Hi Fastly customers + friends,
In Q3, we added an assortment of new features and increased the size of our network. We introduced functionality to further enhance security at scale, decrease time to first byte for large and encrypted files, add basic effects to images, and more. We also brought our total global number of Fastly POPs to 54, along with 26 Tbps of connected network capacity. Read on to learn what we’ve been up to last quarter.
Table of contents
As of the end of Q3, Fastly now operates 54 POPs worldwide. We made additions and enhancements to POPs across five continents:
New POPs and network growth at existing POPs yield an increase of 3 Tbps of new edge capacity in Q3, bringing our total connected edge capacity to 26 Tbps.
Fastly is now present at 65 Internet Exchange Points (IXPs). We joined the following new IXPs this past quarter:
Internet service providers (ISPs), enterprises, and cloud service providers (CSPs) can interconnect with Fastly directly at these IXPs to reduce network hops over the internet (see https://www.fastly.com/peering for more information). This enables low latency and highly performant connections to Fastly’s edge cloud.
We’re happy to announce a number of changes to the All Services page. Many of you already use the All Services dashboard as a high-level overview of your Fastly service, and these new features will enhance that experience.
ACLs, previously an API-only feature, allow you to store a list of permissions that Varnish will use to grant or restrict access to URLs within a service. With these ACLs, you can build allow lists and block lists leveraging the flexibility of Fastly to strengthen your security at the edge. You can now use our new web interface to add, remove, and update ACLs in real time from the Control Panel. For those of you leveraging ACLs in your automated tooling, you can still use the API.
For customers that manage their own TLS certificates, we released a new UI for certificate renewals and the rotation of private keys. This page allows you to upload your own private keys via a drag-and-drop interface and perform a certificate rotation, provided that the new certificate is an exact match in terms of the included domains (SAN entries). The UI also notifies you of TLS certificates that we recommend updating.
Our new Platform TLS product gives companies that offer mass hosting or support multi-brand portfolios the ability to fully automate TLS provisioning at scale — including certificate and key management — through Fastly’s API. Platform TLS supports the delivery and management of hundreds of thousands of certificates, supported by an automated worldwide TLS termination and acceleration solution. This solution ensures a performant, efficient, and consistent approach to TLS management at scale.
The Platform TLS API, which is in Limited Availability, has been updated to include key management, error handling, search, sorting, and greater consistency with the rest of Fastly’s APIs.
A new user permission has been added that grants access to modify and manage the account-wide TLS settings. A Superuser can grant this permission to users of any role (User, Billing, or Engineer) via the user access controls UI or via API.
Fastly’s Subscriber Provided Prefix is a new service released in Limited Availability for customers who want to remain in control of their IP address space for the long-term. Whether you need to maintain your IP reputation for outbound mail services, or potentially have to use specific addresses for compliance reasons, this service allows you to “whitelist” your address space and future-proof your customers’ brands, while taking advantage of the capacity and ongoing growth of Fastly’s network.
With this service, you provide your own IP address space to Fastly rather than use Fastly IP addresses. In this case, Fastly announces, routes, and serves your IP space via Fastly infrastructure for use with your production services. You can direct traffic to your own IP addresses, which are reachable via HTTP anycast on Fastly’s infrastructure. This service can also be used in conjunction with origin peering and the Fastly DDoS protection and mitigation service to help protect you by being shielded by Fastly’s global network.
We are excited to share that streaming miss with TLS support is now in Limited Availability. Streaming miss is a powerful feature that is helpful to any customer serving files of a few MB in size. With this feature, we can start passing chunks of a large file to the end user as we pull it from origin on a cache miss. This streaming-like delivery dramatically decreases time to first byte on miss and improves your customer experience — but historically, it had the limitation of not being able to use encryption when we connect to origin. This meant that Fastly customers with compliance and security mandates for encrypted data in flight couldn’t use it. This restriction is being removed and anyone wishing to use the feature in Limited Availability can get it enabled by submitting a support ticket.
Fastly’s image optimizer has added the five basic Image Effect features below. You can now change the brightness, contrast, and saturation of an image, as well as sharpen and blur. Many transformations can be combined to create the desired output for a single image.
We recently completed a visual revamp of our VCL language reference, making it easier for you to find the information you need. All VCL reference information now lives in a dedicated space at https://docs.fastly.com/vcl. All changes to our documentation can be tracked in our documentation changelog. If you’re curious about the VCL-specific changes, look for the section titled “New and recently updated VCL docs.”