Blogs

Modern CDN, Simplified!

Content Delivery Network (CDN) has been around for more than a decade now, it started with a system of distributed servers (Read, PoPs ) that used to deliver pages and other web content to a user faster from the local cached copies of the content based on the geographic locations of the user from the nearest content delivery server rather than , the origin of the webpage / source server hosted faraway. CDNs were proposed to solve content delivery bottlenecks, such as scalability, reliability, and performance.

How it works?

The Content Distribution Network (CDN), simply works on expanding the reach of the original content near to the user. The origin of the content, say source is cached and distributed on the edge servers reducing bandwidth costs, improving page/object load times, or increasing global availability of content. The CDN does not host the content and not a replacement for web hosting, it just enables distribution of the content.

There are four basic components of any CDN framework..

• The origin nodes or source nodes which delivers the content to be distributed and can be hosted as part of CDN providers data centers or even pointed to the data center publishing this content. Most important function of the origin server is to run the important server-side code such as the database of hashed client credentials used for authentication is typically maintained inside an origin server.
• Storage / pull nodes maintain the rendered / pre-published copy of the original content, the source nodes always ensures that the original content is synced and made available to all CDN edge or delivery nodes, typically used for the large size content payloads.
• Control Nodes maintain the network and routing policies and enable monitoring of the content metering and usage reports also act as integration points of any OSS/BSS systems clients might have for usage stats.
• Delivery / Edge Nodes ( Read, POPs) run on the perimeter of the CDN network and near to the user having cached copy of the content on part or full depending on the usecase and act as primary content server for delivering the content to users. It also acts like a bridge between multiple ISP and IXP networks to pass quickly and efficiently between networks. Sizing of POPs remains an important factor helps improve against attacks such as DDoS since they can handle much more traffic and services. Globally distributed nature of a CDN means reduce distance between users and website resources.

Broadly, CDNs either work on peering, pushing or pulling of the content via DNS based routing, URL rewriting bundled with full or partial caching, the deal is to value add in terms of faster browsing experience for users, bandwidth saving for ISPs and safe, secured assured delivery of content for CP/OTTs.

CDN Routing Mechanism

Request routing is a critical for CDNs, it is indeed used to direct end user requests to optimal edge servers per specific metrics or policies. The CDN request routing strategy involves:

Server selection mechanism is the mechanism determines the optimal edge server for an end user. A server selection algorithm may use a set of metrics, such as network utilization, user perceived latency, network distance, and edge server load. typically, most CDNs simply obtain the end user / device location from the source IP address of the incoming content request.

Server redirecting mechanism is another mechanism that informs the end user about the optimal edge server selected by the server selection algorithm. Among all server redirecting mechanisms, DNS-based server redirecting is the most popular making full use of the existing DNS infrastructure and thus enables quick and easy redirection.

Each of the mechanisms depend on single or multiple algorithms such as, Gale Shapley, Consistent Hashing,Bloom filter, Overly routing to name the few. The dynamics of the internet, the content origins and user locations dictate the demand and CDNs keep striving to invent their routing techniques to stay ahead of the curve.

Newer algorithms such as the 'fictitiously starred optimised balancing' (FSOB), for load balancing in CDN that exploits the multiple redirection mechanism of the HTTP protocol to optimally redistribute clients requests among the edge servers which build up the CDN perimeter. Load redistribution is aimed at equalising the level of occupancy of the server queues and is achieved through the periodical exchange of information computed locally at each node. The algorithm initially makes a fictitious assumption about the local topology of the network, as it is seen by each single server node, which looks at itself as the centre (i.e. the master) of a star made up of all of its neighbours (i.e. the slaves). Load redistribution is performed by the master which, if needed, appropriately redirects incoming requests to its slaves.

Anycast Vs Unicast

Broadly, CDNs address load balancing and routing in two ways, in a unicast routing every node on the network gets a unique IP address ( typically that’s how Internet works!) for example in the Home or small office the LAN networks use Unicast; when a device is connected to a wireless network get a unique IP from the DHCP server, in case any device that has a preconfigured IP ( static) will get a message saying the IP address is already in use and thus cannot connect to the network since IP conflict exists.

On the other hand, Anycast is used to advertise one IP address from multiple points in the network topology, and with the help of dynamic routing method, the traffic is delivered to the nearest point, enabling load balancing by design. With respect to CDN, Anycast typically routes incoming traffic to the nearest edge node with the capacity to process the request efficiently. Selective routing allows an Anycast network to be resilient in the face of high traffic volume, network congestion, and DDoS attacks.

Even though Anycast works by having multiple nodes on the same network, only one receiver node is selected from all the active ones. Hence in a way its a unicast communication with the nearest address once session is handed over. Also the end user device does not care which receiver node is selected since as all of the edge nodes will be providing the same service and will be active mirrors.

