Content Delivery Network
F5® Distributed Cloud Content Delivery Network (CDN) is a geographically distributed set of highly efficient servers that cache and deliver static and dynamic content. The CDN servers are positioned close to end users, and work in concert to optimize delivery to end users.
CDN traffic is globally distributed to all Sites with a CDN Distribution. The CDN Control Plane routes end user requests to a geographically proximate and healthy node.
Support for TLS authentication with policy-based authorization on the CDN Distribution enforces end-to-end security of application traffic.
Origin health is constantly monitored to ensure optimal uptime.
Introduction to CDN
With Distributed Cloud CDN, you have the ability to leverage the Distributed Cloud network to distribute static and dynamic content.
A cache miss occurs when a client device makes a request to the CDN and the CDN cache does not have the requested content.
A cache hit occurs when the CDN cache has the requested content.
Content is delivered with lower Time-To-First-Byte (TTFB) on a cache hit because the CDN can immediately deliver the content to the end user without having to make an origin pull.
An origin pull occurs anytime the CDN server needs to pass a request to the origin server. This typically occurs on a cache miss. On an origin pull, the CDN will cache the content contained in the origin server's response.
Subsequent requests for the same content will result in a cache hit and lower latency for end users.
CDN Features
-
Static and Dynamic Caching to Reduce Latency
"Caching" stores copies of a file in a temporary storage location. Distributed Cloud CDN servers are equipped with high performing storage to reduce the time it takes to retrieve stored content. Examples of cacheable content are CSS, JavaScript, images and video. Because CDN servers are close to end users, a CDN is able to deliver content quicker and reduce latency.
-
End to End Security
Distributed Cloud CDN supports multiple delivery and origin security capabilities. Support for TLS is available from Client to CDN as well as from CDN to Origin.
Domains TLS certificate can be securely hosted with F5 Distributed Cloud’s unique solution called Blindfold and/or integration to external secrets management solutions such as Hashicorp Vault.
-
Global Load Balancing
Global Scale – Optimum DNS-based request routing across global Geo-distributed Data-plane
Geo-based Load-balancing – Matching clients to the closest available edge nodes based on Geo proximity
Resource-based Load-balancing – Matching clients to available edge nodes based on edge node resource consumption policies on network, CPU and storage utilization
Cache Control
When you enable caching in the F5 Distributed Cloud CDN service, the default is to cache your your entire domain and correspondingly to purge the cache of your entire domain. However, you also have the ability to provide more granular cache rules that can define cache policies on a per-asset basis from the same origin, which will let you optimize cache hit ratios based on the ttl of the cache, defining what is cacheable, and more which provides content that is up-to-date in the quickest, most reliable way. Your cache rules and policies can also allow selective deletion of content from the cache so it doesn’t negatively impact site performance.
The CDN service will honor the cache-control
header returned by your origin application. If cache-control
is not returned by your origin application, the CDN service does not consider the response cacheable. If this is not the desired behavior, it is recommended that you set the cache control using the Cache TTL
option in CDN configuration. In case the cache control is set in the application header, the behavior is as follows:
- If the cache TTL is set to
Default Cache TTL
, Configured Cache TTL is applied only if origin is not sending any Cache-control headers. - If the cache TTL is set to
Override Cache TTL
, that directive is applied irrespective of Cache-control header sent by origin.
Set-Cookie Response Header and Cache Control
In case the set-cookie
response header is set by the origin server, then the CDN service treats it as a cache MISS regardless of the cache-control
directive set in origin's response or default/override TTL set on the CDN distribution.
The set-cookie
header indicates that the response pertains to a specific user and should not be cached and served to other users.
Note: In order for CDN service to cache the asset, the following are the required criteria:
- HTTP request methods must be one of
GET
orHEAD
.- HTTP response codes must be one of 200, 206, 301, or 302.
- Response must contain one of the cache directives
cache-control
orexpires
.
Content Revalidation & Purging
In case of content updates in your origin servers, you can force the CDN servers to fetch the updated content using the purge
option in the F5® Distributed Cloud Console (Console). This option enables the CDN service to initiate a purge for all the cache servers. Purging manually does not immediately delete content, but marks content as expired. When expired content is requested, the CDN service performs a HEAD
request to the origin. If the CDN finds that the content time-stamp is not changed, the existing expired entry is marked as active. This prevents a re-fetch from the origin and saves time and bandwidth in redownloading the content.