CDN (Content Delivery Network)

Users in Asia and the Americas expect the same load times as customers in Germany, but the server sits in only one place. This is precisely the problem a content delivery network (CDN) solves. It brings content closer to the users and intercepts a large share of the requests before they reach your own infrastructure. For websites and portals, a CDN is today a standard tool for performance and at the same time the first line of defence against overload attacks. The market ranges from simple cache services to platforms with comprehensive security functions.

What is a CDN?

A content delivery network is a collection of many servers at distributed locations, the so-called edge locations or points of presence (PoPs). These servers keep copies of content ready, such as images, stylesheets, scripts and video files. When a browser requests a resource, the nearest edge server responds directly from its cache. The long path to the origin server, the origin, is avoided for all content that resides in the cache.

With many providers, the assignment to the appropriate location is handled by anycast: numerous servers worldwide share the same IP address, and routing automatically leads each request to the topologically nearest location. If a location fails, the others take over without anything changing in the addresses or configuration. For visitors, the entire process remains invisible; they reach the familiar address with a shorter response time.

How it works

The process follows a simple pattern with a big effect:

  • Caching at the edge: Static content is loaded from the origin on the first request and then kept at the edge location for defined periods. Cache rules and expiry times control how up to date content must be. Popular objects thereby stay permanently close to the user.
  • Anycast routing: Requests automatically land at the nearest location. This lowers latency for users and distributes load peaks across many regions at the same time.
  • Origin offload: The higher the cache hit rate, the fewer requests reach the origin server. The origin can be dimensioned smaller and stays stable during visitor peaks.
  • Protective effect: The distributed capacity absorbs volumetric DDoS attacks before they reach the origin. Many CDNs therefore bundle functions such as a Web Application Firewall and bot management directly at the edge.
  • Dynamic acceleration: Content that can barely be cached benefits too. TLS connections are terminated at the nearby edge and routed to the origin over optimised routes.

Why it matters

  • Shorter load times improve the user experience and conversion, especially for international audiences with long paths to the origin.
  • Visitor peaks caused by campaigns or media coverage hit the cache instead of your own servers.
  • Volumetric attacks fizzle out against the distributed capacity of the network, which a single data centre could never provide on this scale.
  • Relieving the origin lowers infrastructure costs and reduces the outbound traffic from your own hosting.
  • Search engines rate loading speed as a ranking factor, so a CDN pays directly into visibility.
  • Availability rises because the failure of individual edge locations is automatically compensated for by others.

Typical scenarios

  • An online shop launches a high-reach campaign. The rush hits the edge servers, and the shop stays reachable and fast.
  • A software maker distributes updates to customers worldwide. Downloads run from nearby locations, and the connection of its own data centre stays free.
  • A mid-sized company with a customer portal becomes the target of a DDoS attack. The CDN absorbs the flood of requests while legitimate users keep working undisturbed.
  • A media service delivers video content to several regions and keeps start times stable without operating its own servers in every market.

CDN vs. classic hosting

Classic hosting runs an application at one location, a CDN distributes delivery across many locations. The two hardly compete with each other; they complement each other: the origin remains the authoritative source, the CDN the delivery layer in front of it. The limits are important for planning. Personalised and dynamic content can be cached only to a limited extent, and transactions not at all. If the origin fails, the CDN only delivers cached content, while logins and orders come to a standstill. Availability and hardening of the origin server therefore remain critical, including against attackers who deliberately bypass the CDN and attack the origin IP directly. A CDN thus does not replace a hosting decision; it determines the path of the content to the user.

Protection with KAEMI

KAEMI designs and operates the delivery and protection layer for your web applications as part of Application Security . This includes the cache strategy and the WAF rule set as well as DDoS defence, implemented among other things with Cloudflare as a technology partner. Particular attention goes to what lies behind the edge: secured origins whose IP addresses are not directly reachable, and clear rules for dynamic content. This turns the CDN from a mere accelerator into a robust protective shield in front of your infrastructure. If you want to know how much load and risk your origin carries today, get in touch .

Frequently asked questions about CDN (Content Delivery Network)

For which content is a CDN most worthwhile?

The greatest effect is achieved by static resources such as images, videos, downloads and scripts, because they can be cached for a long time. But API and HTML delivery also benefit from anycast routing and optimised paths to the origin. The more international the audience and the higher the share of repeatedly requested content, the more pronounced the gain.

Does a CDN replace DDoS protection?

A CDN absorbs volumetric attacks on web content very effectively, but it by no means covers every risk. Attacks on application logic and APIs additionally require a Web Application Firewall with rate limiting. The origin server itself must also be hardened so that attackers cannot reach it directly if at all possible. Only the interplay of these produces robust protection.

What happens if the origin server fails?

The CDN then continues to deliver all content that is still valid in the cache. Dynamic functions such as login or order processes, by contrast, come to a standstill. Some providers keep an emergency version of the website available with functions such as stale-content delivery. For real failure resilience, the origin itself needs redundancy, for example across several locations or cloud regions.

How does a CDN differ from a load balancer?

A load balancer distributes requests across several servers within a location or a region and knows the state of the systems behind it. A CDN works in a globally distributed way and answers requests from the cache wherever possible, without burdening the origin. In practice, the two complement each other: the CDN sits in front of the load balancer, which distributes internally.

Does a CDN change the GDPR assessment of my website?

Yes, because the CDN provider processes the connection data of your visitors and thereby becomes a processor. A data processing agreement is required, and with international providers a review of data transfers to third countries. The choice of location of the edge servers and the logging settings also belong in the assessment. A clean configuration reduces the processed data to the necessary level.

From term to implementation: KAEMI supports you from the first assessment to day-to-day operations.