Types of CDNs

• Content provider/OTT CDNs are positioned to solve the content delivery assurance, reducing load on the CP/OTTs origins and even manage the capacities for peak traffic situations via edge caching, help manage metering, scrubbing and shaping the genuine traffic enriching user experience to name few..
• Application CDNs, on the other hand predominantly focus on DNS, caching at the edge, load balancing at the edge, even running micro code at the edge, monitoring the usage and encrypt dynamic content that requires edge to forward the request to origins for database access, SSL tokens for session validations of subscribers, metering of their usage, rerouting the network in case of disaster to alternate sites / sources etc.
• ISP / IXP CDNs are positioned to reduce the cost of bandwidth and aligning the CDN edges with peer exchanges where most of ISPs interconnect. The local content thus does not traverse across globe and handled at the local NIXIs/IXPs to reach out to other CDN pops of CP/OTTs reducing latency and thus provide cost benefit. As mentioned in my earlier article of Internet peering, the sub sea fibre’s that carry more than 98% of global internet traffic across continents thus get relief from offloading local traffic locally. Most of the CDN PoPs thus might reside inside the `internal service providers network and even in their datacenters besides the CPEs peering with ISPs and IXPs enabling the content offloads.

Key Benefits of CDN

• Performance - CDN acts as an intermediary between the origin and the end user spread geographically, deliver fast, quality web experiences to all their end users; no matter what location, browser, device, or network they’re connecting from. The same content is now enabled for simultaneously access making more and more users to take advantage of the same thus increasing the reach.
• Cost saving - the major benefit to stakeholders of CDN is reduced cost of internet bandwidth, reduced footprint of hardware and simplified manageability and operations at the distant edges.
• Availability and Reliability– with cached content and distributed delivery via edge nodes the redundancy is built in by design, When traffic loads peak at millions of requests per second, even the most powerful origin servers would be put to the test with the highly distributed architecture and massive server platforms can absorb tens of terabytes of traffic and make it possible for content providers to stay available to larger user bases than otherwise possible.
• Security - Increased protection – Proxies, Web application firewalls, DDoS mitigation, SSL certificates services offered on the CDN for protecting the Source Nodes from direct attacks and protect content providers and users by mitigating against a wide array of attacks without malicious entities ever compromising delivery and availability. Since CDN is fronting the customer traffic, entire the NetFlow traffic patterns are analyzed and scrubbed inline.
• Intelligence – all CDN providers manage vast amounts of metadata about end user connectivity, device types and can provide critical, actionable insights, and intelligence into the user base of CDN customers, this information becomes vital on positioning the services and structuring the content effectively.
• Enablement – CDN providers offer self-service tools (ex. network security tools, application performance monitoring and management tools, live streaming tools etc to enable the customers with capabilities that help build capabilities and manage their workloads on their own.

Today, CDNs serve a large portion of the Internet content going beyond the static workloads to dynamic objects such as media files, software, story board documents, e-commerce applications, live streaming media, on-demand streaming media, and social media sites to name the few. Apart from increasing their point of presence (POP) in different geographies and active partnering with IXPs and ISPs, CDN providers have ventured in the web security domain with DDoS protection and web application firewalls (WAF), and WAN optimization for fostering the bouquet of bundled services. Natively all CDN edge servers are constantly running probes against edge and the origin servers to optimize the paths and paring along with DNS updates.

From the user experience perspective, the CDNs are making more sense since the end devices that consumes most of the newer content such as e-Commerce, Digital media, Gaming and Social Network are Smart phones, Tablets and Televisions. This truly has changed the rules of the game and bundling of security cover along with content.

Further, the CDNs are evolving and few nice-to-have features are becoming need-to-have essentials, such as..

• Wrapping digital rights (DRMs) becoming the core deliverables of the CDN Audio & Video usecases. For the content providers if they don’t choose the CDN provider wisely the user expectations and actual delivery might widen the perception and switching to another provider might become a reality. The caching, optimization (of bit rates for video workloads) and security are the now the key tenets beside the compression, coverage (number of POPs) and congestion challenges they deal with.
• The dashboards, API gateways and integrations with APM tools are standing on the edge as differentiators whereas the distributed web and mobile applications with interconnected modules making OPES calls under Open Pluggable Edge Services (OPES) must not break when the CDNs extends their perimeter supporting isolation understanding Server Side Includes (SSI) and Edge side Includes (ESI) for scaling.
• The analytics engine that is tracking the consumption must be able to track the sessions across edges, edge nodes and edge networks of CDN provides as a seamless extension of their own eco system
• Lastly, the cost optimized routing is the new thing from CDN providers to route the traffic via nearest yet cheapest edge server hosted on the public cloud zone and ensure route these calls via peering IXPs or ISPs thus further lowering the internet bandwidth cost.

