CDN & Edge Caching
Edge nodes, origin shield, cache-control headers, purge APIs
A Content Delivery Network (CDN) is a geographically distributed network of edge nodes (Points of Presence, PoPs) that cache content close to end users, reducing origin server load and cutting latency from hundreds of milliseconds to single digits. Cloudflare operates 300+ PoPs; Akamai operates 4,000+; AWS CloudFront integrates with S3, ALB, and Lambda@Edge for dynamic content. The origin shield pattern adds a centralized caching layer between edge nodes and origin, collapsing cache-miss traffic from thousands of PoPs into a single origin request.
Key Points
- Edge nodes cache static assets (JS, CSS, images, video) and increasingly dynamic content — CDN hit rates above 90% are achievable for most media/content sites.
- Cache-Control headers: `max-age=31536000, immutable` for content-hashed assets; `no-store` for private data; `s-maxage` overrides `max-age` for CDN only.
- Origin shield: a regional super-PoP between edge nodes and origin — dramatically reduces origin load on cache misses for high-traffic assets.
- Purge APIs: programmatically invalidate cached content on deploy — Cloudflare purge by tag, Fastly purge by surrogate key, CloudFront creates invalidation requests.
- Edge computing: Cloudflare Workers, Fastly Compute@Edge, Lambda@Edge run code at the edge — handle authentication, A/B testing, and personalization without round-tripping to origin.
- CDN for API acceleration: route API traffic through CDN for DDoS protection, geographic routing, and TLS termination at edge — Cloudflare API Shield adds bot protection.
- Vary header: instructs CDN to cache separate copies for different request headers (e.g., `Vary: Accept-Encoding`) — misuse causes cache fragmentation.
- Prefetch and preconnect: `<link rel="preconnect">` establishes CDN connections early; `rel="prefetch"` warms cache for next-page resources.
Real-World Example
Netflix's Open Connect CDN delivers 15% of all North American internet traffic. They co-locate purpose-built appliances inside ISPs, serving 99%+ of traffic without hitting Netflix origin servers. Cache hit rate exceeds 95% for their content library of 17,000+ titles.