Skip to Content

How Cloudflare’s BYOIP Outage Occurred and the Steps to Prevent Future Incidents

21 February 2026 by
Suraj Barman

Definition

The February 20 2026 Cloudflare incident involved an unintended withdrawal of ~1,100 BYOIP prefixes caused by a mis‑configured automation task in the Addressing API, leading to BGP advertisement failures and service disruptions.

Root Cause Analysis

The failure originated from a bug in a cleanup sub‑task that mis‑interpreted an empty pending_delete flag, causing all BYOIP prefixes to be marked for deletion.

  • Automation task queried /v1/prefixes?pending_delete without a value.
  • API treated the empty string as a request for all prefixes.
  • All retrieved prefixes were queued for removal, triggering mass withdrawal.
  • Lack of staging data that mirrored production amplified the impact.
  • Insufficient test coverage for autonomous sub‑task execution.

Impact Overview

Approximately 25% of BYOIP prefixes were withdrawn, affecting customer services and the 1.1.1.1 resolver UI.

  • ~1,100 prefixes withdrawn from a total of 6,500 advertised.
  • Customers experienced BGP path hunting and connection timeouts.
  • 1.1.1.1 web interface returned HTTP 403 errors; DNS resolution remained functional.
  • ~300 prefixes required manual restoration due to missing service bindings.
  • Latency spikes observed during partial re‑advertisement.

Remediation Actions Taken

Engineers acted quickly to stop the faulty task and restore service.

  • Reverted the offending configuration change within minutes.
  • Manually re‑advertised prefixes via the dashboard for customers able to self‑remediate.
  • Executed a global configuration update to restore missing service bindings.
  • Completed full restoration of all prefixes by 23:03 UTC.
  • Published guidance for customers to toggle their BYOIP advertisements.

Preventive Measures and Future Roadmap

Cloudflare’s “Code Orange: Fail Small” initiative drives systematic improvements.

  • Standardize API schemas (e.g., enforce boolean flags for pending_delete).
  • Introduce health‑mediated deployment pipelines with automatic rollback.
  • Implement snapshot‑based configuration staging to isolate production changes.
  • Deploy circuit‑breaker monitoring that halts rapid BGP prefix withdrawals.
  • Expand automated testing to cover autonomous sub‑task execution paths.

Lessons Learned for BYOIP Operations

Key takeaways guide future BYOIP handling and broader network reliability.

  • Never rely solely on production‑mirroring data for safety‑critical tests.
  • Separate customer‑driven API changes from internal automation workflows.
  • Require explicit validation of query parameters before batch processing.
  • Maintain real‑time observability of BGP advertisement state.
  • Document and rehearse manual recovery procedures for edge‑case failures.

For deeper insight into secure network design, see Zero‑Trust Architecture. Additional context on AI‑driven operational risk is covered in AI Adoption in Business. Understanding BGP fundamentals helps grasp the routing impact: Border Gateway Protocol.