The future of business starts with developers

Learn more
Company The team behind better online experiences Network Map A new architecture for the modern internet Industry Analyst Relations See what industry analysts say about Fastly News Recent updates and announcements Platform The platform behind better, faster and more secure digital experiences Customer Stories See how the best of the web succeed Events Connect with Fastly at an event Careers Join the team that's building a better internet

The Fastly Edge Cloud Platform

See All Products
Content Delivery (CDN) Deliver fast, personalized experiences globally Live Streaming Deliver seamless live streaming experiences Streaming Video (VoD) Deliver exceptional on-demand video experiences Media Shield Optimize multi-CDN deployments On-the-Fly Packager Dynamically package on-demand video content in real time Image Optimizer Rapid image processing at the edge Load Balancer Granular control over routing decisions TLS Encryption Reduce the complexity of TLS management Origin Connect Connect directly to Fastly IP Addresses Easily manage IP addresses HTTP/3 & QUIC Modern protocols Domain Research API Instant, accurate domain name discovery Object Storage Get direct access to large files at the edge with zero egress fees
Next-Gen WAF Modern web app and API security, anywhere Bot Management Detect and mitigate bot attacks DDoS Protection Automated mitigation of disruptive and distributed attacks API Security Secure your API endpoints Client-Side Protection Defend against client-side attacks AI Bot Management Stop AI bots from scraping website content
Edge Compute Take your apps to the edge — our instant platform helps you build amazing experiences for your users Key Value Store The fastest key value store you can get, but as easy to use as your familiar database tools Websockets & Fanout Real-time messaging, at global scale, with complete personalization and easy setup Developer SDKs Program the same services we use to build Fastly products Enterprise Serverless The most powerful serverless platform, built on open standards and integrated with Fastly’s full suite of products AI Accelerate your AI workloads and improve efficiency with semantic caching Object Storage Get direct access to large files at the edge with zero egress fees Programmable Cache Get full programmatic access to the same legendary caching that powers our CDN. MCP Server AI-powered control for your Fastly services.
Real-time Logging Stream and analyze logs in real-time Edge Observer Explore live and historical traffic data Domain Inspector Assess domain level insights Origin Inspector View complete origin to edge insights Alerts Create notifications for service-related metrics Log Explorer & Insights Interact with actionable insights

Extraordinary services for exceptional results

See All Services
Professional Services Expert help to migrate or optimize your delivery service Live Entertainment Services Live streaming experiences that scale with your audiences Support Plans World class support from start to finish Managed CDN Maximized control and flexibility Managed Security Expertly managed web application protection Customer Support Fastly Support helping you grow better, together

Innovative digital solutions

See all our solutions
Streaming Media Deliver stellar live and on-demand streaming Emerging Media High performance for emerging media brands Digital Publishing Real-time journalism with improved reader experiences eCommerce Fast, personalized experiences at scale Financial Services Integrated security to protect customer data High Tech Instantly scale your performance as you grow Travel & Hospitality Online tailored experiences for your guests and visitors Online Education Deliver secure learning experiences at scale Gaming Fuel your players’ next win with ultra-fast, secure game downloads
Infrastructure Savings Achieve lower, more predictable cloud spend Multi-cloud Optimization Reduce complexity and unify cloud resources Customer Trust Learn more about Fastly’s Customer Trust initiatives Privacy Enablement Learn how to protect your user's data Sustainability Dashboard See your electricity use and GHG emissions for the Fastly platform

Empowering every developer to build incredible experiences

Try Fastly Free
Developers Build something amazing today Fast Forward Creating a more trustworthy internet Dev Tools Dev tools built for teams - with an edge Developer SDKs Program the same services we use to build Fastly products Community Join developers around the world Sign up Create a free developer account

Help build a fast, safe, and engaging internet with Fastly

Why Partner with Fastly Help deliver safe, fast and engaging experiences Cloud Partners Learn about the benefits of combining Fastly with your cloud services Channel Partners Enhance your offerings & capabilities with Fastly products Technology & Integration Partners Explore our partner ecosystem
Partner Portal Login Access all your Fastly partner resources Become a Partner Enhance your business by reselling or referring Fastly products Find a Partner Let us help connect you with the right partner for your needs

