Users in Asia and the Americas expect the same load times as customers in Germany, but the server sits in only one place. This is precisely the problem a content delivery network (CDN) solves. It brings content closer to the users and intercepts a large share of the requests before they reach your own infrastructure. For websites and portals, a CDN is today a standard tool for performance and at the same time the first line of defence against overload attacks. The market ranges from simple cache services to platforms with comprehensive security functions.
What is a CDN?
A content delivery network is a collection of many servers at distributed locations, the so-called edge locations or points of presence (PoPs). These servers keep copies of content ready, such as images, stylesheets, scripts and video files. When a browser requests a resource, the nearest edge server responds directly from its cache. The long path to the origin server, the origin, is avoided for all content that resides in the cache.
With many providers, the assignment to the appropriate location is handled by anycast: numerous servers worldwide share the same IP address, and routing automatically leads each request to the topologically nearest location. If a location fails, the others take over without anything changing in the addresses or configuration. For visitors, the entire process remains invisible; they reach the familiar address with a shorter response time.
How it works
The process follows a simple pattern with a big effect:
- Caching at the edge: Static content is loaded from the origin on the first request and then kept at the edge location for defined periods. Cache rules and expiry times control how up to date content must be. Popular objects thereby stay permanently close to the user.
- Anycast routing: Requests automatically land at the nearest location. This lowers latency for users and distributes load peaks across many regions at the same time.
- Origin offload: The higher the cache hit rate, the fewer requests reach the origin server. The origin can be dimensioned smaller and stays stable during visitor peaks.
- Protective effect: The distributed capacity absorbs volumetric DDoS attacks before they reach the origin. Many CDNs therefore bundle functions such as a Web Application Firewall and bot management directly at the edge.
- Dynamic acceleration: Content that can barely be cached benefits too. TLS connections are terminated at the nearby edge and routed to the origin over optimised routes.
Why it matters
- Shorter load times improve the user experience and conversion, especially for international audiences with long paths to the origin.
- Visitor peaks caused by campaigns or media coverage hit the cache instead of your own servers.
- Volumetric attacks fizzle out against the distributed capacity of the network, which a single data centre could never provide on this scale.
- Relieving the origin lowers infrastructure costs and reduces the outbound traffic from your own hosting.
- Search engines rate loading speed as a ranking factor, so a CDN pays directly into visibility.
- Availability rises because the failure of individual edge locations is automatically compensated for by others.
Typical scenarios
- An online shop launches a high-reach campaign. The rush hits the edge servers, and the shop stays reachable and fast.
- A software maker distributes updates to customers worldwide. Downloads run from nearby locations, and the connection of its own data centre stays free.
- A mid-sized company with a customer portal becomes the target of a DDoS attack. The CDN absorbs the flood of requests while legitimate users keep working undisturbed.
- A media service delivers video content to several regions and keeps start times stable without operating its own servers in every market.
CDN vs. classic hosting
Classic hosting runs an application at one location, a CDN distributes delivery across many locations. The two hardly compete with each other; they complement each other: the origin remains the authoritative source, the CDN the delivery layer in front of it. The limits are important for planning. Personalised and dynamic content can be cached only to a limited extent, and transactions not at all. If the origin fails, the CDN only delivers cached content, while logins and orders come to a standstill. Availability and hardening of the origin server therefore remain critical, including against attackers who deliberately bypass the CDN and attack the origin IP directly. A CDN thus does not replace a hosting decision; it determines the path of the content to the user.
Protection with KAEMI
KAEMI designs and operates the delivery and protection layer for your web applications as part of Application Security . This includes the cache strategy and the WAF rule set as well as DDoS defence, implemented among other things with Cloudflare as a technology partner. Particular attention goes to what lies behind the edge: secured origins whose IP addresses are not directly reachable, and clear rules for dynamic content. This turns the CDN from a mere accelerator into a robust protective shield in front of your infrastructure. If you want to know how much load and risk your origin carries today, get in touch .