Origin Security
Last update:2022-03-30 15:10:15
1 Feature Intro
1.1 Brief Introduction
With the explosive growth of the internet, customers are now facing great pressure due to the high bandwidth and requests.
High availability of customer service is primary for user experience improvement. CDNetworks provides Origin Security feature, which consists of Origin Load Balancing, Origin Bandwidth Control and Disaster Recovery.
It offloads origin and ensures high availability service for end users.
| Feature Type | Description |
|---|---|
| Origin Load Balancing | For customers with multiple origin sites, CDN platform supports going back to the different origins by round robin, dynamic detection and other strategies as per requested, making origin load balance. |
| Origin Bandwidth Control | Control the bandwidth back to origin, to make sure that the origin works well even in overload. |
| Origin Disaster Recovery | For customers with multiple origin sites, CDN supports switching requests to the backup origin if primary origin goes down. |
1.2 Applicable Product Lines
- Content Acceleration
- Dynamic Web Acceleration
- Media Acceleration
- Media Acceleration Live Broadcast
2 Feature Detail
2.1 Origin Load Balancing
Introduction
CDNetworks provides origin load balancing methods to improve origin flexibility, to balance service number of origins, and to optimize customer experience. With this feature, the platform will not only help to proactively request detect the backup server, in order to reduce the packet loss failure of origin site, but also it will distribute the requests of users to different origin sites by ISP or origin, in order to reduce the cross-ISP request.
There are mainly 5 types of origin load balancing:
| Types | Description |
|---|---|
| Origin site round robin | Distribute back-to-origin requests ((hereafter abbr. as BtO)) by round robin |
| Weighted round robin | Distribute weight for each origin, and distribute BtO requests by the weighted proportion |
| Primary/backup origin | Configure primary and backup origin, and switch to backup origin when the primary one goes down. The time taken for primary/backup origins switching is within 1~3 minutes. |
| Back-to-origin by ISP/region | Direct the request to the corresponding origin of ISP/region according to the preset ISP/region scheme. |
| Dynamic Back-to-origin | Dynamic Back-to-origin is an optimization based on the above 4 types. With this feature, CDNetworks PoP will detect which origin is better, and retrieve the content from it for the subsequent requests. |
Configuration Instructions
If customers want to use the origin load balancing feature, they will be configured as below:
- Origin Round Robin
Configuration Method:
Customer need to submit multiple origin IP addresses (or BtO domains) that need to enable round robin for CDNetworks CSE to arrange the configuration settings.
Notices:
- Customer needs to ensure the data synchronization among multiple origins, or there could be access error due to the data inconsistency of origin when implementing round robin scheme.
- If there is modification on the CDNetworks configured origin IP (or BtO domain), customer needs to timely inform CDNetworks CSE to arrange the modification work for the corresponding BtO IP (or BtO domain);
- Origin Weighted Round Robin
Configuration Method:
Customer needs to provide multiple origin IP addresses and the corresponding weighted value for CDNetworks CSE to arrange the configuration settings.
Notices:
- Customer needs to ensure the data synchronization among multiple origins, or there could be access error due to the data inconsistency of origin when implementing round robin scheme.
- When there is modification on the CDNetworks configured origin IP (or BtO domain), customer needs to timely inform CDNetworks CSE to arrange the modification work for the corresponding BtO IP (or BtO domain);
- When it comes to origin round robin weight settings, customer needs to factor in the capability variety of origins.
Primary/backup origin
Configuration Method:
Customer needs to provide primary origin IP (or the primary BtO domain), backup IP (or backup BtO domain) and the monitor URL.
Notices: - Customer needs to ensure the data synchronization among multiple origins, or there could be access error due to the data inconsistency when switching to backup origin.
- When there is modification on the CDNetworks-configured origin IP (or BtO domain), customer needs to timely inform CDNetworks CSE to arrange the modification work for the corresponding BtO IP (or BtO domain);
- BtO by ISP/region
Configuration Method:
Customer needs to provide the corresponding origin IP for different ISPs/regions.
Notices:
- Customer needs to ensure the data synchronization among multiple origins, or the origin file that CDN PoPs of different ISPs/regions fetched could be inconsistent, thus the user experience could be affected;
- If BtO by ISPs/regions is enabled, and the content that user want to visit is not cached on CDNetworks CDN PoPs, the latter will request content from the corresponding origin whenever origin server is healthy;
- The BtO by ISPs/regions can be working in conjunction with primary/backup origin;
Key Benefits
- Balance services among origins, and offload customer origin pressure, promoting service stability and availability;
- Timely detect origin failure, and switch from primary to backup origin, promoting user experience;
- Accelerate response rate when BtO by ISPs/regions is enabled and respond from the proximate PoPs, avoiding cross-network request latency.
