ad placeholder image ad placeholder image

CDN: Content Delivery Networks and IP Addresses

A Content Delivery Network (CDN) is a geographically distributed network of servers that delivers web content to users based on their location. Understanding how CDNs work with IP addresses is essential for website performance, security, and global reach. This comprehensive guide explains CDNs, their relationship with IP addresses, and implementation best practices.

What is a CDN?

A CDN is a network of servers strategically placed around the world to cache and deliver content closer to end users, reducing latency and improving performance.

How CDNs Work

Without CDN: User in Tokyo → Origin server in New York Distance: 10,000+ km Latency: 150-200ms Load: All requests to origin

With CDN: User in Tokyo → CDN edge server in Tokyo Distance: <100 km Latency: 5-20ms Load: Distributed across edge servers Origin: Only cache misses

Request flow: 1. User requests: www.example.com/image.jpg 2. DNS resolves: To nearest CDN edge server IP 3. Edge server: Checks cache 4. If cached: Serves immediately 5. If not cached: Fetches from origin, caches, serves 6. Subsequent requests: Served from cache

Learn more about DNS servers and anycast.

CDN and IP Addresses

Anycast IP Addressing

Traditional unicast: IP: 203.0.113.1 → Single server in one location All users: Connect to same physical server Distance: Varies by user location

CDN anycast: IP: 203.0.113.1 → Announced from multiple locations User in US: Routes to US edge server User in EU: Routes to EU edge server User in Asia: Routes to Asia edge server Same IP: Different physical servers

How anycast works: BGP routing: Announces same IP from multiple locations Network: Routes to topologically nearest server Automatic: No DNS changes needed Failover: Automatic if server fails

DNS-Based Routing

GeoDNS: User location: Detected by DNS resolver IP DNS response: Returns nearest edge server IP Example: - US user: 203.0.113.10 (US edge) - EU user: 198.51.100.20 (EU edge) - Asia user: 192.0.2.30 (Asia edge)

Dynamic DNS: Health checks: Monitor edge server status Load balancing: Distribute across servers Failover: Remove unhealthy servers Real-time: Updates within seconds

IP Address Implications

Shared IPs: CDN edge: Shared by many customers Your site: example.com → 203.0.113.1 Other sites: site2.com, site3.com → 203.0.113.1 SNI: Server Name Indication for SSL

IP changes: Dynamic: CDN IPs may change DNS: Use CNAME, not A record Whitelisting: Use IP ranges, not single IPs Firewall: Allow CDN IP ranges

Origin IP protection: Hide origin: Don't expose origin IP Firewall: Only allow CDN IPs Security: Prevent direct attacks DDoS: CDN absorbs attacks

Benefits of CDNs

1. Performance

Reduced latency: Geographic proximity: Content closer to users Fewer hops: Shorter network path Faster: 50-90% latency reduction Example: - Without CDN: 200ms - With CDN: 20ms - Improvement: 10x faster

Caching: Static content: Images, CSS, JS cached Dynamic: Can cache with rules Hit rate: 80-95% typical Origin load: Reduced by 80-95%

Bandwidth savings: Origin bandwidth: Reduced significantly Cost: Lower bandwidth bills Scalability: Handle traffic spikes Example: 1TB origin → 50GB with CDN

2. Availability

Redundancy: Multiple servers: Distributed globally Failover: Automatic if server fails Uptime: 99.99%+ typical No single point: Of failure

DDoS protection: Distributed: Attack traffic spread Absorption: Large capacity Filtering: Malicious traffic blocked Origin: Protected from attacks

Load distribution: Traffic: Spread across edge servers Spikes: Handled automatically Scalability: Millions of requests Origin: Minimal load

3. Security

DDoS mitigation: Capacity: Terabits per second Scrubbing: Clean traffic Always-on: Continuous protection Cost: Included in CDN

Web Application Firewall (WAF): OWASP Top 10: Protection SQL injection: Blocked XSS: Blocked Custom rules: Configurable

SSL/TLS: Free certificates: Let's Encrypt Managed: Automatic renewal Modern protocols: TLS 1.3 Edge termination: Faster SSL

Origin protection: Hide origin IP: Not publicly exposed Firewall: Only CDN IPs allowed Rate limiting: Prevent abuse Bot protection: Block malicious bots

4. Global Reach

Edge locations: Cloudflare: 300+ locations Akamai: 4,000+ servers AWS CloudFront: 400+ locations Fastly: 70+ locations Coverage: Worldwide

Local presence: Users: Connect to nearby server Latency: Minimal Performance: Consistent globally Compliance: Data locality

Popular CDN Providers

Cloudflare

Features: Free tier: Available Edge locations: 300+ DDoS: Unlimited unmetered SSL: Free DNS: Fast DNS (1.1.1.1) WAF: Available Workers: Edge computing

