This document presents a real-world performance evaluation report for Microsoft Azure CDN. Testing was conducted on a business domain that had completed CDNProfile and Endpoint configuration and was actively handling traffic. The evaluation focuses on two core capabilities:CDN Acceleration Effect 与DDoS Attack Mitigation Capability。
It should be noted that Azure CDN currently has multiple implementation sources within the system (Microsoft's own infrastructure, third-party network integrations, etc.). The testing in this article is based on Azure Native CDN EndpointThis does not involve Front Door or advanced WAF combination solutions.
I. Test Environment and Basic Information
| Project | Explanation |
|---|---|
| Service Provider Under Test | Microsoft Azure CDN |
| Testing Party | Network Security and Operations Testing Team |
| Access Method | Azure CDN Endpoint + DNS CNAME |
| Origin server environment | Azure VM (Nginx, East US region) |
| Testing Cycle | Approximately 30 days |
| Test Focus | Static Resource Acceleration / DDoS Stress Testing |
II. Azure CDN Plans and Billing Models
Azure CDN employs Pay-as-you-go The cost is billed through the Azure unified billing system. No fixed data plans or annual subscriptions are offered; costs are primarily determined by outbound traffic and the number of requests.
| Billing Items | Explanation |
|---|---|
| Outbound traffic | Pricing varies by region, with significant differences across continents. |
| Request Fee | Billed based on the number of HTTP/HTTPS requests |
| DDoS Protection | Azure DDoS Protection Basic is included by default. |
| Total traffic during the test period | Approximately 500–600 GB |
| Costs during the testing period | Approximately $70–95 (subject to billing) |
In actual experience,Azure CDNCost transparency is acceptable, but if budget alerts are not set up,
Cost volatility risks persist during sudden traffic spikes or attack scenarios.
III. CDN Acceleration Testing Methodology
CDN acceleration testing primarily focuses on DNS resolution time, Time to First Byte (TTFB), and overall response time. The test utilizes curl Initiate requests from different regional nodes to compare performance differences before and after CDN activation.
curl -o /dev/null -s -w \ DNS: %{time_namelookup}s\n Connect: %{time_connect}s\n TTFB: %{time
"DNS: %{time_namelookup}s\nConnect: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\nHTTP: %{http_code}\n" \
https://cdn-test.example.com/static/test.jpg
IV. CDN Acceleration Test Results
| Test Area | DNS(s) | Time to First Byte (TTFB) | Total(s) | HTTP Response Codes |
|---|---|---|---|---|
| United States (US) | 0.006 | 0.108 | 0.142 | 200 |
| Europe (EU) | 0.009 | 0.135 | 0.175 | 200 |
| Asia (SG) | 0.014 | 0.182 | 0.228 | 200 |
Azure CDN performs stably in North America and Europe, while Asian nodes exhibit slightly higher latency. TTFB is relatively noticeable during the first visit to cold caches.
V. DDoS Attack Testing Plan
| Test Item | Explanation |
|---|---|
| Attack Type | TCP SYN Flood / HTTP GET Flood |
| Testing Tools | hping3 / wrk / ab |
| HTTP Peak Requests | Approximately 900–1200 RPS |
| Network Layer Packet Rate | Approximately 40K–50K PPS |
VI. DDoS Stress Test Results
| stage | HTTP 200 | HTTP 403 / 429 | Origin Server CPU | Service Availability |
|---|---|---|---|---|
| Before the attack | 99.91% TP3T | 0% | 13% | 100% |
| Under attack | 90.81 TP3T | 8.51TB | 19% | 98.71 TP3T |
| After the attack | 99.71 TP3T | 0.31 TP3T | 14% | 100% |
During the attack, some abnormal requests were throttled or rejected at the edge, and no significant abnormal spikes were observed in origin server resources.
VII. HTTP Headers and Node Validation
curl -I https://cdn-test.example.com/static/test.jpg
HTTP/2 200 x-cache: HIT via: 1.1 azureedge.net
8. Frequently Asked Questions (Azure CDN FAQ)
1. How quickly does Azure CDN take effect?
After creating a new endpoint, it typically takes several minutes to over ten minutes for the changes to propagate globally, making it unsuitable for business scenarios requiring frequent cache rule modifications.
2. Is the default DDoS protection sufficient?
Azure DDoS Protection Basic defends against common traffic-based attacks, but complex application-layer attacks still require Front Door or WAF for comprehensive protection.
3. Does Azure CDN pass attack traffic back to the origin server?
When static resource cache hit rates are high, attack traffic is primarily absorbed by edge nodes; when dynamic request ratios are high, the risk of backend traffic increases.
4. Is Azure CDN cost controllable?
Pay-as-you-go pricing is inherently transparent, but budgets and alerts must be set to prevent significant cost fluctuations during abnormal traffic conditions.
5. Is it suitable for personal websites or small projects?
Technically feasible, but the console complexity is relatively high, making it more suitable for teams with prior Azure experience.
IX. Conclusion and Personal Perspective
Based on real-world testing experience, Azure CDN functions more like a “foundational component” within the Microsoft cloud ecosystem.
Rather than an independent CDN product designed for ultimate ease of use.
Its advantage lies in its native integration with Azure resources and stability, but in terms of global acceleration consistency and configuration intuitiveness,
It does not hold an absolute advantage. If your business already relies heavily on Azure, then Azure CDN is a reasonable and secure choice;
However, if you're simply looking for a lightweight CDN, its learning and management costs require careful consideration.
