Home / Courses / Module 4 / CDNs & Edge Computing

CDNs & Edge Computing

A Content Delivery Network (CDN) is a geographically distributed system of proxy servers that cache and serve content from locations physically closer to end users. CDNs reduce latency, offload origin traffic, and improve availability for static and dynamic content at global scale.

๐Ÿงช Start Guided Lab โ†’ ๐Ÿ“ Chapter Quiz โ†’

How a CDN Works

When a user requests a resource, DNS resolves the domain to the nearest CDN Point of Presence (PoP). If the PoP has the content cached, it serves it directly (cache hit). If not (cache miss), it fetches from the origin server, caches it, and then serves the user.

User DNS / GSLB Edge PoP (Nearest to user) Edge PoP (Other region) Origin Shield (Mid-tier cache) Origin Server 1. DNS lookup 2. Resolve to nearest PoP 3. Request Miss Fetch origin

PoP Architecture

A Point of Presence typically consists of:

  • Edge servers: Serve cached content and terminate TLS connections.
  • Load balancers: Distribute traffic across edge servers within the PoP.
  • Cache storage: SSDs and memory for storing cached content.
  • Health checkers: Monitor origin health and route around failures.

Major CDN providers operate hundreds of PoPs worldwide. Cloudflare has 300+ PoPs, AWS CloudFront has 450+ edge locations, and Akamai has 4,000+ PoPs.

Cache Hierarchies

Two-Tier Cache

  • Edge PoP hits its local cache first.
  • On miss, fetches directly from origin.
  • Simple but causes "cache stampede" on origin when many PoPs miss simultaneously.

Three-Tier Cache (Origin Shield)

  • Edge PoP misses -> fetches from a central "shield" cache.
  • Shield cache misses -> fetches from origin.
  • Reduces origin load dramatically: origin only sees one request per object across all PoPs.

Cache Control

CDN behavior is controlled through HTTP cache headers:

Cache-Control: public, max-age=86400, s-maxage=604800 # public -- CDN is allowed to cache # max-age -- Browser cache lifetime (1 day) # s-maxage -- CDN cache lifetime (7 days) Cache-Control: private, no-store # CDN must NOT cache; only the end-user browser may cache Vary: Accept-Encoding, Accept-Language # Cache separate versions for each combination of these headers

Cache Invalidation Strategies

  • TTL-based expiry: Content expires after a set time. Simple but stale content may be served until TTL expires.
  • Purge API: Programmatically invalidate specific URLs or cache tags on the CDN.
  • Cache tagging / surrogate keys: Tag cached objects with labels (e.g., "product-123"). Purge all objects with a tag in one API call.
  • Versioned URLs: Append a hash or version to the URL (e.g., app.a3f8c2.js). Change the URL when content changes. Old versions remain cached harmlessly.

What to Cache on a CDN

Content TypeCDN CachingNotes
Static assets (JS, CSS, images)Aggressively cacheLong TTL, versioned URLs
HTML pagesCache with short TTL or stale-while-revalidateBalance freshness and speed
API responsesCache GET requests for read-heavy endpointsVary on auth headers carefully
Video / large mediaCache at edgeUse range requests for streaming
Personalized contentDo NOT cache at CDNUse Cache-Control: private

Edge Computing

Edge computing moves computation from a central origin to the edge PoPs. Instead of just caching static content, edge nodes can execute logic:

  • Cloudflare Workers: JavaScript/WASM code running at each of 300+ PoPs.
  • AWS Lambda@Edge / CloudFront Functions: Functions triggered on CloudFront events (viewer request, origin request, etc.).
  • Fastly Compute: WASM-based edge compute on Fastly's network.
  • Vercel Edge Functions: Deployed globally, ideal for Next.js middleware.

Edge Use Cases

  • A/B testing: Route users to different content variants at the edge without hitting the origin.
  • Authentication / token validation: Validate JWTs at the edge, rejecting unauthorized requests before they reach the backend.
  • Geo-based routing: Serve country-specific content or redirect based on the user's location.
  • Request transformation: Rewrite headers, normalize URLs, or add security headers at the edge.
  • Bot detection: Analyze traffic patterns and block bots at the edge.
  • Image optimization: Resize, compress, and convert image formats on the fly at the edge.

CDN Security

  • DDoS mitigation: CDN absorbs volumetric attacks across its distributed network.
  • Web Application Firewall (WAF): Filter malicious requests (SQL injection, XSS) at the edge.
  • TLS termination: CDN handles TLS, reducing CPU load on origin servers.
  • Origin cloaking: Hide the origin server's IP address. All traffic enters through the CDN.
  • Signed URLs: Restrict access to content using time-limited, signed URLs for premium content.

Key Takeaways

  • CDNs reduce latency by serving content from the nearest edge location to the user.
  • Use origin shields to protect the origin from cache stampedes across many PoPs.
  • Control caching behavior with HTTP Cache-Control headers and versioned asset URLs.
  • Edge computing extends CDNs beyond caching: execute logic (auth, A/B tests, geo-routing) at the edge.
  • CDNs provide security benefits: DDoS absorption, WAF, TLS termination, and origin cloaking.

Chapter Check-Up

Quick quiz to reinforce what you just learned.

๐Ÿงช

Practice What You Learned

Build a CDN-backed system with edge caching and DNS routing in our guided lab.

Start Guided Lab โ†’