 91 | + |
| 92 | +# Snippets |
| 93 | + |
| 94 | +- <a href="https://predr.ag/blog/ghosts-in-the-compilation/" target="_blank">Ghosts in the compilation: debugging cargo-semver-checks build failures that users couldn't reproduce</a> |
| 95 | +- <a href="https://kerkour.com/signal-app-rust" target="_blank">How Signal uses Rust to secure the communications of millions</a> |
| 96 | +- <a href="https://blog.0xshadow.dev/posts/coding-agent-in-rust/coding-agent-in-rust-introduction/" target="_blank">Building a CLI coding agent from scratch in Rust</a> |
| 97 | +- <a href="https://blog.rust-lang.org/2025/10/30/Rust-1.91.0/" target="_blank">Rust Release 1.91.0</a> |
| 98 | + |
| 99 | +--- |
| 100 | + |
| 101 | +{{ include_md(path="snippets/newsletter_call_to_action.md") }} |
0 commit comments