Content Delivery Network

Transcript

1. Content Delivery Network 陈乐群 周宇皓 2017.05.16

2. Case Example: Faster Webpage Loading

3. Network Latency • Consider a web server located at Beijing

   • Beijing to Beijing: ~5ms • Beijing to Shanghai: ~35ms • Beijing to Guangzhou: ~50ms • Beijing to Tokyo: ~100ms • Beijing to New York: ~250ms • How to make people all over the world load the webpages amazingly fast? Image: https://en.wikipedia.org/wiki/Content_delivery_network

4. Cache • Store webpages at servers nearby users Image: https://www.creative-artworks.eu/why-use-a-content-delivery-network-cdn/

5. CDN • Store webpages at servers nearby users Image: https://www.cloudflare.com/cdn/

6. CDN • Benefits • reducing bandwidth costs • improving page

   load times • increasing global availability of content • Covers a lot of types of content delivery services • web objects (text, graphics and scripts) • downloadable objects (media files, software, documents) • on-demand streaming media • live streaming media

7. Dynamic Page? • CDN works well with static page •

   CDN servers can simply cache the page • However, it is full of dynamic pages nowadays • Every time you open Zhihu, it is completely different • How can CDN help dynamic pages?

8. Webpage • When you ask a web server to show

   a page • Web server gives you some HTML code • Plain Text, typically small in size • Including content text • Including URL to CSS, Javascript and other resources (images, audios, videos…) • Changes all the time for dynamic pages • Your browser need to fetch all these resources to render the webpage

9. Dynamic Page • Resource files seldom change • Resource files

   are usually large • CDN caches resource files • CDN helps • users load resource files faster • origin reduce bandwidth / hard drive pressure

10. How does it work? How does it know which server

    is near to me?

11. Zhihu, for example • You’ll find lots of interesting domains:

    • *.zhimg.com • static.zhihu.com

12. dig • static.zhihu.com CNAME to static.zhihu.com.w.alikunlun.com • dig @202.120.2.100 static.zhihu.com

    • 121.194.7.211 • 121.194.7.189 • 121.194.7.188 • 121.194.7.171 • dig @114.114.114.114 static.zhihu.com • 120.209.137.181 • 120.192.89.138 • 112.5.251.29 • 211.138.122.235 AS4538 121.194.0.0/15 ERX-CERNET-BKB China Education and Research Network Center, CN AS9808 120.209.0.0/16, 120.192.0.0/10, 112.0.0.0/10 CMNET-GD Guangdong Mobile Communication Co.Ltd., CN

13. dig • dig @114.114.114.114 static.zhihu.com • 120.209.137.181 • 120.192.89.138 •

    112.5.251.29 • 211.138.122.235 AS9808 120.209.0.0/16, 120.192.0.0/10, 112.0.0.0/10, 211.136.0.0/13, 221.176.0.0/13 CMNET-GD Guangdong Mobile Communication Co.Ltd., CN mtr 114.114.114.114 1. 192.168.1.1 2. 59.78.34.254 3. 10.21.23.253 4. 10.3.2.109 5. 10.3.0.29 6. 10.3.0.66 7. 10.3.0.70 8. 10.3.0.73 9. 222.44.86.193 10. 172.16.30.41 11. 222.44.1.205 12. 61.237.0.238 13. 221.176.23.253 14. ??? 15. 221.183.11.217 16. ??? 17. 221.181.240.218 18. 112.25.2.30 19. ???

14. CDN & DNS • User asks local DNS sever for

    IP to content server • Local DNS server asks authoritative DNS server • Authoritative DNS server chooses the best CDN server according to the IP address of local DNS sever • CDN server caches content • User fetches content from CDN server

15. Webpage CDN Flow Image: https://help.aliyun.com/document_detail/27101.html

16. Why CNAME? • static.zhihu.com CNAME to static.zhihu.com.w.alikunlun.com • static.zhihu.com.w.alikunlun.com A

    to many CDN Servers • CDN as a service • need to frequently change DNS records • don’t have permission on service users’ name server

17. Global Server Load Balancing • Monitor server health • Load

    balancing • Choose servers nearby • Provide different versions of the same resource

18. Global Server Load Balancing • Implementation • DNS • HTTP

    Redirection • … ref: https://blog.goquxiao.com/posts/2015/11/22/gslb-research-1/

19. GSLB via DNS • Lower request pressure: local DNS cache

    • Easy to scale out • Widely used • Cannot get information other than local DNS IP • may result in inaccurate resolve • have some workarounds, for example, EDNS ref: https://blog.goquxiao.com/posts/2015/11/22/gslb-research-1/

