CDN: Content Delivery Networks and IP Addresses

A Content Delivery Network (CDN) is a geographically distributed network of servers that delivers web content to users based on their location. Understanding how CDNs work with IP addresses is essential for website performance, security, and global reach. This comprehensive guide explains CDNs, their relationship with IP addresses, and implementation best practices.

What is a CDN?

A CDN is a network of servers strategically placed around the world to cache and deliver content closer to end users, reducing latency and improving performance.

How CDNs Work

Without CDN:

User in Tokyo → Origin server in New York
Distance: 10,000+ km
Latency: 150-200ms
Load: All requests to origin

With CDN:

User in Tokyo → CDN edge server in Tokyo
Distance: <100 km
Latency: 5-20ms
Load: Distributed across edge servers
Origin: Only cache misses

Request flow:

1. User requests: www.example.com/image.jpg
2. DNS resolves: To nearest CDN edge server IP
3. Edge server: Checks cache
4. If cached: Serves immediately
5. If not cached: Fetches from origin, caches, serves
6. Subsequent requests: Served from cache

Learn more about DNS servers and anycast.

CDN and IP Addresses

Anycast IP Addressing

Traditional unicast:

IP: 203.0.113.1 → Single server in one location
All users: Connect to same physical server
Distance: Varies by user location

CDN anycast:

IP: 203.0.113.1 → Announced from multiple locations
User in US: Routes to US edge server
User in EU: Routes to EU edge server
User in Asia: Routes to Asia edge server
Same IP: Different physical servers

How anycast works:

BGP routing: Announces same IP from multiple locations
Network: Routes to topologically nearest server
Automatic: No DNS changes needed
Failover: Automatic if server fails

DNS-Based Routing

GeoDNS:

User location: Detected by DNS resolver IP
DNS response: Returns nearest edge server IP
Example:
- US user: 203.0.113.10 (US edge)
- EU user: 198.51.100.20 (EU edge)
- Asia user: 192.0.2.30 (Asia edge)

Dynamic DNS:

Health checks: Monitor edge server status
Load balancing: Distribute across servers
Failover: Remove unhealthy servers
Real-time: Updates within seconds

IP Address Implications

Shared IPs:

CDN edge: Shared by many customers
Your site: example.com → 203.0.113.1
Other sites: site2.com, site3.com → 203.0.113.1
SNI: Server Name Indication for SSL

IP changes:

Dynamic: CDN IPs may change
DNS: Use CNAME, not A record
Whitelisting: Use IP ranges, not single IPs
Firewall: Allow CDN IP ranges

Origin IP protection:

Hide origin: Don't expose origin IP
Firewall: Only allow CDN IPs
Security: Prevent direct attacks
DDoS: CDN absorbs attacks

Benefits of CDNs

1. Performance

Reduced latency:

Geographic proximity: Content closer to users
Fewer hops: Shorter network path
Faster: 50-90% latency reduction
Example:
- Without CDN: 200ms
- With CDN: 20ms
- Improvement: 10x faster

Caching:

Static content: Images, CSS, JS cached
Dynamic: Can cache with rules
Hit rate: 80-95% typical
Origin load: Reduced by 80-95%

Bandwidth savings:

Origin bandwidth: Reduced significantly
Cost: Lower bandwidth bills
Scalability: Handle traffic spikes
Example: 1TB origin → 50GB with CDN

2. Availability

Redundancy:

Multiple servers: Distributed globally
Failover: Automatic if server fails
Uptime: 99.99%+ typical
No single point: Of failure

DDoS protection:

Distributed: Attack traffic spread
Absorption: Large capacity
Filtering: Malicious traffic blocked
Origin: Protected from attacks

Load distribution:

Traffic: Spread across edge servers
Spikes: Handled automatically
Scalability: Millions of requests
Origin: Minimal load

3. Security

DDoS mitigation:

Capacity: Terabits per second
Scrubbing: Clean traffic
Always-on: Continuous protection
Cost: Included in CDN

Web Application Firewall (WAF):

OWASP Top 10: Protection
SQL injection: Blocked
XSS: Blocked
Custom rules: Configurable

SSL/TLS:

Free certificates: Let's Encrypt
Managed: Automatic renewal
Modern protocols: TLS 1.3
Edge termination: Faster SSL

Origin protection:

Hide origin IP: Not publicly exposed
Firewall: Only CDN IPs allowed
Rate limiting: Prevent abuse
Bot protection: Block malicious bots

4. Global Reach

Edge locations:

Cloudflare: 300+ locations
Akamai: 4,000+ servers
AWS CloudFront: 400+ locations
Fastly: 70+ locations
Coverage: Worldwide

Local presence:

Users: Connect to nearby server
Latency: Minimal
Performance: Consistent globally
Compliance: Data locality

Popular CDN Providers

Cloudflare

Features:

Free tier: Available
Edge locations: 300+
DDoS: Unlimited unmetered
SSL: Free
DNS: Fast DNS (1.1.1.1)
WAF: Available
Workers: Edge computing

Pricing:

Free: Basic features
Pro: $20/month
Business: $200/month
Enterprise: Custom

Use cases:

Small sites: Free tier
Medium sites: Pro/Business
Large sites: Enterprise
Security: Excellent DDoS protection

AWS CloudFront

Features:

Integration: AWS services
Edge locations: 400+
Lambda@Edge: Edge computing
Shield: DDoS protection
WAF: Available
SSL: Free (ACM)

Pricing:

Pay-as-you-go: Per GB transferred
First 10TB: $0.085/GB
Regional: Varies by region
Free tier: 1TB/month (12 months)

Use cases:

AWS users: Seamless integration
S3: Static site hosting
Dynamic: API acceleration
Enterprise: Full AWS stack

Fastly

Features:

Real-time: Instant purge
VCL: Programmable
Edge computing: Compute@Edge
Streaming: Video delivery
Security: WAF, DDoS

Pricing:

Pay-as-you-go: Per GB
Enterprise: Custom
Higher cost: Premium features

Use cases:

Real-time: Instant updates
Developers: Programmable edge
Streaming: Video/audio
Enterprise: Advanced features

Akamai

Features:

Largest: Most edge servers
Enterprise: Focus
Security: Advanced
Streaming: Media delivery
IoT: Edge platform

Pricing:

Enterprise: Custom pricing
High cost: Premium service
Volume: Discounts available

Use cases:

Enterprise: Large companies
Media: Streaming services
E-commerce: High traffic
Security: Advanced needs

Other Providers

KeyCDN:

Affordable: Low cost
Pay-as-you-go: $0.04/GB
Simple: Easy setup
Good: Small to medium sites

BunnyCDN:

Cheap: $0.01/GB
Fast: Good performance
Simple: Easy to use
Value: Best price/performance

StackPath:

Security: Focus on security
Edge computing: Available
WAF: Included
CDN: Plus security

CDN Implementation

DNS Configuration

CNAME setup:

# Traditional A record (don't use with CDN)
www.example.com.  A  203.0.113.1

# CDN CNAME (recommended)
www.example.com.  CNAME  example.cdn.com.

# Apex domain (use ALIAS or ANAME)
example.com.  ALIAS  example.cdn.com.

Cloudflare (proxy mode):

# Orange cloud (proxied through Cloudflare)
www.example.com.  A  203.0.113.1  [Proxied]

# Cloudflare returns their edge IPs
# Traffic routes through Cloudflare CDN

Origin Configuration

Allow CDN IPs:

# Firewall: Only allow CDN IPs
# Cloudflare IP ranges
iptables -A INPUT -p tcp --dport 80 -s 173.245.48.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 173.245.48.0/20 -j ACCEPT

# Block all other IPs
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Origin headers:

# Nginx: Restore real client IP
set_real_ip_from 173.245.48.0/20;  # Cloudflare range
real_ip_header CF-Connecting-IP;

# Apache
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20

Origin protection:

1. Hide origin IP
2. Firewall: Only CDN IPs
3. Rate limiting: At origin
4. Authentication: For sensitive endpoints

SSL/TLS Configuration

SSL modes:

Off: No encryption (not recommended)
Flexible: Browser → CDN (encrypted), CDN → Origin (unencrypted)
Full: Browser → CDN → Origin (encrypted, self-signed OK)
Full (strict): Browser → CDN → Origin (encrypted, valid cert required)

Best practice:

Mode: Full (strict)
Origin cert: Valid SSL certificate
Edge cert: Managed by CDN
Protocols: TLS 1.2, TLS 1.3
HSTS: Enable

Cache Configuration

Cache rules:

Static content: Cache aggressively
- Images: 1 year
- CSS/JS: 1 year (versioned)
- Fonts: 1 year

Dynamic content: Cache with rules
- HTML: 1 hour - 1 day
- API: Vary by endpoint
- User-specific: Don't cache

Never cache:
- Admin pages
- Checkout process
- User dashboards
- API with auth

Cache headers:

# Long cache for static assets
Cache-Control: public, max-age=31536000, immutable

# Short cache for HTML
Cache-Control: public, max-age=3600

# No cache for dynamic
Cache-Control: no-cache, no-store, must-revalidate

# CDN-specific
CDN-Cache-Control: max-age=86400

Purge/invalidate:

Full purge: Clear all cache
URL purge: Clear specific URL
Tag purge: Clear by cache tag
Wildcard: Clear pattern

CDN Best Practices

Performance

1. Cache everything possible:

Static: Images, CSS, JS, fonts
Semi-static: HTML with short TTL
API: Cache with vary headers
Versioning: Use query strings or hashes

2. Optimize cache hit rate:

Consistent URLs: Avoid unnecessary variations
Query strings: Normalize or ignore
Cookies: Don't set on static content
Vary: Minimize vary headers

3. Use compression:

Gzip: Text content
Brotli: Better compression
Images: WebP, AVIF
Minification: CSS, JS

4. HTTP/2 and HTTP/3:

Enable: Modern protocols
Multiplexing: Multiple requests
Server push: Proactive sending
QUIC: HTTP/3 for faster connections