Pricing: Free: Basic features Pro: $20/month Business: $200/month Enterprise: Custom

Use cases: Small sites: Free tier Medium sites: Pro/Business Large sites: Enterprise Security: Excellent DDoS protection

AWS CloudFront

Features: Integration: AWS services Edge locations: 400+ Lambda@Edge: Edge computing Shield: DDoS protection WAF: Available SSL: Free (ACM)

Pricing: Pay-as-you-go: Per GB transferred First 10TB: $0.085/GB Regional: Varies by region Free tier: 1TB/month (12 months)

Use cases: AWS users: Seamless integration S3: Static site hosting Dynamic: API acceleration Enterprise: Full AWS stack

Fastly

Features: Real-time: Instant purge VCL: Programmable Edge computing: Compute@Edge Streaming: Video delivery Security: WAF, DDoS

Pricing: Pay-as-you-go: Per GB Enterprise: Custom Higher cost: Premium features

Use cases: Real-time: Instant updates Developers: Programmable edge Streaming: Video/audio Enterprise: Advanced features

Akamai

Features: Largest: Most edge servers Enterprise: Focus Security: Advanced Streaming: Media delivery IoT: Edge platform

Pricing: Enterprise: Custom pricing High cost: Premium service Volume: Discounts available

Use cases: Enterprise: Large companies Media: Streaming services E-commerce: High traffic Security: Advanced needs

Other Providers

KeyCDN: Affordable: Low cost Pay-as-you-go: $0.04/GB Simple: Easy setup Good: Small to medium sites

BunnyCDN: Cheap: $0.01/GB Fast: Good performance Simple: Easy to use Value: Best price/performance

StackPath: Security: Focus on security Edge computing: Available WAF: Included CDN: Plus security

CDN Implementation

DNS Configuration

CNAME setup: ```

Traditional A record (don't use with CDN)

www.example.com. A 203.0.113.1

CDN CNAME (recommended)

www.example.com. CNAME example.cdn.com.

Apex domain (use ALIAS or ANAME)

example.com. ALIAS example.cdn.com. ```

Cloudflare (proxy mode): ```

Orange cloud (proxied through Cloudflare)

www.example.com. A 203.0.113.1 [Proxied]

