Open on desktop

Antimetal's interactive diagrams require a larger screen. Open this page on your laptop or desktop to continue.

Best on desktop

Back to lesson

Content Delivery Network

beginnerCDNNetworking

Networking·30 min read

Content Delivery Network

1Understand the Problem & Establish Design Scope→2High-Level Design→3Deep Dive→4Wrap Up

CDNNetworking

§1Step 2 — High-Level Design

2High-Level Design

Design a CDN from scratch. Understand PoP placement, cache hierarchies, and anycast routing.

System architecture overview

Stage 1 of 4Starting state — the problem to solve

Progressive build — add each component step by step

Connect CDN Edges to Object Storage Directly

For static assets (images, CSS, JS), have CDN edges pull directly from object storage, bypassing the origin server entirely.

What it does

CDN edges connect directly to object storage for static asset delivery. The origin server only handles dynamic API requests; static files never touch it.

Why it matters

Object storage scales infinitely and is designed for high-throughput random reads. Routing static files through your API server wastes compute and adds latency.

Trade-off

Content must be uploaded to object storage before CDN can serve it. For user-generated content, your upload path must write to object storage directly.

Real world

Netflix serves all video content from S3 via CloudFront CDN. GitHub uses Fastly CDN with GitHub Packages as origin storage.

Capacity math

Cloudflare's CDN handles 57M requests/second globally. A single edge PoP can serve 100Gbps+. Object storage scales to exabytes.

In the real world: Netflix serves all video content from S3 via CloudFront CDN. GitHub uses Fastly CDN with GitHub Packages as origin storage.

Add a Redis Cache at the Origin

For dynamic API responses that can't be CDN-cached (personalized data), add Redis at the origin to serve cache hits without hitting the database.

What it does

A Redis cache at the origin serves CDN misses and uncacheable dynamic requests. CDN handles the 90% of traffic that's static; Redis handles dynamic reads.

Why it matters

Without origin-side caching, every CDN miss hits the database. Redis absorbs the miss traffic at sub-millisecond speed.

Trade-off

Two-layer caching (CDN + Redis) adds complexity. Cache invalidation must propagate through both layers — a stale CDN entry may continue serving old data even after Redis is updated.

Real world

Instagram uses CloudFront CDN for media with an Elasticache Redis layer at origin for dynamic feed data.

Capacity math

At 90% CDN hit rate, origin sees 10% of traffic. With Redis caching 80% of origin misses, the database sees only 2% of total requests.

In the real world: Instagram uses CloudFront CDN for media with an Elasticache Redis layer at origin for dynamic feed data.

Add a Global Load Balancer for CDN Origin Failover

At peak load, add a global load balancer in front of multiple origin regions so CDN can failover if one origin region goes down.

What it does

A global load balancer routes CDN origin pulls to the nearest healthy origin region using Anycast routing or latency-based DNS.

Why it matters

A single origin region is a single point of failure. At peak traffic, one region may be overwhelmed. Global LB spreads origin load and provides failover.

Trade-off

Cross-region replication adds cost and latency for writes. Read-heavy workloads benefit most; write-heavy ones must handle replication lag.

Real world

Cloudflare uses Anycast routing to direct CDN origin pulls to the nearest data center. AWS CloudFront supports multi-region origins with origin groups.

Capacity math

Anycast routes a single IP to 200+ PoPs globally. Failover latency is < 30 seconds for DNS-based, near-instant for Anycast.

In the real world: Cloudflare uses Anycast routing to direct CDN origin pulls to the nearest data center. AWS CloudFront supports multi-region origins with origin groups.

Origin Failure: The origin server goes down. CDN edges can still serve cached content — what percentage of requests are served without the origin?

§2Step 3 — Deep Dive

3Deep Dive

CDN edges connect directly to object storage for static asset delivery. The origin server only handles dynamic API requests; static files never touch it.

