Networking & Protocols • CDN Architecture & Edge ComputingEasy⏱️ ~3 min
What is Content Delivery Network (CDN) Architecture and How Does Anycast Routing Work?
A Content Delivery Network (CDN) is a geographically distributed system of Points of Presence (PoPs) that cache content close to end users to reduce latency and protect origin servers. When a user requests content, anycast routing automatically directs them to the nearest PoP by advertising the same IP address from multiple locations. Border Gateway Protocol (BGP) determines the topologically closest site based on network hops and routing policies, not geographic distance. Modern CDNs operate at massive scale. One major provider runs 165+ super PoPs with over 120 terabits per second (Tbps) egress capacity and maintains interconnections with 5,500+ last mile networks. Another operates 300+ edge locations globally.
CDNs use hierarchical caching with multiple tiers to maximize efficiency. The typical hierarchy flows from edge PoP to regional mid tier (also called origin shield) to the origin server. This design increases cache hit ratios while protecting origins from thundering herd effects when many users simultaneously request uncached content. Providers heavily peer at Internet Exchange Points (IXPs) to reduce transit costs and improve performance. In major United States metros, typical latency from user to edge PoP ranges from 10 to 25 milliseconds (ms). When a PoP fails, anycast BGP automatically fails over to the next nearest site without requiring DNS changes or client intervention.
Beyond caching, CDNs provide critical security functions including Distributed Denial of Service (DDoS) absorption, Web Application Firewall (WAF) protection, and bot mitigation. They rate limit and filter malicious traffic at the edge before it reaches origin servers. The distributed nature of anycast helps absorb volumetric attacks by spreading traffic across many sites rather than concentrating it at a single location. Global load balancing ensures traffic distributes efficiently across available capacity while maintaining low latency.
💡 Key Takeaways
•Anycast routing advertises identical IP addresses from multiple PoPs, and BGP automatically routes users to the topologically nearest site with seamless failover on outages
•Hierarchical caching flows through edge PoP to regional mid tier to origin, maximizing hit ratios while shielding origins from request floods
•Production systems operate at 120+ Tbps scale with 165+ PoPs and 5,500+ network interconnections, delivering 10 to 25 ms latency in major metros
•Heavy peering at IXPs reduces transit costs and improves last mile performance by avoiding lengthy backbone routes
•Security functions at the edge include DDoS absorption through distributed attack surface, WAF rule enforcement, rate limiting, and bot detection before traffic reaches origins
📌 Examples
Amazon CloudFront operates a global CDN with 300+ edge locations using anycast for automatic failover. When a PoP experiences issues, BGP withdraws routes and traffic shifts to the next nearest location within seconds.
Microsoft Azure CDN maintains a global edge network with rule engines that enforce WAF policies and rate limits at PoPs, blocking attack traffic before it consumes backbone bandwidth or reaches customer origins.
A news site experiencing a traffic spike from a viral article benefits from edge caching: the first request fetches from origin (cache miss with higher latency), but subsequent millions of requests serve directly from edge PoPs at 10 to 25 ms latency instead of 100+ ms round trips to origin data centers.