Five ways to make your CDN work harder for you
Most distributors of online content use a Content Delivery Network (CDN) as part of their delivery. Traditional benefits range from faster and secure delivery to tight integration with modern content management systems. Log files are helpful for billing and overall status. Some use CDNs for subscriber authentication as well. There are many more well-documented reasons to make a CDN part of your distribution. In this blog post we examine some lesser-known rationales to help you scale and improve your business. Specifically, we will look at:
Using the edge to scale
However, a lot of content is much more cacheable than you might think: HTML pages, API routes, GraphQL queries — things or objects typically referred to as being event-driven. Think about episode and show listings, user preferences, video manifests, and API responses: these all stay the same until something — an event — changes. You can probably cache it if it's querying a database or some sort of abstraction layer, like an API. The reason is that most modern CDNs allow you to purge content off the network fairly quickly. In other words, instead of assigning a time-to-live (TTL) of 30 minutes and then going back and repeatedly re-validating, which will tie up resources at your origin, you can cache it “forever” or rather until you let it expire.
Caching more will help drive down costs, particularly for compute-heavy workloads, such as database queries. This is because you're caching data at the edge rather than at the origin.
Such a strategy results in consistent and global performance improvements. Modern CDNs can even help with truly dynamic or completely uncachable content or web page elements. Using a CDN can move TLS connections closer to the end-user so that connections start much quicker. It can keep TCP connections to your origin open and hot, eliminating resources spent on setting them up and tearing them down.
Optimization of content
Much of what you're optimizing at your origin or the application layer can probably be optimized at the network edge. Let’s take image optimization, a feature of the Fastly edge cloud platform. Optimized images will reduce your storage and compute cost. The benefits are many, but one use case is updating and refreshing the UI without having to re-process every image needed. Also, you can instantly take advantage of new file formats, such as WebP or AVIF, without large engineering efforts of having to retool your application.
CDNs are a great place to implement and enforce security. They are massive in size and designed to take incredible traffic spikes, both legitimate — e.g., large crowds of viewers at live sports events — and malicious DDoS attacks. CDNs are great at hiding where your true origin or application lives, helping reduce the attack area for hackers to actually get in. You can set up IP restrictions and private network interconnects to restrict access only to your application.
Content distributors must consider protecting against huge volumetric DDoS attacks and smaller targeted attacks such as account takeover, credential stuffing, and credit card fraud. It seems the list gets longer every day. DDoS attacks are already happening at multi-terabit scale, which is more than most applications were ever built or should need to be able to handle.
CDNs are excellent at blocking huge volumetric attacks. Protecting against user behavior and emerging threats requires a more nuanced approach. The WAF offering of most CDNs can help with this. In fact, CDNs are a great place to do all things security. For example, dropping everything that's not layer seven non-HTTP or non-HTTPS traffic at the edge gives you substantial protection right out of the box.
Your CDN can inspect, detect, and block attacks before they reach your application. Features such as rate-limiting allow legitimate users to enjoy your app while attackers are blocked at the edge. Enforcing security policies at the edge saves time, increases performance, and reduces the load on your core applications. From token authentication to virtual patching, the edge is the ideal place to detect and block malicious traffic before it reaches your valuable data and applications.
Although they vary and run differently, many CDNs have edge compute capabilities today. Some are WebAssembly, some are Docker, and yet some are other forms of virtual sandboxes. They've got different feature sets, cost models, and languages they support. And because they can run a multitude of things, edge compute becomes a great place to build and scale your microservices.
Lastly, let’s talk about visibility. Your CDN inherently has tons of data. And then some! Logs and statistics can help improve day-to-day operations, particularly if they're available in real-time. (You should expect real-time, as it’s the only way you can see and react to global incidents or localized issues.)
You can analyze historical data to make better architectural decisions for future build-out and improvements. When running experiments, you can use the log data to see if your outcomes were correct or if you should take a different path.
CDN logs can help reduce costs by enabling you to identify areas where your caching or optimization strategies are subpar. They can help you detect new and effective ways that people are trying to misuse and abuse your applications so that you can make informed decisions. And real-time logs help remediate outages and eliminate costly downtime that prevents customers from using your web apps. Keeping your apps available also builds your brand reputation.
As we wrap up, we find it a prudent reminder that CDNs have dedicated teams of network engineers, automated tools, and redundant networks. CDNs can optimize routes and protect against things like internet weather, DDoS attacks, costly outages, and downtime, all resulting in a better experience for you and your visitors.
You can watch Chris’ Content Delivery Summit 2022 talk on these topics in full here