Networking & Protocols
CDN and edge: build and tune an edge delivery layer
Reading about cache keys and stampedes is not the same as raising a real hit rate from 40% to 95%. Put a CDN in front of a mixed-content site, get the cache keys and TTLs right, compose one page at the edge, and prove every step with measurements.
Turn the unit’s mental model into a working edge delivery layer: route to the nearest edge, build correct cache keys, defend origin with shield and stale-while-revalidate, compose a page from per-TTL fragments, and verify hit rate and latency with before/after numbers.
Front a small mixed-content site (static assets + a cacheable HTML page + a per-user fragment) with a real CDN, tune cache keys and TTLs to push the cache hit rate above 90% for cacheable content, compose one page at the edge, and prove the win with measured before/after numbers.
- A before/after table: cache hit rate per content class, p95 edge latency from two regions, and origin request rate under identical load — measured, not estimated.
- The personalised endpoint never serves one user's response to another (verified with two distinct sessions hitting the same URL), and cacheable responses carry a minimal correct Vary.
- Under the load test, a popular URL's expiry produces one origin request (shield plus SWR working), and users continue to get sub-50 ms responses across the expiry.
- The composed page assembles at the edge from at least two fragments with different TTLs, and a deploy-triggered purge clears all edges within ~5 seconds with no cross-region stale split.
- Add a one-page on-call runbook: per-region hit-rate and p99 dashboards, the Vary-cardinality alert, the deploy-purge checklist, and a triage tree from 'hit rate dropped' to root cause.
- Enforce origin protection: require mTLS (or an authenticated header) from the CDN to origin and show that direct-to-origin requests bypassing the CDN are rejected.
- Add a second CDN and DNS-based steering with a 30 s TTL; show traffic shifting to the healthy CDN when you mark the first unhealthy, and confirm purges and edge-worker logic behave identically on both.
- Send a 103 Early Hints response from the edge with Link: preload for the page's critical CSS, and measure the change in Largest Contentful Paint against the no-hints baseline.
This is the loop you will run on every real edge delivery layer: route to the nearest edge, build a minimal correct cache key (audit Vary, mark cookie endpoints private), set per-class TTLs with stale-while-revalidate and stale-if-error, collapse the herd with an origin shield, compose pages from per-TTL fragments at the edge, and make invalidation automatic with deploy-triggered cache-tag purge — verifying hit rate and latency with before/after numbers under identical load. Doing it once on a small site makes the production version muscle memory.