In September 2025, a Cloudflare engineering team faced a critical error related to two internal microservices struggling to communicate due to an HTTP/2 mitigation issue, specifically a PING flood attack. The blog post explores the complexities of HTTP/2, a protocol with powerful features that can be easily misused, leading to denial-of-service risks. Cloudflare's defenses, including the use of the error code ENHANCE_YOUR_CALM, aim to mitigate these risks by closing potentially malicious connections. The team discovered that excessive PINGs and RST_STREAM frames were being sent due to a bug in Go's standard library, highlighting the importance of reading response bodies in full to avoid unnecessary frame transmissions. The incident underscored the benefits of using Cloudflare's own infrastructure for internal services, allowing the team to identify and resolve such issues, thereby enhancing system security and reliability for both internal and external users.