Five ways to make your CDN work harder for you
Most distributors of online content use a Content Delivery Network (CDN) as part of their delivery. Traditional benefits range from faster and secure delivery to tight integration with modern content management systems. Log files are helpful for billing and overall status. Some use CDNs for subscriber authentication as well. There are many more well-documented reasons to make a CDN part of your distribution. In this blog post we examine some lesser-known rationales to help you scale and improve your business. Specifically, we will look at:
Next-level caching
Content optimization
Comprehensive security
Using the edge to scale
Visibility-driven decision-making
Next-level caching
CDNs typically cache fairly simple stuff: images, JavaScript, CSS, and other components that comprise a web page, all of which lend themselves well to caching as they don’t change much — if at all. You’re basically sending no-logic items through a pipe. You can choose to cache the content forever, which will give you some wins like reduced cloud spend and reduced egress cost.
However, a lot of content is much more cacheable than you might think: HTML pages, API routes, GraphQL queries — things or objects typically referred to as being event-driven. Think about episode and show listings, user preferences, video manifests, and API responses: these all stay the same until something — an event — changes. You can probably cache it if it's querying a database or some sort of abstraction layer, like an API. The reason is that most modern CDNs allow you to purge content off the network fairly quickly. In other words, instead of assigning a time-to-live (TTL) of 30 minutes and then going back and repeatedly re-validating, which will tie up resources at your origin, you can cache it “forever” or rather until you let it expire.
Caching more will help drive down costs, particularly for compute-heavy workloads, such as database queries. This is because you're caching data at the edge rather than at the origin.
Such a strategy results in consistent and global performance improvements. Modern CDNs can even help with truly dynamic or completely uncachable content or web page elements. Using a CDN can move TLS connections closer to the end-user so that connections start much quicker. It can keep TCP connections to your origin open and hot, eliminating resources spent on setting them up and tearing them down.
Optimization of content
Much of what you're optimizing at your origin or the application layer can probably be optimized at the network edge. Let’s take image optimization, a feature of the Fastly edge cloud platform. Optimized images will reduce your storage and compute cost. The benefits are many, but one use case is updating and refreshing the UI without having to re-process every image needed. Also, you can instantly take advantage of new file formats, such as WebP or AVIF, without large engineering efforts of having to retool your application.
Compressing HTML, CSS, and JavaScript files allows you to save compute cycles and engineering resources by letting your CDN handle the packing and unpacking. Further, it allows you to take advantage of new compression algorithms such as Brotli as soon as they come out. All it takes is a bit of code at the edge.
Comprehensive security
CDNs are a great place to implement and enforce security. They are massive in size and designed to take incredible traffic spikes, both legitimate — e.g., large crowds of viewers at live sports events — and malicious DDoS attacks. CDNs are great at hiding where your true origin or application lives, helping reduce the attack area for hackers to actually get in. You can set up IP restrictions and private network interconnects to restrict access only to your application.
Content distributors must consider protecting against huge volumetric DDoS attacks and smaller targeted attacks such as account takeover, credential stuffing, and credit card fraud. It seems the list gets longer every day. DDoS attacks are already happening at multi-terabit scale, which is more than most applications were ever built or should need to be able to handle.
CDNs are excellent at blocking huge volumetric attacks. Protecting against user behavior and emerging threats requires a more nuanced approach. The WAF offering of most CDNs can help with this. In fact, CDNs are a great place to do all things security. For example, dropping everything that's not layer seven non-HTTP or non-HTTPS traffic at the edge gives you substantial protection right out of the box.
Your CDN can inspect, detect, and block attacks before they reach your application. Features such as rate-limiting allow legitimate users to enjoy your app while attackers are blocked at the edge. Enforcing security policies at the edge saves time, increases performance, and reduces the load on your core applications. From token authentication to virtual patching, the edge is the ideal place to detect and block malicious traffic before it reaches your valuable data and applications.
Edge Computing
Although they vary and run differently, many CDNs have edge compute capabilities today. Some are WebAssembly, some are Docker, and yet some are other forms of virtual sandboxes. They've got different feature sets, cost models, and languages they support. And because they can run a multitude of things, edge compute becomes a great place to build and scale your microservices.
With this in mind, you should push your authentication out to the edge, close to the user, away from the application. You can customize or have featured content based on geography, device type, or other characterization. You can even personalize the experience of every single user at the edge and perform experiments such as complex A/B testing. And when you've got new tech such as WebAssembly running on the edge, you can run all of these in a secure performant sandbox environment. This allows engineers to build applications in the languages they prefer, whether JavaScript, Golang, Rust, or any language that enables better developer productivity, better products, and job satisfaction!
Visibility
Lastly, let’s talk about visibility. Your CDN inherently has tons of data. And then some! Logs and statistics can help improve day-to-day operations, particularly if they're available in real-time. (You should expect real-time, as it’s the only way you can see and react to global incidents or localized issues.)
You can analyze historical data to make better architectural decisions for future build-out and improvements. When running experiments, you can use the log data to see if your outcomes were correct or if you should take a different path.
CDN logs can help reduce costs by enabling you to identify areas where your caching or optimization strategies are subpar. They can help you detect new and effective ways that people are trying to misuse and abuse your applications so that you can make informed decisions. And real-time logs help remediate outages and eliminate costly downtime that prevents customers from using your web apps. Keeping your apps available also builds your brand reputation.
As we wrap up, we find it a prudent reminder that CDNs have dedicated teams of network engineers, automated tools, and redundant networks. CDNs can optimize routes and protect against things like internet weather, DDoS attacks, costly outages, and downtime, all resulting in a better experience for you and your visitors.
You can watch Chris’ Content Delivery Summit 2022 talk on these topics in full here
