Routing System Design
4.1 DNS and Endpoint Strategy
┌─────────────────────────────────────────────────────────────────┐
│ DNS STRUCTURE │
│ │
│ *.workloads.computearbitrage.com │
│ │ │
│ ├── HTTP: {workload-id}.workloads.computearbitrage.com │
│ │ Points to Cloudflare Workers │
│ │ │
│ └── TCP: tcp-{workload-id}.workloads.computearbitrage.com │
│ Points to Spectrum application │
│ │
│ api.computearbitrage.com │
│ └── Control plane API (Workers) │
│ │
│ console.computearbitrage.com │
│ └── Web console (Workers + Assets) │
└─────────────────────────────────────────────────────────────────┘4.2 HTTP Routing Flow
┌──────────┐ ┌─────────────────┐ ┌──────────────┐ ┌─────────────┐
│ Client │────▶│ Cloudflare Edge │────▶│ HTTP Router │────▶│ Workload │
│ │ │ (Anycast) │ │ (Worker) │ │ Instance │
└──────────┘ └─────────────────┘ └──────────────┘ └─────────────┘
│
▼
┌──────────────┐
│ KV Lookup │
│ (endpoint) │
└──────────────┘Request Flow:
- Client makes request to
{workload-id}.workloads.computearbitrage.com - DNS resolves to nearest Cloudflare edge (anycast)
- HTTP Router Worker intercepts request
- Worker extracts workload ID from subdomain
- Worker validates JWT token from
Authorizationheader - Worker looks up current endpoint in KV:
workload:{id}:endpoint - Worker forwards request to actual workload instance
- Response returned to client with latency <50ms added
4.3 TCP Routing Flow
┌──────────┐ ┌─────────────────┐ ┌──────────────┐ ┌─────────────┐
│ Client │────▶│ Spectrum │────▶│ Connection │────▶│ Workload │
│ (TCP) │ │ (L4 Proxy) │ │ Manager │ │ Instance │
└──────────┘ └─────────────────┘ │ (DO) │ └─────────────┘
└──────────────┘Connection Flow:
- Client opens TCP connection to
tcp-{workload-id}.workloads.computearbitrage.com:PORT - Cloudflare Spectrum terminates connection at edge
- Spectrum forwards connection metadata to Connection Manager Durable Object
- DO looks up backend endpoint and validates token (passed in initial handshake)
- DO returns backend endpoint to Spectrum
- Spectrum proxies TCP traffic to workload instance
- Connection state tracked in DO for graceful handling of backend changes
4.4 Routing Table Updates
When workload infrastructure changes (new instance, migration, etc.):
// routing-updater/src/index.ts
async function updateRouting(workloadId: string, newEndpoint: string): Promise<void> {
// 1. Update KV (propagates globally in <60s, usually <1s)
await env.ROUTING_KV.put(`workload:${workloadId}:endpoint`, newEndpoint);
// 2. Update D1 for consistency
await env.DB.prepare(`
UPDATE workload_routing SET endpoint = ?, updated_at = ? WHERE workload_id = ?
`).bind(newEndpoint, Date.now(), workloadId).run();
// 3. Notify active TCP connections via Durable Object
const connectionManager = env.CONNECTION_MANAGER.get(
env.CONNECTION_MANAGER.idFromName(workloadId)
);
await connectionManager.notifyBackendChange(newEndpoint);
// 4. Publish event to Queue for audit/analytics
await env.EVENTS_QUEUE.send({
type: 'ROUTING_UPDATED',
workloadId,
newEndpoint,
timestamp: Date.now(),
});
}