Skip to content

CDN — Detailed#

flowchart TB
  subgraph Clients
    C1([Browser])
    C2([Mobile App])
  end

  subgraph DNS_Steering[DNS / Anycast Steering]
    GDNS([GeoDNS + EDNS Client Subnet])
    Any[Anycast routing<br/>BGP]
  end

  subgraph Edge[Edge POP — hundreds globally]
    direction TB
    EL[Edge L7 Proxy<br/>NGINX / Envoy / ATS]
    L1[L1 Cache<br/>tmpfs / NVMe<br/>hot]
    L2[L2 Cache<br/>SSD<br/>warm]
    WAF[WAF / DDoS scrubbing]
    BOT[Bot mgmt / TLS termination]
    EW([Edge Workers<br/>WASM / JS at edge])
  end

  subgraph Mid[Mid / Shield Tier]
    MT([Mid-tier cache<br/>regional aggregator])
  end

  subgraph Origin
    OLB[Origin LB]
    OS[Origin Storage<br/>S3 / GCS]
    OAPI[Origin Dynamic API]
  end

  subgraph Control[Control Plane]
    CP[Config / Rules]
    PURGE[Purge / Invalidation<br/>tag-based + URL]
    CERT[Cert Mgmt<br/>ACME / SNI]
    LOG[Real-time Logs &<br/>Analytics pipeline]
  end

  C1 --> GDNS
  C2 --> GDNS
  GDNS --> Any
  Any --> EL
  EL --> WAF
  WAF --> BOT
  BOT --> EW
  EW -->|cache lookup| L1
  L1 -->|miss| L2
  L2 -->|miss| MT
  MT -->|miss| OLB
  OLB --> OS
  OLB --> OAPI
  CP -.push config.-> EL
  PURGE -.invalidate.-> L1
  PURGE -.invalidate.-> L2
  PURGE -.invalidate.-> MT
  CERT -.certs.-> EL
  EL -.access logs.-> LOG

    classDef client fill:#dbeafe,stroke:#1e40af,stroke-width:1px,color:#0f172a;
    classDef edge fill:#cffafe,stroke:#0e7490,stroke-width:1px,color:#0f172a;
    classDef service fill:#fef3c7,stroke:#92400e,stroke-width:1px,color:#0f172a;
    classDef datastore fill:#fee2e2,stroke:#991b1b,stroke-width:1px,color:#0f172a;
    classDef cache fill:#fed7aa,stroke:#9a3412,stroke-width:1px,color:#0f172a;
    classDef queue fill:#ede9fe,stroke:#5b21b6,stroke-width:1px,color:#0f172a;
    classDef compute fill:#d1fae5,stroke:#065f46,stroke-width:1px,color:#0f172a;
    classDef storage fill:#e5e7eb,stroke:#374151,stroke-width:1px,color:#0f172a;
    classDef external fill:#fce7f3,stroke:#9d174d,stroke-width:1px,color:#0f172a;
    classDef obs fill:#f3e8ff,stroke:#6b21a8,stroke-width:1px,color:#0f172a;
    class C1,C2,GDNS client;
    class Any,EL,WAF,BOT,OLB edge;
    class L1,L2,OAPI,CP,PURGE,CERT service;
    class EW,MT compute;
    class OS storage;
    class LOG obs;

Caching keys & TTLs#

  • Key = (host, path, query-allowlist, vary-headers).
  • Cache-Control: public, max-age=... and s-maxage for shared caches.
  • Stale-while-revalidate / stale-if-error for resilience.
  • Range requests + byte-range slicing for large video objects.

Invalidation#

  • URL purge, surrogate-key (cache-tag) purge, full purge.
  • Soft purge marks stale; cleanup on next request.

Pricing/perf knobs#

  • Tiered caching: edge → shield → origin (origin shielding).
  • Pre-fetch hot objects to edges by analytics.
  • HTTP/3 + 0-RTT for cold-start latency.

Glossary & fundamentals#

Concepts referenced in this design. Each row links to its canonical page; the tag column shows whether it is a high-level (HLD) or low-level (LLD) concept.

Tag Concept What it is Page
HLD Load balancer / GSLB L4/L7 traffic distribution and failover load-balancer
HLD CDN edge caching for static assets cdn
HLD Cache strategies cache-aside, read/write-through, eviction caching-strategies
HLD HTTP / TLS protocols HTTP 1.1/2/3, QUIC, TLS 1.3 http-protocols
LLD Structural patterns Adapter, Decorator, Facade, Proxy, Composite structural-patterns