CDN
Edge caching, origin shield, cache invalidation, Cloudflare, CloudFront
A Content Delivery Network (CDN) distributes content across a global network of edge PoPs (Points of Presence), serving requests from the geographically closest node to reduce latency and origin load. Cloudflare operates 310+ PoPs; AWS CloudFront has 600+ edge locations; Fastly focuses on real-time purging (<1 s globally). CDNs cache static assets (images, JS, CSS), dynamic API responses (with short TTLs), and increasingly run edge compute (Cloudflare Workers, Lambda@Edge) for personalisation and auth at the edge.
Key Points
- Cache-Control directives control CDN caching: `public, max-age=31536000, immutable` for fingerprinted static assets; `no-store` for private/dynamic data; `s-maxage=60` overrides `max-age` for shared caches (CDNs) only.
- Origin shield (CloudFront Origin Shield, Fastly Shielding): a single regional PoP acts as an intermediary between all edge PoPs and the origin — collapses cache misses from 600+ edges to 1 origin request.
- Cache invalidation: CloudFront invalidation API (first 1,000 paths/month free, then $0.005/path) — prefer content-addressable URLs (file.abc123.js) over invalidation to avoid stale content and costs.
- CDN cache hit ratio: target >95% for static assets; measure with `X-Cache: Hit from cloudfront` header; low hit ratios caused by query string variation, cookie variation, or overly granular cache keys.
- Dynamic content caching: CloudFront supports caching API responses with TTL=5 s — cache `GET /products` for 5 seconds to handle 10,000 RPS with only 2,000 origin RPS (5 RPS × 10 edges hitting origin each second).
- Edge compute use cases: A/B testing (split traffic at edge), JWT validation (reject invalid tokens before hitting origin), image resizing on-the-fly (Cloudflare Images, CloudFront + Lambda@Edge), geo-blocking.
- Stale-while-revalidate: serves stale content immediately while asynchronously refreshing the cache — reduces p99 latency spikes during cache expiry, at the cost of briefly serving stale data.
- CDN failover: CloudFront supports multiple origins with origin failover groups — if primary origin returns 5xx for 3 consecutive health checks, CloudFront automatically switches to the secondary origin.
Real-World Example
GitHub serves 99%+ of its static content (git objects, release archives) via Fastly CDN, using real-time cache purging (< 150 ms global propagation) so that release tarballs are available globally within seconds of a push.