A content delivery network (CDN) stores a cached version of its content in many geographical locations called points of presence (PoPs). These PoPs contain many caching servers that deliver content to visitors within their proximity. The distributed content delivery points reduce the distance between a visitor and your site.
An origin shield adds an extra caching layer in front of your origin so you can eliminate redundant requests. The origin shield PoP collapses all incoming requests for the same content into a single request, boosting efficiency, saving resources, and providing seamless, high-performance content delivery.
CDNs accommodate high traffic volumes globally and can operate even when the origin is small and lacks adequate bandwidth capabilities. CDNs significantly reduce the traffic to the server. However, this reduction is sometimes insufficient, and you may need to shield the origin as a solution.
The origin shield uses a proxy server that sits behind the firewall in front of your origin server (or servers) and serves up cached copies of pages from it. The proxy then drops all traffic for resources requested directly from your origin server, except for requests that must go through the caching proxy itself.
Origin shield is a superior fit for streaming live content and where high bandwidth is required to deliver content.
While your CDN may have many PoPs which can handle substantial traffic and distribute content at scale, this is only part of what’s required. For efficient livestreaming, your CDN must interact seamlessly with the clients and origin server and scale for large viewing audiences, especially when content is demanded all at once.
Standard HTTP web servers act as origins in livestreaming. The encoder continually publishes new media segments to the origin server while the CDN propagates the content through the network in an instantaneous process. Low latency is required to deliver the content in real-time. The origin servers provide minimum loading and low latency, so users experience fast, uninterrupted streaming.
One of the strengths of an origin shield is reducing latency, which high-bandwidth content demands. To optimize network bandwidth requirements, the origin shield caches user requests and content and distributes the content through the PoP closest to the end user.
Shielding the origin increases cache hit ratios to limit the number of content requests to the origin and reduce the origin load. Fewer requests mean less backlog, improve the speed at which content is served, and improve bandwidth efficiency, since there is less traffic to your CDN.
The CDN feature for shielding the origin provides significant value. Origin shield reduces origin requests and the overall latency, ensuring increased security and improved resilience.
Shielding reduces the number of origin requests by assigning a cache or PoP as the center where incoming requests are collected. This prevents the origin server from receiving overwhelming numbers of individual requests.
The origin server receives only the requests from the designated shield PoP. The load on the origin is reduced, improving the cache hit ratio and allowing you to serve content faster while reducing site downtime. A high cache hit ratio means the cache has successfully fulfilled most of the content requests. This contributes to faster load times and improved browsing experience. A ratio of 90 percent and higher provides sufficient caching, but the caching becomes insufficient when the ratio falls below 80 percent.
By defining an edge node PoP as the collection point for incoming uncached requests and dispersing the same to different global locations, you reduce the number of requests directed to the origin server. The requests not served from the cache are funneled through locations closest to the PoPs instead of the origin server. When users request particular resources, content is released to the end user with minimal delays.
Distributed denial-of-service (DDoS) attacks threaten CDNs and can impact their operations for hours or days. Origin shield acts as an additional cache layer between your origin servers and CDN edge servers, preventing your CDNs from DDoS attacks. CDNs with origin shield enabled absorb junk network traffic in large quantities keeping your sites running even during an attack.
Some CDN offerings, such as StackPath’s CDN, have the origin shield as a feature you can enable or disable. The number of egress IPs is limited when the origin shield feature is enabled. Reduced egress footprints mean the exposed attack surface of the origin servers is small.
You can include an origin shield in your disaster mitigation strategy. When using CDN as a standalone without the Origin Shield, the CDN acts as a single point of failure. The origin shield will constantly offload traffic, shielding the origin servers from overload that would otherwise affect the availability of your services. When an outage happens while your origin shield is enabled, point your domains to the origin shield to serve traffic directly from your environment. Furthermore, the origin shield provides additional caching that stores content. If your site has downtime, the cached content is still served as fast as before.
Suppose a user experiences problems with your site and is not getting their usual speed of delivery. In that case, the origin shield will help them regain their typical speed of delivery by using the cached data instead of requesting fresh content from their server every time. If a server goes down, you can still get your content from the origin shield instead of pulling it from another server. Suppose two origin shields are at different locations, and one goes down. In that case, the other can automatically take over serving that location’s content, so users don’t notice any loss in performance.
