Millions of websites and services experienced connection issues on November 18, 2025, at 06:58 UTC, primarily due to an internal error from the network infrastructure provider Cloudflare. The company later that day released a complete accident report, providing transparency on how this technical failure occurred, how it was handled, and future preventive measures.
Incident Erupts: Global Services Disrupted
The Cloudflare outage on November 18 occurred at 06:58 UTC (approximately 2 PM Taiwan time), affecting many websites using Cloudflare's CDN and DNS services, including large commercial platforms, news media, and web applications, which were inaccessible. This disruption lasted nearly 40 minutes, causing some regions' websites to be completely unresponsive, and users were unable to interact smoothly with backend servers through APIs.
The company pointed out that this incident was a network-layer disruption affecting its global service infrastructure, rather than a problem with a single data center or region.
Root cause of the issue: BGP configuration error caused disaster
Cloudflare further explained that this disruption was caused by an error in the Border Gateway Protocol (BGP) configuration changes. BGP is one of the core protocols that control internet traffic, used to inform global networks how to route to a specific destination.
The original purpose was to update the internal routing broadcast policy to improve infrastructure efficiency, but due to a manual push of erroneous settings, certain Cloudflare IP prefixes could no longer be accessed via BGP by other ISPs, effectively 'disappearing' these services' routing paths on the internet.
This error was not detected in real-time by the internal automation deployment tools, and thus was widely pushed to multiple regions before the effects became apparent.
Initiate emergency recovery: quickly revoke erroneous settings
Cloudflare's engineering team detected anomalies within minutes of the incident and initiated emergency recovery procedures. They began to revoke the erroneous BGP policy settings around UTC 07:15 and completed the restoration by UTC 07:28, with most services returning to normal operation at that time.
Overall, this disruption lasted for about 30 to 40 minutes, and according to the timeline provided by Cloudflare, services were fully restored by UTC 07:28.
Why did the automation and protection mechanisms fail to prevent the issue?
Cloudflare admitted that this error revealed room for improvement in their internal deployment processes. The original automation process had a 'safety mechanism' to prevent erroneous BGP broadcasts, but this update was implemented at a lower level of system settings and was not included in that protective range.
Additionally, this change was originally intended to apply only to specific experimental network segments, but it unexpectedly affected the main production environment range. They have begun to revise the scope definition of the deployment system and enhance the automatic detection capability for erroneous policies.
Cloudflare commits to future improvements
Cloudflare stated that it will take the following measures to prevent similar incidents from occurring again:
Strengthen the verification mechanism for BGP-related settings to avoid unexpected route broadcasts;
Clearly distinguish permissions for testing and production environment settings;
Increase the automated alert system to respond to abnormal network traffic in seconds;
Strengthen monitoring of internal change audits and manual operation processes.
The company also emphasized that they will continue to enhance transparency, and in the event of any future failures, they will quickly disclose related information to maintain user trust.
The responsibilities and challenges of internet giants
As one of the largest global network infrastructure providers, Cloudflare's service scope includes key network components such as CDN, DNS, network security, and DDoS protection. A single BGP configuration error can lead to a global 'digital blackout.' Although this incident was handled quickly, it still highlights the risks and challenges posed by the highly centralized nature of internet infrastructure.
This article, Cloudflare's global 'digital blackout': The official report reveals details of the failure on November 18, first appeared in Chain News ABMedia.