Strategy	Freshness	Origin load	Latency	Best for	Cost	Ops burden
No cache (Cache-Control: no-store)	Perfect	High	High	Sensitive, personalized data	Low	Low
Short TTL (60s)	Good	Medium	Low	News, scores, near-real-time	Low	Low
Long TTL + cache-busting URLs	Perfect	Very low	Very low	Static assets (JS/CSS/images) ✓	Low	Low
Stale-while-revalidate	Excellent	Low	Very low	API responses, semi-static	Low	Low
Immutable cache	Perfect	Near zero	Very low	Versioned static files ✓	Low	Low

CDN cache strategies — stale-while-revalidate balances freshness and speed.

typescriptCDN — cache-control headers + cache-busting URL strategy

import express from 'express'
import crypto from 'crypto'
import fs from 'fs'

const app = express()

// Static assets: immutable + content hash in filename
// e.g., /static/app.a1b2c3d4.js → Cache-Control: max-age=31536000, immutable
app.use('/static', express.static('public', {
  maxAge: '1y',
  immutable: true,
  etag: false,
}))

// API responses: stale-while-revalidate
app.get('/api/products', (req, res) => {
  res.set('Cache-Control', 'public, max-age=60, stale-while-revalidate=300')
  res.json({ products: [] })
})

// Generate content-hashed asset filename at build time
function hashFile(filePath: string): string {
  const content = fs.readFileSync(filePath)
  const hash = crypto.createHash('md5').update(content).digest('hex').slice(0, 8)
  const ext = filePath.split('.').pop()
  return `app.${hash}.${ext}`
}

Component	Why Add It	Tradeoff
Connect CDN Edges to Object Storage Directly	Object storage scales infinitely and is designed for high-throughput random reads.	Content must be uploaded to object storage before CDN can serve it.
Redis Cache at the Origin	Without origin-side caching, every CDN miss hits the database.	Two-layer caching (CDN + Redis) adds complexity.
Global Load Balancer for CDN Origin Failover	A single origin region is a single point of failure.	Cross-region replication adds cost and latency for writes.

Design decision tradeoffs

Origin Failure

The origin server goes down. CDN edges can still serve cached content — what percentage of requests are served without the origin?

CDN PoP Failure

cdn-1 (a regional PoP) goes down. All traffic in that region loses the cache layer and hits the origin directly. How does the CDN failover traffic to cdn-2 or the origin without user-visible errors?

Viral Content Storm

A viral video causes 50x normal traffic to hit the CDN. Cache hit rate drops as CDN nodes become overwhelmed and evict cached content. How do you handle origin shield, pre-warming, and stale-while-revalidate to protect the origin?

CDN edge nodes cache responses at the network edge, close to users. On a cache miss, the CDN fetches from your origin server and caches the response for future requests.

Cache-Control headers control what and how long the CDN caches: 'max-age=86400' caches for 1 day, 'no-store' bypasses CDN. Static assets (images, JS, CSS) should have long TTLs.

For dynamic content, use 'stale-while-revalidate': serve stale cached content immediately while fetching a fresh copy in the background. This eliminates the latency spike on cache expiry.

§3Step 4 — Wrap Up

4Wrap Up

Decision	Choice	Why
Connect CDN Edges to Object Storage Directly	CDN edges connect directly to object storage for static asset delivery.	Object storage scales infinitely and is designed for high-throughput random reads.
Redis Cache at the Origin	A Redis cache at the origin serves CDN misses and uncacheable dynamic requests.	Without origin-side caching, every CDN miss hits the database.
Global Load Balancer for CDN Origin Failover	A global load balancer routes CDN origin pulls to the nearest healthy origin region using Anycast routing or latency-based DNS.	A single origin region is a single point of failure.

Key design decisions

If the interviewer asks to scale 10×: Push data closer to users. Expand CDN PoPs: target < 50ms RTT for 95% of your user base by adding edge nodes in underserved regions.

10× Target50K RPSwhere your architecture must hold

What's next