Cloudflare returns their edge IPs

Traffic routes through Cloudflare CDN

```

Origin Configuration

Allow CDN IPs: ```bash

Firewall: Only allow CDN IPs

Cloudflare IP ranges

iptables -A INPUT -p tcp --dport 80 -s 173.245.48.0/20 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -s 173.245.48.0/20 -j ACCEPT

Block all other IPs

iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A INPUT -p tcp --dport 443 -j DROP ```

Origin headers: ```

Nginx: Restore real client IP

set_real_ip_from 173.245.48.0/20; # Cloudflare range real_ip_header CF-Connecting-IP;

Apache

RemoteIPHeader CF-Connecting-IP RemoteIPTrustedProxy 173.245.48.0/20 ```

Origin protection: 1. Hide origin IP 2. Firewall: Only CDN IPs 3. Rate limiting: At origin 4. Authentication: For sensitive endpoints

SSL/TLS Configuration

SSL modes: Off: No encryption (not recommended) Flexible: Browser → CDN (encrypted), CDN → Origin (unencrypted) Full: Browser → CDN → Origin (encrypted, self-signed OK) Full (strict): Browser → CDN → Origin (encrypted, valid cert required)

Best practice: Mode: Full (strict) Origin cert: Valid SSL certificate Edge cert: Managed by CDN Protocols: TLS 1.2, TLS 1.3 HSTS: Enable

Cache Configuration

Cache rules: ``` Static content: Cache aggressively - Images: 1 year - CSS/JS: 1 year (versioned) - Fonts: 1 year

Dynamic content: Cache with rules - HTML: 1 hour - 1 day - API: Vary by endpoint - User-specific: Don't cache

Never cache: - Admin pages - Checkout process - User dashboards - API with auth ```

Cache headers: ```

Long cache for static assets

Cache-Control: public, max-age=31536000, immutable

Short cache for HTML

Cache-Control: public, max-age=3600

No cache for dynamic

Cache-Control: no-cache, no-store, must-revalidate

CDN-specific

CDN-Cache-Control: max-age=86400 ```

Purge/invalidate: Full purge: Clear all cache URL purge: Clear specific URL Tag purge: Clear by cache tag Wildcard: Clear pattern

CDN Best Practices

Performance

1. Cache everything possible: Static: Images, CSS, JS, fonts Semi-static: HTML with short TTL API: Cache with vary headers Versioning: Use query strings or hashes

2. Optimize cache hit rate: Consistent URLs: Avoid unnecessary variations Query strings: Normalize or ignore Cookies: Don't set on static content Vary: Minimize vary headers

3. Use compression: Gzip: Text content Brotli: Better compression Images: WebP, AVIF Minification: CSS, JS

4. HTTP/2 and HTTP/3: Enable: Modern protocols Multiplexing: Multiple requests Server push: Proactive sending QUIC: HTTP/3 for faster connections

Security

1. Hide origin IP: DNS: Use CNAME to CDN Firewall: Block direct access Subdomains: All through CDN Monitoring: Watch for leaks

2. Configure WAF: OWASP: Enable protections Rate limiting: Prevent abuse Geo-blocking: Block countries if needed Custom rules: For your application

3. SSL best practices: Mode: Full (strict) Protocols: TLS 1.2+ HSTS: Enable with preload Certificate: Valid and trusted

4. DDoS protection: Always-on: Enable protection Rate limiting: Configure limits Challenge: CAPTCHA for suspicious Monitor: Watch for attacks

Cost Optimization

1. Reduce bandwidth: Compression: Enable gzip/brotli Image optimization: Compress images Caching: Maximize cache hit rate Lazy loading: Load on demand

2. Choose right tier: Traffic: Estimate monthly Features: What you need Cost: Compare providers Free tier: Use if eligible

3. Monitor usage: Analytics: Track bandwidth Alerts: Set usage alerts Optimize: Reduce unnecessary traffic Review: Monthly cost review

Troubleshooting CDN Issues

Cache Issues

Stale content: Problem: Old content served Solution: Purge cache Prevention: Proper cache headers Versioning: Use for static assets

Cache miss: Problem: Low hit rate Cause: Varying URLs, cookies Solution: Normalize URLs Fix: Remove unnecessary cookies

SSL/TLS Issues

Mixed content: Problem: HTTP resources on HTTPS page Solution: Use HTTPS for all resources Fix: Update URLs to HTTPS Automatic: Enable HTTPS rewrite

Certificate errors: Problem: Invalid certificate Cause: Misconfiguration Solution: Check SSL mode Fix: Install valid origin certificate

Performance Issues

Slow first load: Cause: Cache miss, origin slow Solution: Warm cache Optimize: Origin performance Prefetch: Popular content

Geographic issues: Problem: Slow in certain regions Cause: No nearby edge server Solution: Choose CDN with coverage Alternative: Multi-CDN

Advanced CDN Features

Edge Computing

Cloudflare Workers: ```javascript // Modify response at edge addEventListener('fetch', event => { event.respondWith(handleRequest(event.request)) })

async function handleRequest(request) { const response = await fetch(request) const newHeaders = new Headers(response.headers) newHeaders.set('X-Custom-Header', 'value') return new Response(response.body, { status: response.status, headers: newHeaders }) } ```

Lambda@Edge: javascript // AWS CloudFront edge function exports.handler = async (event) => { const request = event.Records[0].cf.request // Modify request request.headers['x-custom-header'] = [{ key: 'X-Custom-Header', value: 'value' }] return request }

Image Optimization

Automatic optimization: Format: WebP, AVIF Resize: On-the-fly Compression: Automatic Lazy loading: Built-in

Example (Cloudflare): Original: https://example.com/image.jpg Optimized: https://example.com/cdn-cgi/image/width=800,format=auto/image.jpg

Video Streaming

Adaptive bitrate: HLS: HTTP Live Streaming DASH: Dynamic Adaptive Streaming Quality: Adjusts to bandwidth CDN: Delivers segments

Live streaming: Ingest: Push to CDN Transcode: Multiple qualities Distribute: Global delivery Latency: Low latency options

Conclusion

CDNs significantly improve website performance, security, and availability by distributing content globally and serving it from edge servers close to users. Understanding how CDNs work with IP addresses, proper configuration, and best practices ensures optimal performance and security. Whether using free tiers or enterprise solutions, CDNs are essential for modern web applications.

Related Articles

Infrastructure

Performance

Security

Explore More

Key takeaways: - CDN: Distributed network of edge servers - Anycast: Same IP, multiple locations - Performance: 50-90% latency reduction - Caching: Reduces origin load by 80-95% - Security: DDoS protection, WAF, SSL - Global: Serve users from nearby servers - Configuration: Use CNAME, not A records - Origin protection: Hide origin IP, firewall CDN IPs - SSL: Use Full (strict) mode - Cache: Static content aggressively - Providers: Cloudflare, AWS, Fastly, Akamai - Cost: Free tiers available

Bottom line: Implement a CDN to improve website performance, security, and global reach. Use CNAME DNS records to point to the CDN, configure proper SSL/TLS (Full strict mode), cache static content aggressively, and protect your origin server by only allowing CDN IP ranges. Popular options include Cloudflare (free tier available), AWS CloudFront (AWS integration), and Fastly (real-time features). CDNs provide DDoS protection, reduce latency by 50-90%, and decrease origin server load by 80-95%.

ad placeholder image ad placeholder image
Three funny piglies - an illustration ippigly.com