CDN Challenges..

As high-availability and high performance distributors of content to end-users, CDNs can serve as a great attack surface if compromised, few of these vulnerabilities in CDN networks have left many wondering if the CDNs themselves are vulnerable to a wide variety of cyber-attacks.

In forward loop assaults, a malicious code injected by Malicious customer of CDNs can deliberately manipulate the forwarding process (in the pull mode) to create forwarding loops inside CDN network, this forwarding loop can cause CDN to process one client request repetitively or even indefinitely. The consequent amplification effect allows malicious customers to launch, with little resources and cost, resource-consuming DoS attacks against CDNs impacting all the customers further eating up the capacity.

There are four types of forwarding-loop attacks against CDNs: self-loop, intra-CDN loop, inter-CDN loop and dam flooding and each one has a degree of impact and fatality..

Another vulnerability is The Dynamic Content Attacks, since attackers have learned that a significant blind spot in CDN services are the treatment of dynamic content requests which is not stored but forwarded by CDN to the origin nodes / servers. Attackers can generate attack traffic that contains random parameters in the HTTP GET requests. As designed CDN servers immediately redirect this attack traffic to the origin, expecting the origin’s server to handle the requests assuming this as a legit traffic and thus overflooding origin nodes with these attack requests and they fail to provide online services to legitimate users, creating a denial-of-service situation.

The CloudBleed bug which caused CDN edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. It thus has raised awareness of the potential CDN security issues associated with distributing content and SSL keys. Web and mobile application providers should look at a variety of factors to determine the optimal overlay network solution that meets their requirements. The CDN provider stopped the bug within 44 minutes of finding out about it and fixed the problem completely within 7 hours, that’s encouraging.

Future Unfolding..

CDNs are now starting to offer more than just video delivery; they are focusing on small-object delivery, content management, live event management, mobile video solutions, and other pieces of the ecosystem. Their hope is that they can continue to build their businesses up around doing more than just delivering bits; they really want to take control of the entire ecosystem. Although CDNs are already working to make their platforms more agnostic and flexible at edge so they can deliver video, games, software, small objects, applications, and any other kind of content the market may demand. While that will help the CDNs to evolve, changing what we now know as CDN of today. Dynamic applications, ads, ecommerce, and many other pieces of content are going to start playing a larger role in the future as those components are directly tied into video assets.

CDNs don’t typically have the mentality for software-based services or the skill set to design or cater to the following aspects of growth at scale in networks, devices, video streaming which itself is evolving at a faster pace than ever, few pointer that till help get a bigger picture of the expanding landscape of the digital universe; CDNs must anticipate and align to..

• High capacity, multi-protocol CDNs, advanced web acceleration needs
• Sophisticated transcoding and transcoding in real-time, packaging and DRM as standard features
• 3D, 4K, 8K, Higher bitrates, MPEG-DASH, Multicamera angles, multiscreen social media, Larger file sizes, innovation and scale
• Real time AI driven Content analytics - Generating real-time statistics, projections covering concurrent users, sessions, OS, geographies, total time spent / TLS, unique users, etc. per source
• Smart phones, Media Boxes, Smart TVs, Home Routers/NVRs/Gaming Consoles, laptops and IoT – 5G, LORA extending perimeters (must support for all protocols and connected devices HLS, HDS, HSS, DASH, HTTP, RTMP, RTMPE, RTMPTE, RTSP)
• Containerized, Serverless application architecture that might need executing applets and processing at the edge, return data paths and API / Open architectures / DApps adding to the complexity..

In Summary, The value of content delivery for a given user depends on the size, type of content, location of origin and the whole interconnected path it should traverse. The CDNs have become logical bridge between content and the consumer and carry more than 50% of the internet traffic today, the social media, connected devices, smart phones are all adding up to the need of having faster, secured and reliable delivery of the content and CDNs are fostering to serve the purpose.

As of 2018 the consumer internet traffic routed via CDN is staggering 150Tbps out of which video is more than 50% and increasing. This trend will continue to roll for more than 1000 Tbps ( 100Mn primetime viewers multiplied with 10Mbps per connection in multicast mode with OTT video qualities surpass broadcast levels) in less than a decade thus simplified yet effective routing strategies will help enrich the experience and CDNs will certainly be playing a major role!

In the near future, some CDNs will remain profitable, some will be worth acquiring, and many content owners will be willing to pay more for a service that brings them revenue. The bottom line is, the CDN industry has never been more needed, has never been evolving at this pace and will only continue to evolve until just deliver some bits from one end to another! The game we all are waiting eagerly to watch!