Get Help with Fastly

Documentation Get the most out of Fastly Resource Library Explore data sheets, reports, and more Fastly Academy Hands on learning with Fastly products Learning Center Learn about Internet technology Blog Our latest thoughts and ideas Security Research Stronger security through research Fastly's POV Explore expert and industry insights
Support Center How can we help? Contact Us Get in touch today

Khan Academy

Khan Academy delivers free education to millions globally with Fastly's edge cloud platform

The challenge

Khan Academy's mission is to provide free, world-class education to anyone, anywhere. For Miguel Castillo, Staff Software Engineer on the infrastructure platform team, that mission carries personal weight. "I grew up in a low income family. This work resonates with me," Castillo said. His team manages the services and infrastructure that deliver Khan Academy's content to users worldwide, many of whom access the platform from areas with unreliable internet connections or only through mobile devices.

As Khan Academy expands its district offerings globally, including in countries with less reliable networks, the infrastructure team faces mounting challenges to scale. The challenge isn't just about handling volume. Khan Academy serves users in regions where internet access is spotty, meaning every millisecond of latency matters. As we serve users from all over the world, it is important to provide a consistent and reliable user experience. 

The solution

Khan Academy's relationship with Fastly began over a decade ago through the Fast Forward program, which provides free services and support to open source projects and the nonprofits that support them. What started as a straightforward CDN implementation has evolved into a critical partnership. "Fastly has become an extremely important part of our ecosystem," Castillo said.

Pushing the Limits with VCL

The team, eager to push the boundaries of what was possible as part of the Fast Forward program, leveraged Varnish Configuration Language (VCL) to manage complex authentication , fine control over caching, and routing logic. However, the complexity of the VCL code and infrastructure grew as new requirements needed to be implemented.  And over time fewer engineers understood the complex mechanics of VCL. The request flow when users needed to be re authenticated revealed the complexity of the system: a request entering the Fastly network would be forwarded to a Google App Engine to do user re authentication, and then loop back back to the Fastly network to complete user requests. This convoluted setup not only strained the system but also increased potential points of failure, representing a clear opportunity for improvement.

"That was a big loop of requests that needed to happen," Castillo explained.

Simplifying architecture with Fastly Compute

The migration to Fastly Compute transformed Khan Academy's approach. "All of our stack at Khan Academy is built in Go," Castillo said. "We were able to leverage a lot of the code and infrastructure that we had already written for our GCP services." By migrating authentication code and encryption logic from VCL to Fastly Compute, the team streamlined request flows, reducing redundant network hops and simplifying complex workflows, such as user reauthentication. This shift increased code reuse for tasks like unit testing infrastructure, making the system easier to maintain and more efficient. The new setup allowed them to run unit and integration tests more effectively, ensuring changes could be validated in controlled environments before deployment, reducing the risk of errors in production.

The results were immediate. By eliminating multiple hops between services, Fastly Compute streamlined request flows, allowing it to interact directly with App Engine and continue the workflow. "That reduces the brittleness because you are reducing the number of hops that a request goes through. Fewer hops reduce the risk of failures and make the system more reliable," Castillo explained. 

For users in remote parts of the world, streamlining the request flows resulted in a more efficient and consistent user experience. "Previously, the browser had to make two separate calls—one to load data and another to load the HTML, resulting in two round trips," Castillo explained. "With Fastly, we consolidated this into a single call. By prefetching user data from the Chicago point of presence (POP), we eliminated unnecessary delays and made the experience more seamless." This reduction in load time improved reliability and availability, ensuring students could access educational content more seamlessly, even in areas with challenging internet conditions. 'It’s all about making the platform as easy to use as possible for every learner, no matter where they are,' Castillo added.

What impressed the team most was how well performance held up when introducing Fastly Compute as a new hop in their architecture. "For all intents and purposes, our user experience didn't change," Castillo said. "Latency remained stable following the introduction of Fastly Compute into the service chain.” 

Blocking malicious traffic with bot detection

When Khan Academy rolled out Fastly's Bot Management, the security benefits became immediately apparent. "We had millions of bot requests a day." Castillo said. "They were literally trying to brute force logging into our system." The bot traffic wasn't just a security concern, it was putting stress on Khan Academy's backends and driving up costs in Google Cloud Platform.

