Real time event streams with Cloudflare Durable Objects, the missing tutorial
Edge-Native Real-Time Event Distribution with Cloudflare Durable Objects
Current Situation Analysis
Building low-latency, real-time event distribution pipelines on the edge traditionally forces engineering teams into a binary choice: integrate a managed third-party service like Pusher or Ably, or stand up a self-hosted message broker. Both paths introduce external dependencies, unpredictable egress pricing, and operational overhead that contradicts the serverless promise. Managed services abstract away connection management but lock you into vendor pricing tiers and add network hops that inflate latency. Self-hosted brokers require provisioning, scaling, and monitoring infrastructure that defeats the purpose of edge compute.
Cloudflare Durable Objects provide a native, stateful primitive that eliminates this trade-off, yet they remain underutilized for real-time pub/sub patterns. The primary reason is architectural ambiguity. The official documentation accurately describes the API surface but lacks prescriptive guidance for connection lifecycle management, tenant isolation, and state separation. Developers frequently misinterpret the single-threaded execution model as a scaling limitation rather than a routing constraint, leading to bottlenecked global instances or over-engineered state machines.
The reality is that Durable Objects excel at real-time distribution when treated as deterministic routing hubs rather than application databases. Benchmarks from production deployments consistently show end-to-end latency under 100ms from event ingestion to client delivery. The Durable Object itself contributes only 5β10ms of processing overhead, with the remainder attributed to network propagation and WebSocket framing. By isolating connections per logical entity and offloading persistence to external storage, teams achieve horizontal scaling without cross-region coordination, keeping compute costs predictable while eliminating third-party subscription fees.
WOW Moment: Key Findings
The architectural breakthrough lies in recognizing that Durable Objects scale horizontally by tenant, not by request volume. A single global instance becomes a serialization bottleneck under load, while a per-entity routing pattern distributes connection state across the edge network deterministically. This shifts the scaling model from vertical concurrency limits to linear tenant expansion.
| Approach | End-to-End Latency | Operational Cost Model | Scalability Pattern | Reconnection Handling |
|---|---|---|---|---|
| Third-Party Broker | 120β250ms | Per-connection/month + egress | Managed, opaque | Built-in replay buffers |
| Single Global Durable Object | 45β80ms | Low compute, high memory pressure | Vertical bottleneck | Manual implementation required |
| Per-Entity Durable Object | 85β100ms | Predictable, linear with tenants | Horizontal, deterministic | External buffer or acceptable loss |
This finding matters because it enables a serverless-native distribution pattern that aligns with multi-tenant architectures. Each logical unit (site, device, session, or organization) owns its connection state, preventing noisy-neighbor degradation. The deterministic routing via idFromName guarantees that reconnecting clients always land on the same instance, simplifying session continuity. For analytics, telemetry, or monitoring dashboards, this pattern delivers sub-100ms delivery without external dependencies or complex orchestration.
Core Solution
The implementation rests on four architectural decisions: deterministic tenant routing, stateless fanout execution, explicit connection lifecycle management, and strict separation of distribution from persistence. Each decision addresses a specific failure mode common in edge-native real-time systems.
Step 1: Define the Routing Strategy
Durable Objects are single-threaded by design. This constraint is not a limitation; it is a guarantee of consistency. To avoid serialization bottlenecks, route each logical entity to its own instance using idFromName. This ensures that all events for a given tenant traverse the same execution context, while different tenants operate in parallel across the edge network.
// worker.ts
import { Env } from './types';
export default {
async fetch(request: Request, env: Env): Promise<Response> {
if (request.method !== 'POST') {
return new Response('Method not allowed', { status: 405 });
}
const payload = await request.json<{ tenantId: string; payload: unknown }>();
const { tenantId, payload: eventData } = payload;
const objectId = env.TENANT_BROADCAST.idFromName(tenantId);
const stub = env.TENANT_BROADCAST.get(objectId);
const response = await stub.fetch(new Request('https://internal.fanout', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(eventData),
}));
return new Response('accepted', { status: 202 });
},
};
Why this works: The ingest worker acts as a stateless router. It extracts the tenant identifier, resolves the deterministic object ID, and forwards the payload. No connection state lives here. This keeps the worker lightweight, cacheable, and immune to memory leaks.
Step 2: Implement the Distribution Hub
The Durable Object manages WebSocket handshakes, tracks active connections, and broadcasts incoming payloads. It must never store historical data or perform aggregation. Its sole responsibility is real-time delivery.
