80% of the network traffic returned by Internet applications comes from it?

What is a CDN?

Content Distribution Network (CDN) is a computer network system that is interconnected through the Internet. It uses the server closest to each user to send music, pictures, videos, applications and other files to users faster and more reliably, thereby providing high-performance, scalable and low-cost network content delivery to users.

CDN name resolution

content

In the CDN field, "content" is actually the "resources" in the HTTP protocol, such as hypertext, pictures, videos, application installation packages, etc.

• Resources are divided into "static resources" and "dynamic resources" according to whether they are cacheable. The so-called "static resources" refer to data content that is "static and unchanged", and is the same at any time, such as pictures and audio. The so-called "dynamic resources" refer to data content that is "dynamically changing", that is, it is calculated and generated by the background service, and is different every time it is accessed, such as the inventory of goods, the number of fans on Weibo, etc. Obviously, only static resources can be cached for acceleration and accessed nearby, while dynamic resources can only be generated by the source station in real time, and it is meaningless even if they are cached. However, if the dynamic resource specifies "Cache-Control" to allow caching for a short period of time, it will become a "static resource" during this period of time and can be cached and accelerated by CDN.

network

The core principle of CDN is "nearest access". We know that the speed of network access is slow. Ignoring other factors that affect the quality of service, from the perspective of network transmission alone, the speed of an Internet system mainly depends on the following four factors:

The export bandwidth that can be provided by the link of the website server to the network operator.

The ingress bandwidth that can be provided by the link through which the user client accesses the network operator.

The bandwidth of interconnection nodes between different operators from the website to the user. Generally speaking, there are only a few fixed points between two operators that are interconnected, and all cross-operator interactions must pass through these points.

The transmission delay of the physical link from the website to the user. If you love playing games, you should know that latency (Ping value) is usually more important than bandwidth.

If users can obtain data within a distance of tens of kilometers locally, the latency will basically become zero.

distribution

When users surf the Internet, they do not directly access the source site, but instead access the "closest" CDN node to them, which is called an "edge node". In fact, it is a proxy server that caches the content of the source site. This saves the time cost of "long-distance travel" and achieves "network acceleration".

1. Passive back-to-origin: refers to the fully automatic, bidirectional and transparent resource caching process triggered by user access. When a resource is requested by a user for the first time, if the CDN cache node finds that it does not have the resource, it will obtain it from the source station in real time. At this time, the resource response time can be roughly considered as the sum of the time it takes for the resource to go from the source station to the CDN cache node, plus the time it takes for the resource to be sent from the CDN to the user.
2. Active distribution: The source station actively initiates and pushes the content from the source station or other resource library to each CDN cache node at the user edge. There is no industry standard to follow for this push operation. We can use any transmission method (such as HTTP, FTP, P2P, etc.), any push strategy (such as meeting specific conditions, timing, manual, etc.), and any push time, as long as it matches the update strategy I will talk about later.
3. How CDN manages (updates) resources: The most common way to manage (update) resources is to combine timeout passive failure with manual active failure. Timeout failure means that cache resources are given a certain lifespan, and when the lifespan is exceeded, they are passively returned to the source again at the next request. Manual failure means that CDN service providers generally provide an interface for program calls to invalidate the cache. When the website is updated, the continuous integration pipeline automatically calls this interface to implement cache updates.

Introduction

CDN (Content Delivery Network) refers to content distribution network, also known as content delivery network. This concept began in 1996 and was proposed by a research team at the Massachusetts Institute of Technology in the United States to improve the service quality of the Internet. In order to publish rich broadband media content on the traditional IP network, they proposed to build a content distribution platform based on the existing Internet to provide services for websites, and established a special CDN service company in 1999 to provide professional services for Yahoo. Since CDN is a network coverage layer optimized to speed up network access, it is figuratively called a "network accelerator". The birth of the CDN network has greatly improved the service quality of the Internet, so traditional large network operators have begun to build their own CDN networks, such as AT&T, Deutsche Telekom, China Telecom, etc. With the continuous increase in market demand, even pure CDN network operators have emerged. Akamai in the United States is the largest one, with more than 1,000 nodes distributed all over the world. The first pure CDN network service company in my country is Beijing ChinaCache, which has established a special CDN service network, ChinaCache, since 2000. Currently, the CDN network has exceeded 50 nodes, covering China's six major backbone networks: China Telecom, China Netcom, China Mobile, China Unicom, China Railway Communications Network and China Education Network. The bandwidth resource reserve exceeds 35G, and the number of customers served has reached more than 300.

