Loading
This summary is created by Generative AI and may differ from the actual content.
On February 20, 2026, Cloudflare experienced a 6-hour, 7-minute service outage affecting a subset of Bring Your Own IP (BYOIP) customers. A change in how Cloudflare's network managed BYOIP addresses unintentionally caused the withdrawal of customer prefixes via BGP, making their services and applications unreachable. Approximately 1,100 BYOIP prefixes were withdrawn. Cloudflare engineers reverted the impacting change, and some customers self-remediated by re-advertising their IP addresses via the dashboard. Cloudflare restored 800 prefixes by reverting advertisement changes and manually restored approximately 300 prefixes where service configurations were removed due to a software bug.
The incident lasted 6 hours and 7 minutes, resulting in approximately 1,100 (25%) of Cloudflare's BYOIP prefixes being withdrawn. Impacted customers experienced BGP Path Hunting, leading to connection timeouts and failures for services using BYOIP, including Core CDN and Security Services, Spectrum, Dedicated Egress, and Magic Transit. The website for Cloudflare's recursive DNS resolver (1.1.1.1) displayed HTTP 403 errors, though DNS resolution itself was unaffected. Some customers faced increased latency and failures even after IP addresses were advertised due to removed addressing settings from edge servers, preventing self-restoration via the dashboard.
The incident was triggered by a new sub-task, part of the 'Code Orange: Fail Small' initiative, designed to automate the removal of BYOIP prefixes. This sub-task was intended to replace a manual process for customer-initiated prefix removal.
Cloudflare became aware of the incident at 18:13 UTC due to failures observed on one.one.one.one. An internal incident was declared at 18:18 UTC, and the Addressing API engineering team was paged at 18:21 UTC to begin debugging.
Cloudflare engineers reverted the configuration change that initiated the prefix withdrawals. The faulty sub-process was identified and terminated at 18:46 UTC, and its regular execution was disabled. Mitigation efforts began at 19:11 UTC. Customers were advised at 19:19 UTC to self-remediate by re-advertising their prefixes via the Cloudflare dashboard. Cloudflare restored 800 prefixes by reverting advertisement changes around 20:20 UTC. For approximately 300 prefixes where service bindings were removed due to a software bug, Cloudflare engineers manually restored them via a global configuration update, completing the full resolution at 23:03 UTC.
The root cause was a bug in a new cleanup sub-task within the Addressing API. The sub-task's API query for 'pending_delete' prefixes was malformed, passing an empty string as a value. The API server's implementation incorrectly interpreted this empty string as a request for *all* BYOIP prefixes, leading the system to queue all returned prefixes for deletion. This caused the sub-task to systematically delete all BYOIP prefixes and their associated service bindings. Contributing factors included insufficient data in the staging environment for testing this specific scenario and incomplete test coverage for independent task-runner service execution without explicit user input. Additionally, the absence of a production-ready system for quick, health-mediated rollbacks of operational state snapshots prolonged recovery.