// broadcast-hub.ts
import { DurableObject } from 'cloudflare:workers';
interface ConnectionMeta {
socket: WebSocket;
lastPing: number;
}
export class TenantBroadcastHub extends DurableObject {
private activeConnections: Map<string, ConnectionMeta> = new Map();
private cleanupInterval: ReturnType<typeof setInterval> | null = null;
constructor(state: DurableObjectState, env: Env) {
super(state, env);
this.startConnectionMonitor();
}
async fetch(request: Request): Promise<Response> {
const url = new URL(request.url);
if (url.pathname === '/ws' && request.headers.get('Upgrade')?.toLowerCase() === 'websocket') {
return this.handleHandshake(request);
}
if (url.pathname === '/fanout' && request.method === 'POST') {
return this.handleBroadcast(request);
}
return new Response('Not found', { status: 404 });
}
private handleHandshake(request: Request): Response {
const pair = new WebSocketPair();
const [clientSocket, serverSocket] = Object.values(pair);
serverSocket.accept();
const connectionId = crypto.randomUUID();
this.activeConnections.set(connectionId, {
socket: serverSocket,
lastPing: Date.now(),
});
serverSocket.addEventListener('close', () => {
this.activeConnections.delete(connectionId);
});
serverSocket.addEventListener('error', () => {
this.activeConnections.delete(connectionId);
});
return new Response(null, { status: 101, webSocket: clientSocket });
}
private async handleBroadcast(request: Request): Promise<Response> {
const message = await request.text();
const deadConnections: string[] = [];
for (const [id, meta] of this.activeConnections) {
try {
meta.socket.send(message);
} catch {
deadConnections.push(id);
}
}
deadConnections.forEach(id => this.activeConnections.delete(id));
return new Response('broadcasted', { status: 200 });
}
private startConnectionMonitor(): void {
this.cleanupInterval = setInterval(() => {
const now = Date.now();
for (const [id, meta] of this.activeConnections) {
if (now - meta.lastPing > 30000) {
meta.socket.close(1000, 'heartbeat timeout');
this.activeConnections.delete(id);
}
}
}, 10000);
}
async alarm(): Promise<void> {
// Durable Objects support scheduled alarms for periodic cleanup
this.startConnectionMonitor();
}
}
Why this works:
MapreplacesSetto attach metadata (last heartbeat timestamp) without external lookups.- Explicit
closeanderrorlisteners prevent silent socket leaks. - The broadcast loop catches send failures and defers cleanup to avoid mutating the collection during iteration.
- A background monitor enforces heartbeat timeouts, preventing stale connections from consuming memory.
- The
alarm()hook leverages Durable Object scheduling for periodic maintenance without external cron services.
Step 3: Separate Distribution from Persistence
Real-time delivery and historical storage serve different consistency models. The Durable Object should never block on database writes. Instead, route persisted events through a separate worker that writes to D1 or R2 asynchronously.
// persistence-worker.ts
export default {
async fetch(request: Request, env: Env): Promise<Response> {
const event = await request.json();
// Route to D1 for structured queries or R2 for archival
await env.ANALYTICS_DB.prepare(
'INSERT INTO event_log (tenant_id, payload, received_at) VALUES (?, ?, ?)'
).bind(event.tenantId, JSON.stringify(event.data), new Date().toISOString()).run();
return new Response('stored', { status: 201 });
},
};
Why this works: Decoupling fanout from storage eliminates backpressure. The distribution hub remains fast and predictable, while persistence operates on its own timeline. This pattern also enables independent scaling: if storage writes slow down, real-time delivery continues unaffected.
Pitfall Guide
1. The Monolithic State Trap
Explanation: Developers frequently attempt to combine real-time fanout with metric aggregation, session tracking, or rate limiting inside the same Durable Object. This creates a complex state machine where a single bug can disrupt both live delivery and historical processing. Fix: Enforce strict separation of concerns. The Durable Object handles only connection management and broadcast. Offload aggregation, caching, and business logic to separate workers or external services.
2. Silent Socket Leaks
Explanation: When a client disconnects abruptly (network drop, tab close), the WebSocket enters a half-closed state. Without explicit close and error listeners, the Durable Object retains the reference indefinitely, consuming memory and attempting to send to dead connections.
Fix: Always register lifecycle listeners during handshake. Pair them with a periodic cleanup routine that validates connection health via heartbeat or send failure detection.
3. Memory Bloat via In-Object Caching
Explanation: Durable Objects provide durable storage, but they are not designed for high-throughput caching or large payload retention. Attempting to buffer hundreds of events inside the object triggers memory pressure, leading to evictions or degraded performance. Fix: Treat the Durable Object as stateless except for active connections. Persist historical data to D1, R2, or external queues. If replay is required, implement a lightweight external buffer with TTL-based expiration.