Function

In summary, CDN has the following main functions: (1) Save backbone network bandwidth and reduce bandwidth demand (2) Provide server-side acceleration to solve the problem of server overload caused by large user access volume (3) Service providers can use Web Cache technology to cache Web pages and objects that users have visited locally, so that access to the same object does not occupy the backbone export bandwidth, and improve the response time requirements for users to access Internet pages (4) It can overcome the problem of uneven distribution of websites and reduce the cost of website construction and maintenance (5) Reduce the impact of "communication storms" and improve the stability of network access

Route resolution

CNAME

• CNAME record: CNAME (Canonical Name) record is an alias record, which is used to resolve a domain name into another domain name, and then the other domain name provides the source service. For example, you have stored a lot of information on a server, and use docs.example.com to access the resources on the server, but you also want to access them through documents.example.com. You can add a CNAME record in your DNS resolution service provider, point documents.example.com to docs.example.com, and all requests to access documents.example.com will be forwarded to docs.example.com.
• CNAME domain name: After adding the acceleration domain name in the CDN console, the system will assign a CNAME domain name in the form of *.kunlun.com to the corresponding domain name. You need to add a CNAME record at your DNS resolution service provider to point the acceleration domain name to the CNAME domain name. After the record takes effect, the domain name resolution will be officially transferred to the CDN service, and all requests for the domain name will be transferred to the CDN edge node to achieve the acceleration effect.

Parsing process

Let's see what the entire DNS resolution process is like with the involvement of CDN? Visit www.huaweicloud.com to see how to accelerate the static pages of Huawei Cloud. Through the dig or host command, we can easily get the return results of the DNS server (the city addresses of the first 4 IPs in the results are added manually by me, and the other records are not checked one by one), as shown below:

 ~# dig www.huaweicloud.com 
 
 ; <<>> DiG 9.10.6 <<>> www.huaweicloud.com
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59710
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 
 
 ;; QUESTION SECTION :
 ;www.huaweicloud.com. IN A 
 
 ;; ANSWER SECTION :
 www.huaweicloud.com. 29 IN CNAME www.huaweicloud.com.cdn.dnsv1.com.
 www.huaweicloud.com.cdn.dnsv1.com. 29 IN CNAME cdn-koa8myv3.sched.s2.tdnsv5.com.
 cdn-koa8myv3.sched.s2.tdnsv5.com. 29 IN A 110.185.117.243
 cdn-koa8myv3.sched.s2.tdnsv5.com. 29 IN A 118.112.23.208
 cdn-koa8myv3.sched.s2.tdnsv5.com. 29 IN A 110.185.115.189
 cdn-koa8myv3.sched.s2.tdnsv5.com. 29 IN A 110.185.117.191
 cdn-koa8myv3.sched.s2.tdnsv5.com. 29 IN A 182.150.11.59 
 
 ;; Query time : 3 msec
 ;; SERVER: 223.5.5.5#53(223.5.5.5)
 ;; WHEN : Fri Sep 17 11:03:53 CST 2021
 ;; MSG SIZE rcvd: 204

Then, according to this resolution information, we can know that the query result of the DNS service for "www.huaweicloud.com" first returned a CNAME record "www.huaweicloud.com.cdn.dnsv1.com". When the server recursively queried the CNAME, it returned another CNAME that looked even stranger, "cdn-koa8myv3.sched.s2.tdnsv5.com". After continuing to query, this CNAME returned several A records in different locations. Obviously, these A records are CDN nodes distributed throughout the country that store the cache of this site. From this, we can clearly understand the specific working process of CDN routing resolution:

• After setting up the server of "www.huaweicloud.com", register the server's IP address as the "origin site" on your CDN service provider. After registration, you will get a CNAME, which is "www.huaweicloud.com.cdn.dnsv1.com" in this example.
• Next, register the obtained CNAME as a CNAME record on the DNS service provider where you purchased the domain name.
• When the first user visits your site, a cache-missing DNS query will occur first, and the domain name service provider will resolve the CNAME and return it to the local DNS. At this point, the control of subsequent link resolution begins to be taken over by the content distribution network's scheduling service.
• When the local DNS queries the CNAME, the only authoritative server that can resolve the CNAME is the authoritative DNS set up by the CDN service provider. This DNS service will select the most suitable CDN cache node that can provide services across the country based on certain balancing strategies and parameters, such as topology, capacity, latency, etc., replace its IP with the IP address of the source station, and then return it to the local DNS.
• After the browser gets the IP address from the local DNS, it will access the IP as the origin server. At this time, the CDN node of the IP may or may not have cached the resources of the origin server. Finally, after the content is distributed, the CDN node is able to provide the requested resources to the user instead of the origin server.

cdn analysis.png

Content Storage

"Storage of content sources" and "Storage of content in cache nodes"

