This page presents the actual integration evaluation report for Fastly CDN. Testing was conducted after completing DNS integration and ensuring the live business domain was operational. The evaluation focuses on two core capabilities:CDN Acceleration Performance 与 DDoS Attack Mitigation Capability,
The testing process, tools, and results are all reproducible.
I. Test Environment and Basic Information
| Project | Explanation |
|---|---|
| Service Provider Under Test | Fastly CDN |
| Testing Party | This Site's Cybersecurity Testing Team |
| Access Method | DNS CNAME records pointing to Fastly edge nodes |
| Origin server environment | Nginx (US Data Center) |
| Test Content | DDoS Stress Testing / Global Access Acceleration Testing |
II. Fastly Plan Selection and Billing Model
| Project | Explanation |
|---|---|
| Billing Model | Pay as you go (based on traffic + number of requests) |
| minimum charge | No fixed monthly fee; pay only for what you use. |
| Testing Cycle | 30 days |
| Actual traffic during testing | Approximately 620 GB |
| Costs during the testing period | Approximately $95 (primarily for North American and European traffic) |
Fastly's pricing structure is highly sensitive to traffic volume and request counts, making it more suitable for projects with high performance and stability requirements and manageable budgets.
III. CDN Acceleration Performance Testing Methods
CDN acceleration testing primarily focuses on DNS resolution time, TLS connection time, Time to First Byte (TTFB), and overall response time. The testing tool is curl Multi-region detection nodes.
curl -o /dev/null -s -w \ DNS: %{time_namelookup}s\n Connect: %{time_connect}s\n TLS: %{time
"DNS: %{time_namelookup}s\nConnect: %{time_connect}s\nTLS: %{time_appconnect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\nHTTP: %{http_code}\n" \
https://fastly-test.example.com/static/test.jpg
IV. CDN Acceleration Test Results
| Test Area | DNS(s) | Time to First Byte (TTFB) | Total(s) | HTTP Response Codes |
|---|---|---|---|---|
| United States (US) | 0.004 | 0.082 | 0.108 | 200 |
| Germany (DE) | 0.006 | 0.094 | 0.121 | 200 |
| Singapore (SG) | 0.011 | 0.138 | 0.176 | 200 |
Based on the results, Fastly demonstrates a distinct low-latency advantage in Europe and North America, while latency at its Asian nodes is slightly higher but exhibits minimal overall fluctuation.
V. DDoS Attack Stress Testing Plan
DDoS testing is conducted with CDN already in effect, focusing on observing service availability and changes in origin server load during the attack.
| Test Item | Explanation |
|---|---|
| Attack Type | TCP SYN Flood / HTTP GET Flood |
| Testing Tools | hping3 / wrk / ab |
| Maximum Request Rate | HTTP approximately 1200 requests per second |
| Peak packet rate | Approximately 50K PPS |
VI. DDoS Attack Test Results
| Testing phase | HTTP 200 | HTTP 403 / 429 | Origin Server CPU | Service Availability |
|---|---|---|---|---|
| Before the attack | 99.91% TP3T | 0% | 12% | 100% |
| Under attack | 92.41 TP3T | 7.11 TP3T | 18% | 99.11 TP3T |
| After the attack | 99.81 TP3T | 0.21 TP3T | 13% | 100% |
During the attack, a large number of abnormal requests were intercepted and returned by Fastly edge nodes.
403 / 429 Status code,
The origin server load did not show a significant increase, indicating that the CDN successfully absorbed the attack traffic.
VII. Cache Hits and Node Verification
curl -I https://fastly-test.example.com/static/test.jpg
HTTP/2 200 x-cache: HIT x-served-by: cache-fra19145-FRA fastly-debug: true
Header indicates the request hit the Fastly edge cache without fetching from origin, confirming the cache and acceleration strategy are effective.
VIII. Comprehensive Conclusions
Based on actual deployment and testing results, Fastly has demonstratedHigh-Concurrency Access Acceleration 与Medium-Scale DDoS Attack Mitigation Performs consistently in the scene.
More suitable for projects with higher demands on performance, controllability, and log observability.
Fastly CDNUsage and Testing FAQ
1. How long does it take for Fastly CDN to take effect after integration? Is there a wait time for cache synchronization?
During the actual onboarding process, Fastly's CDN configuration takes effect extremely quickly. After completing the domain CNAME record update, edge nodes typically propagate within Within 1–2 minutes You can now begin responding to requests.
No need to wait for lengthy cache synchronization times like traditional CDNs.
2. Will Fastly's DDoS mitigation affect normal user access?
During our DDoS stress tests, Fastly prioritizes identifying abnormal traffic at edge nodes and returns a response to suspicious requests. 403 or 429 Status code.
Normal user requests can still be obtained. HTTP 200 Response: Overall service availability remained above 99.1% during the attack.
3. Could Fastly forward attack traffic to the origin server, potentially overwhelming it?
During testing, the majority of abnormal traffic was absorbed at the edge nodes, with no significant increase in CPU or bandwidth usage observed at the origin server. Provided that caching strategies and default security rules are properly configured, the origin server typically does not directly bear the brunt of large-scale attack traffic.
4. Does Fastly include a WAF? Can it defend against attacks without purchasing additional products?
Fastly provides by default Basic DDoS Protection With traffic scrubbing capabilities, it can handle common traffic-based and simple application-layer attacks.
However, if you require granular protection at the rule level and application layer (such as SQL injection and XSS), you will still need to enable or purchase Fastly's WAF-related products separately.
5. Does Fastly significantly accelerate dynamic content?
Fastly's strengths in dynamic content acceleration are primarily reflected in:Low TTFB with real-time configuration updates For API interfaces and websites with frequently changing content, Fastly's origin path optimization and edge logic capabilities offer distinct advantages over traditional CDNs.
However, it requires some configuration experience.
6. Why does Fastly appear to be more expensive than some other CDNs?
Fastly's billing model is based on actual traffic and request volume, with its core user base leaning toward enterprise-level and high-performance scenarios.
While the unit price appears relatively high for low-traffic sites, in scenarios with high concurrency and high hit rates, the overall cost-effectiveness may not necessarily be inferior to other CDNs.
7. Is Fastly suitable for personal blogs or small websites?
For personal blogs with low traffic, Fastly's advantages may not be fully realized, and the costs are relatively high.
More suitable for scenarios with higher demands on access speed, stability, and observability.Technical blogs, API services, or commercial projects。
8. Is Fastly's cache rule configuration complicated? Are there common pitfalls for beginners?
Fastly's caching and rule configurations offer high flexibility, but they come with a steeper learning curve compared to traditional CDNs. Common issues include improper cache TTL settings and failure to correctly distinguish between dynamic and static resources. Thorough testing is recommended before production deployment.
9. Is it easy to recover when Fastly experiences configuration errors?
Fastly supports version management configuration, generating a new version with each modification. Should any issues arise, you can quickly roll back to a previous version—a highly practical feature in real-world use.
10. Does Fastly support log and attack attribution analysis?
Fastly provides real-time log streaming capabilities, enabling access logs to be output to third-party logging platforms for analyzing attack origins, request characteristics, and hit rates. This proves highly valuable in DDoS testing and security analysis.