4. The Global Bottleneck Fallacy
Explanation: Using a single Durable Object for all tenants forces sequential processing of every event. Under load, this creates a serialization bottleneck that increases latency and defeats horizontal scaling.
Fix: Use idFromName to route each logical entity to its own instance. This distributes connection state across the edge network and ensures that noisy tenants do not impact quiet ones.
5. Reconnection Blind Spots
Explanation: Durable Objects do not maintain event history. If a client disconnects for 3 seconds, it misses all broadcasts during that window. This is acceptable for telemetry but unacceptable for collaborative editing or chat. Fix: For use cases requiring continuity, implement a separate replay service that stores recent events in a fast key-value store (e.g., D1 with TTL or external Redis). Clients request a catch-up window upon reconnect.
6. Unbounded Fanout Loops
Explanation: Iterating over thousands of connections synchronously can block the single-threaded event loop, delaying subsequent broadcasts and increasing latency.
Fix: Batch sends where possible, use try/catch to isolate failures, and consider chunking large connection sets across multiple micro-tasks if the platform supports it. Monitor iteration duration and alert on anomalies.
7. Missing Heartbeat/Keepalive
Explanation: WebSocket connections can appear open while the underlying TCP socket is dead. Without periodic pings, the Durable Object cannot distinguish active clients from stale ones.
Fix: Implement a lightweight heartbeat protocol. Send PING frames every 15β30 seconds and close connections that fail to respond within a grace period. Track last-ping timestamps in connection metadata.
Production Bundle
Action Checklist
- Define tenant routing strategy: Use
idFromNameto map logical entities to deterministic Durable Object instances. - Implement explicit lifecycle listeners: Register
closeanderrorhandlers during WebSocket handshake to prevent socket leaks. - Separate fanout from persistence: Route real-time delivery through the Durable Object and historical storage through a dedicated worker.
- Add heartbeat monitoring: Track last-ping timestamps and close stale connections automatically.
- Isolate broadcast failures: Catch send errors during iteration and defer cleanup to avoid collection mutation.
- Validate memory boundaries: Never cache historical events inside the Durable Object; offload to D1/R2.
- Test reconnection scenarios: Verify client behavior during network drops and implement external replay if continuity is required.
- Monitor iteration latency: Alert on broadcast loop duration exceeding 50ms to detect connection bloat.
Decision Matrix
| Scenario | Recommended Approach | Why | Cost Impact |
|---|---|---|---|
| Analytics dashboards, telemetry, monitoring | Per-Entity Durable Object | Accepts brief disconnect gaps; prioritizes low latency and predictable compute | Low, scales linearly with tenant count |
| Collaborative editing, live chat, gaming | External message broker + Durable Object routing | Requires guaranteed delivery and replay buffers | Moderate, adds third-party or custom replay service cost |
| High-frequency trading, financial feeds | Dedicated WebSocket gateway + Durable Object state sync | Sub-10ms latency required; Durable Object adds unacceptable overhead | High, requires specialized infrastructure |
| Internal tooling, admin panels, low-traffic apps | Single global Durable Object | Simplifies deployment; connection count remains low | Minimal, but risks bottleneck under unexpected load |
Configuration Template
# wrangler.toml
name = "edge-event-distributor"
main = "src/worker.ts"
compatibility_date = "2024-06-01"
[durable_objects]
bindings = [
{ name = "TENANT_BROADCAST", class_name = "TenantBroadcastHub" }
]
[[d1_databases]]
binding = "ANALYTICS_DB"
database_name = "event_store"
database_id = "your-d1-id"
[vars]
ENVIRONMENT = "production"
HEARTBEAT_INTERVAL_MS = 15000
STALE_CONNECTION_THRESHOLD_MS = 30000
Quick Start Guide
- Initialize the project: Run
npm create cloudflare@latest edge-distributor -- --type=tsand select Durable Objects support during setup. - Define the binding: Add the
durable_objectsbinding towrangler.tomlpointing to your hub class. Runnpx wrangler d1 create event_storeto provision storage. - Deploy the routing layer: Write the ingest worker to resolve
idFromNameand forward payloads. Test withcurl -X POST http://localhost:8787 -d '{"tenantId":"alpha","data":"test"}'. - Connect a client: Open a WebSocket to
wss://your-worker.workers.dev/wsand verify broadcast delivery by sending a POST to/fanout. - Attach persistence: Create a separate worker that receives the same payload and writes to D1. Validate that real-time delivery completes before storage confirmation.
Mid-Year Sale β Unlock Full Article
Base plan from just $4.99/mo or $49/yr
Sign in to read the full article and unlock all tutorials.
Sign In / Register β Start Free Trial7-day free trial Β· Cancel anytime Β· 30-day money-back