1. For CDN systems, there are two aspects of content storage that need to be considered: one is the storage of content sources, and the other is the storage of content in cache nodes.
2. For the storage of content sources, since the content is large in scale (usually up to several or even dozens of TB) and the content throughput is high, a mass storage architecture such as NAS and SON is usually used. Storage in cache nodes is a key issue in cache design. Factors that need to be considered include function and performance: the function includes support for various content formats and support for partial cache; the performance includes supported capacity, multi-file throughput, reliability, and stability.
3. Among them, the support of multiple content formats requires the storage system to be optimized according to the read and write characteristics of different file formats to improve the efficiency of file content reading and writing. Especially for the reading and writing of streaming media files. Partial caching capability means that streaming media content can be stored and read in an incomplete manner. The demand for partial caching comes from the randomness of user access behavior, because many users will not watch the entire streaming media program in full. In fact, many users access a single streaming media program for no more than 10 minutes. Therefore, partial caching capability can greatly improve the utilization of storage space and effectively improve the response time of user requests. However, partial caching may cause content fragmentation problems, which requires good design and control.
4. Another important factor of cache storage is storage reliability. Currently, most storage systems use Redundant Array of Independent Disks (RAID) technology for reliable storage. However, different devices use different RAID methods.

Content Management

"Hit" and "Return to Source"

There are two key concepts of CDN here: "hit" and "back to source".

• "Hit" means that the resource accessed by the user happens to be in the cache system and can be returned directly to the user; "Back to source" is just the opposite, the resource is not in the cache and must be retrieved by proxy back to the source site.
• Accordingly, there are two indicators to measure the quality of CDN services: "hit rate" and "return-to-source rate". The hit rate is the ratio of the number of hits to the total number of visits, and the return-to-source rate is the ratio of the number of return-to-source to the total number of visits. Obviously, a good CDN should have a higher hit rate, and a lower return-to-source rate. The current commercial CDN hit rate is above 90%, which is equivalent to amplifying the service capacity of the origin station by more than 10 times.

Resource updates and expiration

What is even more frustrating is that since most website developers and operation and maintenance personnel do not fully understand the HTTP cache mechanism, if the CDN completely follows the HTTP Headers to control cache invalidation and updates, the effect will be worse and may also cause other problems. Therefore, there is no universal rule for CDN cache management. Now, the most common way to manage (update) resources is to combine timeout passive invalidation with manual active invalidation. Timeout invalidation means giving cache resources a certain life span, and if the life span is exceeded, it will be passively returned to the source once at the next request. Manual invalidation means that CDN service providers generally provide an interface for program calls to invalidate the cache. When the website is updated, the continuous integration pipeline automatically calls this interface to implement cache updates.

Additional Capabilities

Efficient transmission protocol

• Many CDN providers also connect to (sell CA's) SSL certificate services, so that the source site can be HTTP-based, while the website open to the public is based on HTTPS.
• Similarly, this approach can also achieve the HTTP/1.x protocol from the source station to the CDN, while the external services provided by the CDN are HTTP/2 or HTTP/3 protocols; or the source station is based on the IPv4 network, and the external services provided by the CDN support the IPv6 network, and so on.

Reliable security protection capabilities

CDN helps you avoid business security risks through reliable security protection measures.

• Anti-hotlinking: Users can choose common authentication methods such as Refer, UA, URL, IP, etc., or use EdgeScript to customize the authentication method to prevent the source site resources from being stolen; support remote authentication function to achieve secondary authentication.
• DNS anti-hijacking: HTTPDNS technology uses the HTTP protocol to access the server to obtain domain name resolution results, bypassing the operator's Local DNS to avoid domain name hijacking.
• HTTPS transmission encryption: supports the use of TLS protocol to encrypt HTTP protocol content to prevent plain text data from being exposed on the Internet, and can set advanced functions such as TLS1.3, HSTS, keyless, etc.
• Origin site protection: CDN products themselves have certain security protection capabilities, and SCDN products can also be configured to provide stronger security protection capabilities.

Summarize

CDN has been developed for more than 20 years. The early CDN functions were relatively simple and could only accelerate static resources. With the rise of new technologies and new businesses such as Web 2.0, HTTPS, video, and live broadcast, it has also been continuously improving and adding many new functions, such as SSL acceleration, content optimization (data compression, image format conversion, video transcoding), resource hotlink protection, WAF security protection, etc. Websites only need to produce high-quality content, and it will do all the other "chores".

• Due to the objective geographical distance, the access speed of directly connected websites will be very slow, so CDN appeared;
• CDN builds a nationwide and global private network, allowing users to access edge nodes in the private network nearby, reducing transmission delays and accelerating websites.
• GSLB is the "brain" of CDN, using DNS load balancing technology to intelligently schedule edge nodes to provide services;
• The cache system is the "heart" of CDN. Using HTTP cache proxy technology, a cache hit is returned to the user, otherwise it must return to the source.

This article is reproduced from the WeChat public account "Operation and Maintenance Development Story"