20. GSLB via HTTP Redirection • All HTTP requests are sent

    to GSLB • GSLB sends HTTP 302 redirection back to user • High pressure on GSLB server (single point) • HTTP only • Rich user information (IP, browser, language, …) • better resolve result • log down user behaviors • Easier to implement ref: https://blog.goquxiao.com/posts/2015/11/22/gslb-research-1/

21. Fallback Policies

22. Small Files vs. Large Files • When a cache miss

    occurs, CDN server needs to fetch the resource from the origin server • For small files, this is fast. • For large files, fetching from the origin server may introduce a large latency. • Origin server pushes to CDN servers in advance

23. Small Files vs. Large Files • Also different in storage

    • Small files requires fast random access: SSD • Large files are less sensitive to seek time but occupy much space: HDD

24. On-Demand-Video CDN • Treat video files as ordinary large files

    • User needs to wait until completely downloaded • Progressive download: split into chunks • HTTP Streaming • chunks • adaptive bitrate (ABR) encoding

25. Live Streaming CDN • Demands low delay (1~3s) • Publisher

    pushes to an edge CDN server • CDN servers pushes to each other internally • better network connections between CDN internally • CDN provides larger bandwidth • Subscriber pulls from an edge CDN server Image: https://mp.weixin.qq.com/s

26. Additional Features

27. DDOS Protection • CDN can serve as a simple DDOS

    protection strategy • CDN provider may have large enough bandwidth to absorb DDOS traffic • Origin server address can be hidden from Internet, letting only CDN provider knows • May cost large amount of money • Infeasible for many DDOS attacking methods Image: https://blog.cloudflare.com/ddos-prevention-protecting-the-origin/

28. HTTPS Support • Many websites use HTTPS encrypted connection •

    HTTPS uses asymmetric encryption • web server has a private key • everyone knows the web server’s public key • CDN need to support HTTPS

29. HTTPS Support • Solution 1: CDN provider buys a wildcard

    SSL certificate • *.cloudflare.com • Website directly uses the second level domain given by CDN provider • https://mywebsite.cloudflare.com/static/layout.css Image: http://cleventy.com/paginas-web-seguras-que-es-el-https/

30. HTTPS Support • Solution 2 • Give away web server’s

    private key to CDN provider • Mainstream solution • Supports custom domain • static.zhihu.com • if the website changes CDN provider, the URL doesn’t need to change • Security concern for a few people • Private key may be leaked from CDN provider • CDN provider knows the content Image: https://www.cloudflare.com/ssl/

31. HTTPS Support • CloudFlare’s Keyless SSL • CDN client runs

    a key server which is completely controlled by the CDN client itself • Key server is only used to encrypt / decrypt messages during the handshaking process between a user and a CDN server • CDN client can turn off key servers as soon as it finds CloudFlare was doing something immoral • But CloudFlare can still see the content ref: https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/

32. Limitation

33. Dynamic Page Again • CDN barely helps speed up loading

    dynamic pages itself • CDN helps load static resources • but user still needs to first reach the page itself from the origin server • Interconnection between different ISPs in China is still a big problem • How to speed up dynamic page delivery?

34. BGP Datacenter • BGP datacenter • has links of different

    ISPs • has its own AS number • has BGP routers • broadcasts its IPs using Border Gateway Protocol • Place web server at a BGP datacenter • Web server don’t need to worry anything • Routers and the protocol do the hard work • Very expensive ref: http://vpsadd.com/?p=1872

35. CDN can’t help if no domain • If a service

    cannot use domain name, instead use IP address directly, CDN cannot help at all. • For example, public DNS service • People all over the world use 8.8.8.8 • How does it keep low latency anywhere? • How does it serve so much traffic?

36. Anycast • BGP Anycast • Broadcast the same IP in

    many different locations • A best route is chosen by BGP • The protocol does the hard work • Not suitable for stateful services • Destination may change • State information may lose • CDN provider may use Anycast ref: https://www.zhihu.com/question/54158268

37. Summary • Motivation • Principle • Global Server Load Balancing

    • DNS • HTTP Redirect • Applications • Small files, large files • Video on demand • Live streaming • Additional Features • DDOS protection • HTTPS support • Alternatives • BGP datacenter • Anycast