In response to unusually high numbers of malicious requests by bad actors, Khan Academy enabled the Proof of Work low-touch integration into various endpoints that were particularly hard hit. In addition to immediate gains in protection and performance, this provided very rich data on which to plan a more comprehensive roadmap for Fastly integrations. For the security team, it’s a matter of having the right tools for the job and being able to rely on those tools. This work provided the confidence to deepen the integration between Khan Academy and Fastly’s security and intelligence services.

When combining the Bot Management capabilities with Fastly’s Next-Gen WAF, the team gained additional protection against abuse. Bad actors were creating multiple accounts using email aliases and sending spam to legitimate users. "We've been able to mitigate a large fraction of the bad actors with the help of the Next-Gen WAF and are working with the new insights provided by Fastly to keep increasing the fraction of true-positives," Castillo said. The security team also uses these tools to identify SQL injection attempts and other attacks. 

Automatically stopping attacks in their tracks with DDoS Protection

Another key capability provided to Khan Academy by Fastly is DDOS Protection. This is a product enabled by Khan Academy which automatically detects and mitigates application DDoS attacks. Fastly's DDoS Protection leverages its Adaptive Threat Engine to identify malicious traffic and automatically take appropriate action to block it, ensuring threats are mitigated without any manual intervention. Despite Khan Academy experiencing massive ebbs and flows in traffic that can represent significant load, the solution accurately mitigates attacks behind the scenes without acting on legitimate traffic spikes.

“We’ve seen DDoS Protection activate multiple times, like during an attempted attack where traffic spiked by over 17,000%, and it automatically blocked the malicious surge before it ever reached our core services.” said Castillo.

Scaling for global training events

Khan Academy’s infrastructure encountered a major increase in demand during training events in the Philippines, where hundreds of thousands of users came online simultaneously. Recognizing this as an opportunity to optimize performance, Khan Academy worked closely with Fastly support engineers to identify and address bottlenecks. Together, they made improvements that ensured the infrastructure could handle such spikes seamlessly in the future. When the next training event occurred, the platform scaled effortlessly. "We were able to handle a significant amount of traffic coming from the Philippines that we were just not used to," Castillo said.

The support relationship has been crucial. "The response and the help that we received from Fastly made all the difference,” Castillo said. "Once that was clearly communicated, we have gotten way more than we could have expected in terms of help and support." For a team managing such a critical single point of failure, that support provides confidence.

Key takeaway

Khan Academy's infrastructure team now looks at Fastly as more than just a CDN. After successfully migrating to Fastly Compute, Castillo and team started evaluating other services that could move from Google Cloud Run to Fastly. "Moving more services into Fastly is definitely something we're considering," Castillo said. "You would only make that kind of assessment if you're confident in the platform."

Like all security teams, Khan Academy’s have to find the highest value tools available to keep its users, data, employees, and infrastructure safe. The Fastly infrastructure has proven invaluable in that regard by not only providing Khan Academy with the sorely needed Bot Management and DDOS Protection, but also by classifying and tagging 100% of our traffic with intelligence with which we can make more informed decisions and take faster, smarter action. 

For a nonprofit serving millions of students worldwide, the Fast Forward program delivers value beyond cost savings. "The time that is spent negotiating contracts, the time that is spent justifying purchases adds up,” Castillo explained. "That is the sort of stuff that is operationally just really burdensome. With Fastly, we don't have to worry about that." Instead, the team can focus on what matters: making sure students everywhere can access free education, regardless of their location or resources.

khanacademy.org
Industry: Nonprofit
Location: North America
Customer since: 2014

Favorite features
Bot Management
DDoS Protection
Fastly Compute

“We’ve seen DDoS Protection activate multiple times, like during an attempted attack where traffic spiked by over 17,000%, and it automatically blocked the malicious surge before it ever reached our core services.”

Miguel Castillo
Staff Software Engineer

“The time that is spent negotiating contracts, the time that is spent justifying purchases adds up. That is the sort of stuff that is operationally just really burdensome. With Fastly, we don't have to worry about that.”

Miguel Castillo
Staff Software Engineer


"Fastly has become an extremely important part of our ecosystem,"

Miguel Castillo
Staff Software Engineer