Speeding up Bitbucket Cloud with AWS Global Accelerator – and adding some new IP ranges

We're happy to announce that on September 15th, 2020, we will begin gradually enabling a new traffic acceleration improvement for all Bitbucket Cloud users (Free, Standard, and Premium) when accessing Bitbucket.org for Web- or Git-based (ssh/https) operations.

This new improvement leverages AWS Global Accelerator to route traffic to and from Bitbucket Cloud via 83 Points of Presence in 73 cities across 38 countries, potentially dramatically speeding up transaction times. You may read more about how AWS Global Accelerator works on AWS's website.

This change will introduce some IP addresses that may be new to Bitbucket.org users. Please read on if you or your team operate an allowlist, for example, a firewall, access-list, or security group with rules specific to Bitbucket.org.

Performance test results

In tests we conducted we observed an average 20% improvement in full transaction times for web and git operations across most countries, with some locations seeing up to a 140% improvement in throughput!

We want to provide this performance benefit to all of our users.

Example of a git clone operation from Sydney, Australia:

Without AWS Global Accelerator enabled – 46 seconds

  $time git clone ssh://bitbucket.org/mirror/git.git
Cloning into 'git'...
remote: Counting objects: 280584, done.
remote: Compressing objects: 100% (79891/79891), done.
remote: Total 280584 (delta 211721), reused 261894 (delta 198556)
Receiving objects: 100% (280584/280584), 79.53 MiB | 2.94 MiB/s, done.
Resolving deltas: 100% (211721/211721), done.

real	0m46.840s

With AWS Global Accelerator enabled – 29 seconds – ~140% higher throughput and ~40% lower clone time.

  $time git clone ssh://bitbucket.org/mirror/git.git
Cloning into 'git'...
remote: Counting objects: 280584, done.
remote: Compressing objects: 100% (79891/79891), done.
remote: Total 280584 (delta 211718), reused 261894 (delta 198556)
Receiving objects: 100% (280584/280584), 79.64 MiB | 7.06 MiB/s, done.
Resolving deltas: 100% (211718/211718), done.

real	0m29.427s

How will this affect you?

All users will automatically begin enjoying a faster Web and Git experience when using Bitbucket.org as we gradually roll out this improvement. You do not need to do anything to enable it!

There are no changes to the Bitbucket Cloud interface, no changes to product capabilities (such as webhooks) and no changes to git behavior.

Allowlist considerations

If you, your team, or your organization control access to Bitbucket.org with an allowlist, for example, a firewall, access-list, or security group, then you may need to update your configuration.

This new traffic acceleration feature will leverage some IP ranges that are published in our Atlassian Cloud Documentation: Atlassian Cloud IP ranges (specifically in this list) but may be new to Bitbucket Cloud users following this guide: Bitbucket Cloud – What are the IP addresses to configure a corporate firewall? – which has been updated to include the new IP ranges.

Existing ranges will continue to operate for some time, so please don't remove them. We're just adding some new ones!  

New list from September 15th onward – with broad IP ranges.

We encourage users to allowlist these ranges if policy allows. They will provide the greatest coverage of any future improvements – such as rollouts of Bitbucket Cloud to more geographical regions, which will further improve performance.

  • 18.205.93.0/25 – Bitbucket us-east-1 (existing)
  • 18.234.32.128/25 – Atlassian Edge us-east-1 (existing)
  • 13.52.5.0/25 – Atlassian Edge and Bitbucket us-west-1 (existing)
  • 104.192.136.0/21 – Atlassian ARIN PI space (new to Bitbucket)
  • 185.166.140.0/22 – Atlassian RIPE PI Space (new to Bitbucket)

Subset list with additions specific to the upcoming September 15th change.

Use this list if policy prevents you from allowlisting the broader IP ranges mentioned above. Note that when we begin providing Atlassian Cloud services such as Bitbucket Cloud from more geographical locations, you may need to perform additional, future allowlist updates. We will communicate any upcoming changes to allow plenty of time for you to make any necessary updates.

  • 18.205.93.0/25 – Bitbucket us-east-1 (existing)
  • 18.234.32.128/25 – Atlassian Edge us-east-1 (existing)
  • 13.52.5.0/25 – Atlassian Edge and Bitbucket us-west-1 (existing)
  • 104.192.138.0/24 – Atlassian Edge and Bitbucket us-west-1 (new to Bitbucket)
  • 104.192.141.0/24 – Global Accelerator Atlassian Edge and Bitbucket (new to Bitbucket)
  • 104.192.142.0/24 – Atlassian Edge and Bitbucket us-east-1 (new to Bitbucket)

Note: Webhooks IPs will remain unchanged as per https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/

We’ll let you know about any future changes, but keep an eye on the following:

SSH considerations

Our server’s SSH key is not changing, so most SSH clients will continue to work without interruption. However, a small number of users may see a warning similar to this when they push or pull over SSH:

  Warning: the RSA host key for 'bitbucket.org' differs from the key for the IP address '18.205.93.1'

The warning message will also tell you which lines in your ~/.ssh/known_hosts need to be change. Open that file in a text editor, remove or comment out those lines, and then retry your push or pull.

Additional resources