What is Content Delivery Network (CDN) Architecture and How Does Anycast Routing Work?
100 to 200ms (cross-continent) to 10 to 25ms (local edge), while protecting origin servers from traffic spikes and attacks.Anycast Routing
Anycast is a routing technique where multiple servers advertise the same IP address from different physical locations. When a user sends a request to that IP, the Internet routing infrastructure automatically directs it to the topologically nearest server. The routing decision happens at the network layer via BGP (Border Gateway Protocol, the protocol that determines paths between networks), not based on geographic distance but on network topology and routing policies. This means the nearest server is the one with the fewest network hops or best peering, which usually correlates with lowest latency.
Anycast provides automatic failover: if a PoP fails, BGP simply withdraws its routes and traffic automatically shifts to the next nearest healthy PoP within seconds, with no DNS changes or client intervention required. This is more resilient than DNS based failover which depends on TTL (Time To Live) expiration and client caching. Modern CDNs operate at massive scale, with networks spanning 150+ PoPs and 100+ Tbps (terabits per second) of egress capacity.
Hierarchical Caching
CDNs use hierarchical caching with multiple tiers to maximize efficiency. The typical hierarchy flows from edge PoP to regional mid tier (also called origin shield) to the origin server. When a user requests content, the edge PoP checks its local cache first. On a cache miss, instead of fetching directly from origin, it queries the regional mid tier. If the mid tier has the content, it returns it without touching origin. Only if both edge and mid tier miss does the request reach origin.
This hierarchy dramatically reduces origin load. Consider 100 edge PoPs worldwide: without a mid tier, a cache miss at each would trigger 100 origin requests. With regional mid tiers serving groups of PoPs, a miss collapses to perhaps 5 mid tier requests, and if one mid tier already has the content, it collapses to 1. The mid tier also absorbs thundering herd effects (many simultaneous requests for the same uncached content) before they reach origin.
Network Peering
CDNs heavily peer at IXPs (Internet Exchange Points, physical locations where networks connect to exchange traffic directly). Direct peering bypasses expensive transit providers and reduces latency by shortening the network path. A CDN might maintain 5,000+ interconnections with ISPs (Internet Service Providers) and last mile networks. This means when a user on a specific ISP requests content, the response often travels directly from the CDN PoP to the ISP without traversing intermediate networks.
Beyond caching, CDNs provide security functions at the edge including DDoS absorption (Distributed Denial of Service, attacks that flood servers with traffic), WAF protection (Web Application Firewall, rules that block malicious requests), and bot mitigation. The distributed nature of anycast helps absorb volumetric attacks by spreading traffic across many sites rather than concentrating it at a single location.