SystemOverflow
LearnNetworking & ProtocolsCDN Architecture & Edge Computing3 of 6
Networking & ProtocolsCDN Architecture & Edge ComputingMedium⏱️ ~3 min

What is Edge Computing and How Do Isolates, WebAssembly (WASM), and Container Models Compare?

What Edge Computing Means

Edge computing moves code execution from centralized data centers to CDN nodes (Points of Presence) located near users. Instead of routing every request to origin servers hundreds of milliseconds away, edge nodes execute application logic locally. A user in Tokyo hits a Tokyo PoP that runs authentication, personalization, or A/B test assignment without crossing the Pacific. This eliminates 100-200ms of network latency per request.

Isolation Models

Running untrusted code at the edge requires strong isolation. Two primary models exist: containers and isolates. Containers use OS-level virtualization with separate kernel namespaces, providing strong isolation but requiring 50-500ms cold starts. Isolates use V8 engine instances (the JavaScript runtime) with lightweight memory isolation, achieving 0-5ms cold starts. Isolates share the same process but cannot access each others memory spaces, similar to how browser tabs isolate JavaScript execution.

WebAssembly at the Edge

WebAssembly (WASM) is a binary instruction format that runs in a sandboxed virtual machine. Originally designed for browsers, WASM enables running compiled languages like Rust, Go, or C++ at the edge with near-native performance. WASM modules execute in isolated linear memory spaces, preventing access to host system resources unless explicitly granted. Cold starts are 1-10ms, between containers and isolates. The tradeoff: WASM supports more languages but requires compilation, while isolates support only JavaScript/TypeScript but enable instant deployment.

Security Considerations

Edge execution introduces security attack surfaces. Side-channel attacks (exploiting timing or cache behavior to leak information) like Spectre and Meltdown (CPU vulnerabilities that allow reading protected memory through speculative execution) required architectural changes in isolate runtimes. JWTs (JSON Web Tokens, self-contained authentication tokens with cryptographic signatures) can be validated at the edge without origin roundtrips, but key rotation must propagate to all PoPs within minutes. Edge functions should never store secrets in code; use encrypted environment variables or edge-compatible secret managers with sub-second retrieval latency.

Key Trade-off: Isolates offer 100x faster cold starts than containers but support fewer languages. Choose isolates for JavaScript workloads requiring sub-10ms response times; choose containers or WASM for compute-intensive workloads in compiled languages.
💡 Key Takeaways
Edge computing runs code at CDN PoPs, eliminating 100-200ms network latency to origin servers
Isolates provide 0-5ms cold starts using V8 memory isolation; containers require 50-500ms
WebAssembly enables compiled languages at edge with 1-10ms cold starts and sandboxed execution
Side-channel attacks like Spectre/Meltdown required runtime architecture changes for secure isolation
📌 Interview Tips
1When discussing edge compute, explain the cold start latency tradeoffs: isolates 0-5ms vs containers 50-500ms vs WASM 1-10ms
2Mention that JWT validation at the edge eliminates origin roundtrips but requires fast key rotation propagation
3Discuss how isolates share a process but isolate memory, similar to browser tab isolation model
← Back to CDN Architecture & Edge Computing Overview