SalesforceShattering AWS’s 250K-IP Ceiling: How Data 360 Reached 1 Million IPs with Zero-Downtime Migration
Read Full ArticleSummary
The article discusses the engineering challenges faced by the Data 360 team at Salesforce in overcoming AWS's 250,000-IP limit through innovative architectural strategies. The team implemented prefix delegation to efficiently manage IP allocation while ensuring zero downtime during migration. Key considerations included navigating Hyperforce's strict architectural constraints and developing custom observability tools to monitor the new IP allocation model. This approach not only allowed for scaling beyond the existing limits but also established a repeatable pattern for future hyperscale workloads.
Key Learnings
- 1Prefix delegation can significantly enhance IP allocation efficiency but requires careful management to avoid fragmentation.
- 2Collaboration with cloud providers and internal teams is crucial for tailoring solutions to specific architectural constraints.
- 3Custom observability tools are essential for monitoring complex migrations and ensuring workload safety.
- 4Architectural constraints can transform scaling challenges into opportunities for innovative solutions.
- 5Establishing a dedicated SFSG for specific expansion requirements can facilitate compliance with existing security and routing models.
Who Should Read This
Senior Cloud Engineers designing scalable architectures for hyperscale data platforms
Test Your Knowledge
What are the trade-offs of using prefix delegation in a live production environment?
How did the team ensure zero downtime during the migration to the new IP allocation model?
What specific architectural constraints posed challenges to scaling Data 360, and how were they addressed?
In what ways did the custom observability model improve the team's ability to manage IP allocations?
Why was collaboration with AWS necessary for implementing prefix delegation within Hyperforce?
Topics
More articles about AWS
Explore AWS engineering →Complexity is a choice. SASE migrations shouldn’t take years.
The article emphasizes the shift in the cybersecurity landscape regarding SASE migrations, arguing that complexity is a choice rather than an inevitability. It showcases how Cloudflare's SASE...
AWS Weekly Roundup: Amazon Connect Health, Bedrock AgentCore Policy, GameDay Europe, and more (March 9, 2026)
The article provides a comprehensive overview of recent updates and launches from AWS, highlighting innovations such as Amazon Connect Health, which offers AI-driven solutions for healthcare, and the...
Native .NET Buildpack Support is Now Available on App Platform
DigitalOcean has announced native .NET buildpack support on its App Platform, enabling developers to deploy .NET applications directly from a Git repository without the need for Dockerfiles. The...
Introducing OpenClaw on Amazon Lightsail to run your autonomous private AI agents
The article introduces OpenClaw, an autonomous private AI agent, now available on Amazon Lightsail. It details the process of launching an OpenClaw instance, which is pre-configured with Amazon...
See risk, fix risk: introducing Remediation in Cloudflare CASB
The article introduces a significant enhancement to Cloudflare's Cloud Access Security Broker (CASB) by launching a Remediation feature that allows users to directly fix risky file-sharing...
More from Salesforce Engineering
View Salesforce engineering blogs →Engineering Platform Trust: Cutting Customer Case Volume 20x with Petabyte-Scale Health Signals
The article details the development of a Technical Health Score system at Salesforce, aimed at quantifying platform trust through analytics pipelines that handle petabytes of telemetry data. By...
How Data 360 Optimized Kubernetes Scheduling Architecture, Delivering 13% Cost Savings
The article discusses how the Data 360 Compute Fabric team at Salesforce optimized Kubernetes scheduling to enhance resource efficiency and reduce costs. By evolving the default kube-scheduler...
Delivering Accurate, Low-Latency Voice-to-Form AI in Real-World Field Conditions
The article explores the development of a hybrid architecture for a voice-to-form AI system used in field service applications. It highlights the integration of on-device speech-to-text capabilities...
Hyperforce Migration at Scale: How Deterministic Automation Replaced Manual Spreadsheets Across 95,000 Organizations
The article outlines the development of the Migration Intake and Processing Service (MIPS) at Salesforce, which automates the migration of over 95,000 organizations to Hyperforce. It highlights the...
Building an AI-Accelerated Compliance Automation Platform for 24x Faster Audits
The article outlines the development of FastTrack, a compliance automation platform by Salesforce, which significantly reduces audit execution time through AI-assisted development and API-based...