CDN – you keep seeing the acronym. Maybe in URLs, maybe on landing pages, but it never quite clicked – what are Content Delivery Networks, what do they do exactly?
We’ll explain in this overview article, and demonstrate on two popular ones in followup posts.
Key Takeaways
- A CDN (Content Delivery Network) is a network of computers that delivers web content faster by reducing latency, utilizing servers geographically closer to the user. These servers, known as PoPs (Points of Presence), also cache content to reduce load from the origin server.
- There are two main types of CDNs: content-oriented and security-oriented. Content-oriented CDNs primarily reduce latency and speed up rendering, while security-oriented CDNs offer protection against DDoS attacks and bot activity, and can identify suspicious IPs and browsing patterns.
- Some of the biggest players in the CDN space include Akamai, AWS Cloudfront, Cloudinary, Incapsula, MaxCDN, and Fastly. Each has its own strengths, such as DDoS protection (Incapsula), global reach (Akamai), affordability (Amazon Cloudfront), and hotlinking protection (MaxCDN and KeyCDN).
- Implementing a CDN typically involves changing some DNS records in the control panel of the domain registrar. This results in all traffic hitting the CDN first, which in turn hits your website, making the process transparent to the user.
CDN Basics
A CDN is a network of computers that delivers content.
More specifically, it’s a bunch of servers geographically positioned between the origin server of some web content, and the user requesting it, all with the purpose of delivering the content faster by reducing latency. This is their primary purpose.
These geographically closer servers, also called PoPs or Points of Presence, also cache the cacheable content which removes a lot of the load from the origin server. There are different types of CDNs offering different kinds of services, and they can have differing network topology: scattered CDNs aim to have as many servers scattered around the world as possible. Akamai is one such CDN. Consolidated CDNs have fewer points, but bigger ones built for network performance, throughput, and DDoS resistance.
Types of CDNs
We said that their primary purpose was to reduce latency and speed up rendering. But in the modern world of 2MB images and 500kb JavaScript libraries that take 3 minutes to boot up on websites, this latency matters little. But there are other purposes to CDNs, too, which evolved over time.
Content-oriented CDNs
Initially, CDNs were just for static content (JS, CSS, HTML). You had to push content to them as you created/uploaded it (they didn’t know they needed to update their cache with your content, not even as someone requested it).
Then, they added origin pulling, making things more automatic – this meant that a user requested the CDN’s URL, and then the CDN requested the origin website’s URL automatically, caching what ever it got back. Additionally, availability became an important factor. Many CDNs now cache a website’s “last alive” state so that if the origin goes down, the CDNed content is still accessible to users, creating the illusion of stability until things return to normal.
Additionally, modern CDNs often offer auto-optimization layers which will automagically resize images and save them for future use based on the image size requested. This means what if your site has a 2MB header image and someone requests it on a 300px wide screen, the CDN will make a copy that’s 30kb in size and 300px wide and serve that in the future to all mobile users, automatically making the site faster.
Security-oriented CDNs
The final layer of practicality added to CDNs was DDoS and bot protection. CDNs like Incapsula specialize in this.
As the CDN is the outermost layer of a website’s infrastructure and the first recipient of traffic, it can detect DDoS attacks early and block them with special DDoS protection servers called scrubbers without them ever reaching the origin server and crashing it.
Additionally, by using knowledge crowdsourced from its many clients, a CDN can learn about suspicious IPs, spammers, botters, even types of crawlers and their behavior. For example, a scraper that works on site A will, once identified, stop working on site B as well if that site is protected by the same CDN, because the traffic filter will recognize a pattern it’s seen before.
What’s more, while CDNs do allow their customers to upload custom certificates, they also offer their own. This has two benefits:
- When a big vulnerability in the certificates appears, the CDNs usually quickly respond because they have the most to lose (all their customers). Hence, a fix is usually in place before most people even know about the security hole.
- Connections are faster because if many websites use the same CDN, then you’ve already established a valid connection and mutual trust with the CDN via its SSL certificate, and this process does not have to be repeated for every site that uses that CDN’s certificate. This doesn’t impact an individual website as much as it does the entire web.
Biggest Players
Some of the biggest players in the CDN space are companies like Akamai, AWS Cloudfront, Cloudinary, Incapsula, MaxCDN, Fastly, and others.
Rather than compare them in full, we’ll list the categories in which each can be a champion:
Scraping and DDoS Protection
While fine in every other way too, Incapsula is unbeatable in scraping and DDoS protection. With an extensive database of not only offending proxy IP addresses but also mouse and browsing patterns of bots and scrapers, Incapsula stops most automated attacks dead in their tracks.
Choose if: you’re a web shop and don’t want your competitors to scrap your catalog
Speed and Global Reach
Akamai, the CDN that even Facebook uses, has a proven track record of global availability. Their scattered model of network topology and availability in even the poorer parts of the world (something other CDNs lack) make content served with Akamai smooth to load even in low-connectivity areas. A close second is AWS Cloudfront from Amazon.
Choose if: you’re aiming for global reach, from China to US, from Finland to Antarctica.
