Skip to content

CDN — Notes#

Functional requirements#

  • Cache static assets globally; serve nearest POP.
  • Origin shielding to reduce origin egress.
  • Purge by URL, surrogate key, or full domain.
  • TLS termination at edge.
  • Optional: edge compute (WASM/JS), WAF, image resize at edge.

Non-functional requirements#

  • Hit ratio: > 90% for static workloads.
  • p99 latency: < 50 ms to nearest POP.
  • Availability: 99.99% (route around POP failures via anycast).
  • Throughput: Tb/s aggregate.

Capacity estimation#

  • 1 PB working set, edge SSD 50 TB/POP → ~20 POPs cover hot set.
  • Origin egress reduction: 95% if hit ratio = 95%.

API surface#

  • HTTP origin pull (most common) or push API.
  • Control API: PUT /config, POST /purge {urls, tags}.

Data / cache key model#

  • key = SHA1(host + path + sorted(query_allowlist) + vary_headers)
  • Metadata: etag, last-modified, expiry, surrogate-keys[].

Trade-offs#

  • Push vs Pull: Pull = simple, lazy population; Push = predictable but costly to seed.
  • More POPs = lower latency, higher cost, more cache fragmentation.
  • Long TTL = high hit ratio but stale risk; pair with surrogate-key purge.
  • Edge compute = personalization at edge but complicates caching.

Real-world refs#

  • Akamai (origin shielding pioneer), Cloudflare (anycast + Workers), Fastly (instant purge, VCL), AWS CloudFront, Google Cloud CDN, Netflix Open Connect.