Recently, several friends engaged in the video station with my bitter water, said the DDoS hit life can not take care of themselves, asked me in the end how to choose a high-defense CDN. This gang of brothers is a lesson in tears - some cheap with unknown vendors, after being hit through the loss of compensation for users are more than the money saved; some blind pursuit of bandwidth figures, the results of the caching strategy sucks, lagging complaints more than the attack.
These days to do the video station, high defense CDN is not ”to be or not to be” problem, but ”how to choose to live down” problem. I have handled the average daily PB-level traffic video platform, but also to help start-up teams from zero to build a defense system, today said that some engineers will not tell you the actual combat experience.
Don't be fooled by bandwidth numbers, defense capability is the lifeblood
Many vendors like to put the ”T-class bandwidth” hanging on the home page, newcomers are most likely to fall into this pit. I tested and found that a claimed 300T bandwidth CDN, the real cleaning capacity of less than 200G - was penetrated only when the other party admitted that ”the bandwidth is a shared pool of resources”. Really encountered a large flow of attacks, this false labeling bandwidth node instant collapse.
The video station is most afraid of application layer attacks. Last year to help a platform to do pressure testing, we used 5000 broiler simulation CC attack, a domestic CDN (will not name) 7 layer protection even rely on human flesh to block the IP, the engineer called in the middle of the night to beg us to stop. In contrast, the intelligent behavioral analysis of CDN5 is really reliable, and can distinguish between real users and attack robots by watching the behavioral model.
Last year, a well-known live broadcasting platform was paralyzed by 600Gbps of traffic because the CDN they used only had cleaning nodes in the north, Shanghai and Guangzhou. Now I will give priority to CDN07, a vendor with 130+ cleaning centers deployed globally, and the attack traffic will be digested by localized scheduling at the edge nodes.
Caching strategy directly determines user experience and cost
The traffic cost of the video station is the big head, the cache hit rate of every 1%, can save tens of thousands or even hundreds of thousands of dollars per month. However, many teams only know to adjust the cache time, and as a result, users can never see the latest video cover.
This is a configuration snippet that has been tested to work in Nginx:
08Host has done a particularly hard job in this area, they can automatically hierarchical caching according to the video heat - hot videos cached to all edge nodes, cold content only with regional center caching. The actual test helped an educational platform save 37% of bandwidth back to the source.
Protocol support is not a list of features, it's the bottom line of the user experience
The lag problem of mobile viewing, 30% is due to the lack of optimization of the protocol stack. We have done a comparison test: the same 720p video, CDN5 supporting QUIC is 1.8 seconds faster than the traditional CDN first screen time, and the number of buffers is reduced by 60%.
A more advanced play is adaptive protocol switching:
As for DRM encryption, don't believe in the vendor's ”universal solution”. The DRM of a major CDN is incompatible with iOS, which prevents 30% users from playing copyrighted content. Now I ask vendors to provide three-end (Web/iOS/Android) test reports.
Summary: Choosing a high-defense CDN is like buying insurance
Finally said a word of offense: cheap high defense CDN is like a free condom, usually think of saving money, really something happened only to find that the cost is greater. Video station this line, stability is greater than everything - the user will not remember how much money you save, only remember the lag when the anger.
(With real test data: a customer using CDN07, monthly downtime from 37 minutes to 0, although expensive 15%, but the user retention rate increased by 22%. Is this deal worth it? (Smart people can do the math themselves)