Affordability
Amazon Cloudfront is the cheapest of the paid plans (we don’t count free plans as those often lack important features) and has the arguably largest reach after Akamai, which isn’t exactly cheap (a scattered topology is expensive to maintain).
Choose if: price is an issue.
Hotlinking
Hotlinking is when someone selects “Copy image address” on an image hosted on your website, and includes it in their own directly, with the original URL intact. This is usually sloppy and lazy work on the side of content thieves, but can lead to big expenses if the copycat succeeds in sharing their site on large-impact social media website like Facebook or Reddit, and your server suffers for it. MaxCDN and KeyCDN both offer very good hotlinking protection.
Choose if: you’ve got a gallery, travel blog, or any other image-rich site which is at risk of hotlinking.
Other
We encourage you to go out and investigate on your own. There are countless posts comparing the CDNs one to the other, and each plan of each CDN differs in offered options to the next one. It’s extremely difficult to cover them all, and the landscape constantly changes.
Implementation Process
Implementing a CDN typically entails changing some DNS records in the control panel of the registrar (the company renting you your domain name). This results in all traffic hitting the CDN first, which in turn hits your website. Since it all happens behind the scenes (through IPs), the process is transparent to the user.
Sometimes, sites will add a special subdomain to their main domain on which to host images, JavaScript, CSS, and other static content. If you open the Network tab of a browser’s dev console or just pay attention to the status bar of your browser while a site like Facebook is loading, you’ll notice a lot of URLs with cdn
in them – that’s the site in question requesting only some of its content from CDNs.
Why not request all content through CDNs? Because static content is usually big – 2MB images, 500kb of JS, etc. This is worth serving quickly, because a) it doesn’t change often and can be cached for a long time and b) removes a big, big load from the main server of the app, which can be dynamic.
Conclusion
In this article, you learned what a CDN was and how it works. You found out about the different types of CDNs and their potential scope of work, as well as the biggest players in the field.
In two followup articles we’ll introduce Cloudinary and Cloudflare, and in our major Performance-Month-Project we’ll actually implement one of them into our real world app so you can see it in action on a live example. Stay tuned!
Frequently Asked Questions about Content Delivery Networks (CDNs)
What are the key benefits of using a CDN?
A Content Delivery Network (CDN) offers several benefits. Firstly, it improves website load times by distributing content closer to website visitors using a nearby CDN server, thus reducing latency. Secondly, it reduces bandwidth costs as CDNs handle more of the traffic. Thirdly, it increases content availability and redundancy. If one server is unavailable, the network will redirect traffic to the next nearest one. Lastly, it improves website security by offering enhancements like DDoS protection and other security features.
How does a CDN improve website performance?
A CDN improves website performance by storing a cached version of its content in multiple geographical locations (points of presence, or PoPs). Each PoP contains caching servers responsible for content delivery to visitors within its proximity. In essence, CDN puts your content in many places at once, providing superior coverage to your users.
How does a CDN reduce bandwidth costs?
CDNs can reduce the amount of data an origin server must provide, thus reducing hosting costs for website owners. They do this by caching content at the edge of the network. When a user requests content, it is delivered from the nearest edge server, reducing the amount of long-haul data traffic.
How does a CDN provide DDoS protection?
CDNs can provide DDoS protection by absorbing and dispersing attack traffic across its distributed server infrastructure. Additionally, many CDNs offer specific DDoS protection services that can detect and mitigate threats before they reach the origin server.
Can a CDN improve SEO rankings?
Yes, a CDN can help improve SEO rankings as page load speed is a factor in Google’s ranking algorithm. By delivering content faster to users, CDNs can potentially lead to higher rankings on search engine results pages.
How does CDN caching work?
CDN caching works by storing a copy of the website’s content in multiple locations around the world. When a user requests a webpage, the request is routed to the nearest server, which delivers the cached content, reducing the load time.
What is CDN edge server?
An edge server is a server located on the edge of an internet network. In a CDN, edge servers are strategically located in multiple locations to deliver content to users from the nearest possible point, reducing latency and improving site speed.
What is the difference between a CDN and a web host?
A web host is where your website’s files are stored, while a CDN is a network of servers that deliver your website files to users based on their geographic location. While a web host provides a home for your website, a CDN helps to deliver your website content more efficiently to users around the world.
Can a CDN serve dynamic content?
Yes, some advanced CDNs can serve dynamic content. While CDNs are traditionally used to serve static content, some CDNs have the capability to serve dynamic content that changes based on user behavior or other factors.
Is a CDN necessary for small websites?
While large websites with high traffic and global reach may see the most benefit from a CDN, smaller websites can also benefit. A CDN can help improve load times, save bandwidth, and provide a level of reliability and security that might not be achievable with a single server.
Bruno is a blockchain developer and technical educator at the Web3 Foundation, the foundation that's building the next generation of the free people's internet. He runs two newsletters you should subscribe to if you're interested in Web3.0: Dot Leap covers ecosystem and tech development of Web3, and NFT Review covers the evolution of the non-fungible token (digital collectibles) ecosystem inside this emerging new web. His current passion project is RMRK.app, the most advanced NFT system in the world, which allows NFTs to own other NFTs, NFTs to react to emotion, NFTs to be governed democratically, and NFTs to be multiple things at once.