Security

1. Hide origin IP:

DNS: Use CNAME to CDN
Firewall: Block direct access
Subdomains: All through CDN
Monitoring: Watch for leaks

2. Configure WAF:

OWASP: Enable protections
Rate limiting: Prevent abuse
Geo-blocking: Block countries if needed
Custom rules: For your application

3. SSL best practices:

Mode: Full (strict)
Protocols: TLS 1.2+
HSTS: Enable with preload
Certificate: Valid and trusted

4. DDoS protection:

Always-on: Enable protection
Rate limiting: Configure limits
Challenge: CAPTCHA for suspicious
Monitor: Watch for attacks

Cost Optimization

1. Reduce bandwidth:

Compression: Enable gzip/brotli
Image optimization: Compress images
Caching: Maximize cache hit rate
Lazy loading: Load on demand

2. Choose right tier:

Traffic: Estimate monthly
Features: What you need
Cost: Compare providers
Free tier: Use if eligible

3. Monitor usage:

Analytics: Track bandwidth
Alerts: Set usage alerts
Optimize: Reduce unnecessary traffic
Review: Monthly cost review

Troubleshooting CDN Issues

Cache Issues

Stale content:

Problem: Old content served
Solution: Purge cache
Prevention: Proper cache headers
Versioning: Use for static assets

Cache miss:

Problem: Low hit rate
Cause: Varying URLs, cookies
Solution: Normalize URLs
Fix: Remove unnecessary cookies

SSL/TLS Issues

Mixed content:

Problem: HTTP resources on HTTPS page
Solution: Use HTTPS for all resources
Fix: Update URLs to HTTPS
Automatic: Enable HTTPS rewrite

Certificate errors:

Problem: Invalid certificate
Cause: Misconfiguration
Solution: Check SSL mode
Fix: Install valid origin certificate

Performance Issues

Slow first load:

Cause: Cache miss, origin slow
Solution: Warm cache
Optimize: Origin performance
Prefetch: Popular content

Geographic issues:

Problem: Slow in certain regions
Cause: No nearby edge server
Solution: Choose CDN with coverage
Alternative: Multi-CDN

Advanced CDN Features

Edge Computing

Cloudflare Workers:

// Modify response at edge
addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  const response = await fetch(request)
  const newHeaders = new Headers(response.headers)
  newHeaders.set('X-Custom-Header', 'value')
  return new Response(response.body, {
    status: response.status,
    headers: newHeaders
  })
}

Lambda@Edge:

// AWS CloudFront edge function
exports.handler = async (event) => {
  const request = event.Records[0].cf.request
  // Modify request
  request.headers['x-custom-header'] = [{
    key: 'X-Custom-Header',
    value: 'value'
  }]
  return request
}

Image Optimization

Automatic optimization:

Format: WebP, AVIF
Resize: On-the-fly
Compression: Automatic
Lazy loading: Built-in

Example (Cloudflare):

Original: https://example.com/image.jpg
Optimized: https://example.com/cdn-cgi/image/width=800,format=auto/image.jpg

Video Streaming

Adaptive bitrate:

HLS: HTTP Live Streaming
DASH: Dynamic Adaptive Streaming
Quality: Adjusts to bandwidth
CDN: Delivers segments

Live streaming:

Ingest: Push to CDN
Transcode: Multiple qualities
Distribute: Global delivery
Latency: Low latency options

Conclusion

CDNs significantly improve website performance, security, and availability by distributing content globally and serving it from edge servers close to users. Understanding how CDNs work with IP addresses, proper configuration, and best practices ensures optimal performance and security. Whether using free tiers or enterprise solutions, CDNs are essential for modern web applications.

Related Articles

Infrastructure

• Load Balancing - Traffic distribution
• Anycast - CDN routing method
• Dedicated IP - Origin server IPs
• DNS Servers - CDN DNS routing

Performance

• Geo IP Location - Geographic routing
• Routing - Network routing
• BGP - CDN routing protocol

Security

• DDoS Attacks - CDN DDoS protection
• SSL/TLS - CDN SSL certificates
• HTTP vs HTTPS - CDN HTTPS
• Firewall Basics - CDN WAF

Explore More

• Enterprise - Enterprise networking hub
• Networking Basics - Essential concepts

Key takeaways: - CDN: Distributed network of edge servers - Anycast: Same IP, multiple locations - Performance: 50-90% latency reduction - Caching: Reduces origin load by 80-95% - Security: DDoS protection, WAF, SSL - Global: Serve users from nearby servers - Configuration: Use CNAME, not A records - Origin protection: Hide origin IP, firewall CDN IPs - SSL: Use Full (strict) mode - Cache: Static content aggressively - Providers: Cloudflare, AWS, Fastly, Akamai - Cost: Free tiers available

Implement a CDN to improve website performance, security, and global reach. Use CNAME DNS records to point to the CDN, configure proper SSL/TLS (Full strict mode), cache static content aggressively, and protect your origin server by only allowing CDN IP ranges. Popular options include Cloudflare (free tier available), AWS CloudFront (AWS integration), and Fastly (real-time features). CDNs provide DDoS protection, reduce latency by 50-90%, and decrease origin server load by 80-95%.