Users in Australia complain your site is slow. Server is in the US. "Just add a CDN."
What is a CDN, and why does it help?
What is a CDN?
Content Delivery Network: geographically distributed reverse proxy servers that cache and serve content closer to users.
- Reverse proxy: Sits between users and origin, forwards requests
- Distributed: 200+ locations worldwide
- Cache: Stores copies of files for faster delivery
Warehouses for content. Instead of shipping from one central warehouse (origin), stock items near major cities (edges).
CDN vs Web Host vs Reverse Proxy
| Component | Compute | Store | Purpose |
|---|---|---|---|
| Web Host | Yes | Yes | Runs application, executes code |
| CDN | No* | Yes | Caches static files, reduces latency |
| Reverse Proxy | No | Sometimes | Forwards requests, load balancing, SSL |
*Modern CDNs adding edge compute (Cloudflare Workers, Lambda@Edge)
Key: CDN doesn't replace your host. It sits in front, handling content delivery. Origin focuses on application logic.
The Core Problem: Physics
You cannot beat the speed of light.
Light travels ~200,000 km/s in fiber. Slow when users are 15,000 km away.
| Route | Distance | Min Round Trip |
|---|---|---|
| SF ↔ NY | 4,000 km | 40ms |
| London ↔ Sydney | 17,000 km | 170ms |
| NY ↔ Tokyo | 11,000 km | 110ms |
Add routing, congestion, processing? Multiply by 2-3x.
Server in Hong Kong. Europe user: 100ms per round trip. Need 6 round trips (TCP + TLS + HTTP). 6 × 100ms = 600ms network overhead. Before app responds.
CDN solution: Serve from London edge (10ms away, not 100ms).
Why CDN?
1. Performance
Can't make light faster. Reduce distance it travels.
WITHOUT CDN (Europe → Australia):
TCP + TLS + HTTP: 6 × 100ms = 600ms
WITH CDN (Europe → nearby edge):
TCP + TLS + HTTP: 6 × 20ms = 120ms (cache miss)
Cached: 40ms (93% faster)Why: TCP/TLS handshake at nearby edge (20ms). Edge caches content. Subsequent requests never hit origin.
2. Security
DDoS Protection:
- Origin: 10 Gbps, one location
- CDN: 100+ Tbps, 200+ locations
- 100 Gbps attack distributed = 500 Mbps per edge = absorbed
Edge filtering: Rate limiting, WAF rules, bot detection at edge. Attack traffic blocked before reaching origin.
1M attack req/s → edge
├─ 900K blocked (rate limit)
├─ 50K blocked (WAF)
├─ 40K blocked (bot detection)
└─ 10K legitimate → origin
Origin sees: 10K/s (manageable)
Without CDN: 1M/s (dead)3. Availability
No single point of failure.
- Without CDN: All users → one origin. Origin down = site down.
- With CDN: Users → 200+ edges. One edge fails → route to next. Origin down → cached content serves.
What Gets Cached?
Cache: JS, CSS, images, videos, fonts, static HTML.
Don't cache: User feeds, API responses, real-time data, personalized content.
Rule: Same for everyone = cache it. Different per user = don't.
Key Takeaways
- CDN = distributed reverse proxy with caching
- Physics: distance = latency. CDNs reduce distance.
- 93% latency reduction for cached content
- DDoS absorption + edge filtering
- No single point of failure
Next: Part 2
How CDNs actually work:
- Multi-tier architecture (child → parent → origin)
- Edge server selection (DNS, Anycast)
- Pull vs Push caching
- Request flow