When I first joined the industry, I also think that the high defense CDN Well, is not to carry DDoS attacks Well, to find a large bandwidth, defense value marked high is not the end of the matter? Until once in the middle of the night by the alarm text message woke up, business delay soared to 3000ms, user complaints like snowflakes flying over - only to find that the node distribution of this matter, can really kill.
The client is an overseas e-commerce company, using a cheap CDN, which is called "Global 500 nodes". Usually there is no problem, but one night suddenly suffered a TCP flood attack, the traffic mainly comes from Eastern Europe and South America. As a result, in the CDN's "global nodes", 80% is crowded in several major cities in Europe and the United States, and there is no edge node in South America, so all the traffic flows around the U.S. server room in Miami and then turn back. The delay directly exploded, the defense strategy has not yet come into effect, the link first blocked into the morning rush hour of the North Fourth Ring Road.
These days, even CDNs have to "defend their teammates". You think you are buying a defense, in fact, behind the spell is the node quality and distribution logic. Node distribution is not just "how many points", but "where the points are", "how to connect" and "who has priority". If you don't understand this, the speed will be light, and the defense will be in vain.
Let's pull the defense level first. Many vendors blow "T-level defense", but if you do not tell you the distribution of nodes, basically equal to rogue. DDoS attacks are now more and more regionalized, such as the UDP reflection in Southeast Asia, the CC puppet machine in Eastern Europe. If your CDN does not clean the nodes in the dense area of the source of the attack, the traffic will have to be detoured across the continent, the delay soared not to mention that the middle of the region may also pass through some of the network infrastructure is poor, the packet loss rate of the direct sky.
I actually tested a small factory CDN, claiming 300 nodes, the results of the Middle East a hit, traffic all around to Frankfurt cleaning. Latency from 150ms jumped to 800ms, TCP retransmission rate of more than 15%. users thought the server collapsed, in fact, was the node distribution to the pit.
The speed level is much more obvious. Physical distance determines the lower limit of delay, node density determines the upper limit of congestion. For example: users in Beijing, CDN edge nodes in Shanghai, latency of about 30ms; but if the node is only in Los Angeles, fiber optic transmission will have to be more than 120ms, plus BGP routing jumps, casually on the 200ms. Don't forget, the browser to load a page may involve dozens of requests, each slow 50ms, the overall experience is a big difference.
Don't believe in the "global acceleration" crap. Without localized nodes, it's all bullshit. Especially for video, game, real-time communication, the delay difference between 50ms and 100ms can be directly perceived by users.
Domestic and international node differences are even more of a sinkhole. Domestic network environment is special, cross-carrier (Telecom/Unicom/Mobile) is like cross-province, not to mention the interference of the wall. A good domestic CDN has to do multi-operator BGP access, or even triple play. But a lot of foreign CDN into China, only connected to a telecom or Unicom, mobile user access directly collapse.
On the other hand, the same goes for Chinese companies going overseas. AWS CloudFront or Cloudflare's European and American nodes are really strong, but once they reach Southeast Asia, Latin America, and Africa, they may not be as good as some vendors focusing on emerging markets, such as CDN07's Indian nodes and Brazilian nodes, where the local ISPs' direct connectivity coverage rate can reach more than 90% and the latency is pressed down to within 50ms.
How do you determine if the node distribution makes sense? It's definitely not possible to just look at the manufacturer's promotional graphs. I generally use two earthly methods: one is to run their own latency test, the second is to look at the route tracing (traceroute). For example, to test the user access experience in Southeast Asia, you can use CloudPing from Singapore, Jakarta, Bangkok and other places to measure the delay back to the source.
More ruthlessly, directly on the script to simulate multiple geographic requests:
The run will show you which nodes are fluctuating and which latency is high. If you find a sudden jump in latency in a certain area, it basically means that the nodes are sparse or the line is degraded.
Route tracing is more of a demon-spotting mirror. For example, use this command:
Look at the number of hops and IP attribution in the output. If you find that the traffic is going from Singapore to the US and back to Japan, you can directly ask the CDN vendor to slap the table - it's time to optimize the route scheduling algorithm.
A classic case was encountered in the field: A gaming client uses a cost-effective CDN with a scary node count, but South American users keep complaining about lag. A check traceroute, found that the Brazilian user request was routed to Miami, and then from Miami to take the undersea cable back to Sao Paulo. Later changed the CDN5, people directly in Sao Paulo, Brazil, Buenos Aires, Argentina, put the edge of the node, latency from 220ms down to 40ms, the player never scolded.
Now on to vendor selection. The node strategies of the mainstream CDNs on the market are actually quite different:
CDN5 strong in Asia and Latin America, especially Southeast Asia localization do well, like Ho Chi Minh, Vietnam, Indonesia, Jakarta, such as second and third-tier cities have edge nodes, suitable for overseas enterprises. But the European nodes are relatively few, if the main business in Germany, Poland, may have to match the other home.
CDN07 has deep roots in Europe and the United States, Frankfurt, London, Amsterdam, these places have a strong cleaning ability, anti-high-flow attacks stable. However, Africa basically relies on the South African nodes to support, North African users may have to detour to Europe.
08Host this kind of domestic start, the advantage is certainly the integration of the three networks, BGP nodes, the domestic cross-carrier access experience smooth, and the record, compliance with these things to worry about. But the sea line mainly rely on renting overseas room, Southeast Asia is okay, and then far away depends on the partners to give or not give the power.
Finally a rough conclusion: Node distribution is not only important, even more important than the defense peak. Because the defense can be temporarily expanded, but the node construction is a long-term investment, temporary clasp is simply too late. When choosing CDN, directly dump a world map to the vendor, let them mark out the specific room location, bandwidth capacity, ISP coverage list. Marked out, direct next.
Sincere advice:Never save node money. The budget you save may be lost in customer complaints if you have a congested trans-oceanic route. Now users do not have the patience to wait for you to "optimize the link", the delay of more than 3 seconds directly to the upper right corner of the fork. Sometimes spend more 20% cost, cover more 30% edge nodes, in exchange for the user experience improvement and risk reduction, absolutely worth the price.
By the way, beware of vendors with many "virtual nodes". Some vendors, in order to publicize the figures look good, a physical machine virtualized into dozens of "logical nodes", but the actual exit bandwidth and routing policy is exactly the same. This kind of attack or traffic peak, the whole virtual cluster together collapse. True - a pit pit a nest.
In short (tsk, and AI sense), node distribution of this thing, like repairing the highway network. It's not just a luxurious toll station, it depends on how many ramps there are, whether the intersection is blocked or not, and whether there is a shortcut to take. Engaging in network defense and acceleration is essentially a fight with the laws of physics, the closer to the user, the greater the chance of winning.
Next time you choose a high-defense CDN, first ask, "Your family node, is it biological or adopted?"