2.2 Origin Bandwidth Control
Introduction
CDNetworks provides bandwidth control feature for BtO requests, preventing origin sites from interrupted service due to burst bandwidth.
There are mainly 3 types of bandwidth control:
| Types | Description |
|---|---|
| Bandwidth Control | It is to control the BtO bandwidth in specified time period, with the minimum unit of second. CDNetworks supports setting different bandwidth thresholds in different time periods. For example, it supports configuring the bandwidth threshold of 1000 Mbps from 10:00 a.m. to 10:30 a.m. and configuring 500 Mbps from 4:00 pm to 6:00 pm every day. |
| Query Control | It is to control the BtO queries in specified time period with the minimum unit of minute. CDNetworks supports setting different queries threshold in different time periods. |
| Concurrent Connection Control | It is to control the concurrent connection with origin per second. CDNetworks supports setting a maximum concurrent connections per second. |
Configuration Instructions
Configuration method: the detailed control rules need to be provided.
Key Benefits
- Prevent origin sites from interrupted service due to burst bandwidth.
- Free customers from origin overload.
2.3 Origin Disaster Recovery
Introduction
Some customers may provide backup origin service. CDN PoP will provide the optimum routing for users’ BtO (back-to-origin) requests. For now, there are two problems that may occur when the primary origin malfunctioned,
- How to automatically switch between the primary and backup origins without affecting user experience?
- How can CDN PoP lower the customer loss when the origin server was unable to service?
Origin disaster recovery targeted the above problems. When there is failure occur in origin and CDN PoPs, CDN Disaster Recovery will adopt the timely and effective response strategy to ensure high availability. When customer’s primary origin malfunctions, CDN PoP will automatically continue the request sending to backup server, and respond the correct content to end user, who will not perceive the malfunction at all; when origin server is unable to provide service, CDNetworks CDN PoP will return the files that have been cached to reduce the loss during origin failure.
Origin Disaster Recovery includes: Zero-Delay Disaster Recovery and Offline mode.
1) Zero-Delay Disaster Recovery
The origin-monitor module of the PoP will preferentially provide the primary origin address: if primary origin responds error message, data will be requested from backup origin server with the message provided by origin-monitor module of the PoP, and client will get the data from backup origin. At the same time, origin-monitor module will automatically set the backup origin as the priority back-to-origin (BtO) address, so the next user will directly access the backup origin.
The workflow is as below:
Fig.1 Zero-delay disaster recovery
2) Offline mode
CDNetworks monitor system will keep track of the origin server running status. When it is normal, the origin server will work in concert with CDN PoP to provide the service to the user:
Fig.2. Normal origin service
When the origin server malfunctions, CDNetworks origin monitor system will detect the problem quickly, and switch the working mode into offline mode. It will directly provide the server with the cached data instead of retrieving it from origin, fulfilling the basic access needs for end users to the great extent:
Fig.3. Abnormal origin service
CDNetworks offline mode includes normal offline detection mode and advanced offline detection mode:
Normal Offline Detection Mode:
When CDN PoP received the request for new file or for expired file from end user, it will retrieve new file from origin server or make the BtO verification of the expired file. When the TCP BtO verification failed 30 consecutive times, CDN PoP will activate the offline mode.
Advanced Offline Detection Mode:
According to the probe cycle (system default: 2 minutes per time, adjustable), it will probe the origin server running status periodically. If the origin error is detected (origin does not return 200 status code), the time of probe cycle will be shortened to 30 seconds (system default, adjustable); if the origin error is detected for 3 consecutive times, CDN PoP will directly activate offline mode. There are two types of probing URL under Advanced Offline Mode:
- Probing URL designated by origin: probe with the designated URL
- Probing URL by system default: probe with the system default URL (http://domain/favicon.ico)
After switching to the offline mode, CDN system will ignore all the expired time of the static file. When the file user requests for has been cached in CDNetworks PoP, the PoP will directly return the cached file, so the end user will not perceive any abnormality when requesting for the cached file.
Note: For the uncacheable file or the dynamic content request, the error page will be returned.
Configuration Instructions
If customers want to configure this feature, please follow the below steps:
- Zero-delay Disaster Recovery
- First-time use
a) When using the acceleration domain of zero-delay disaster switchover, first make sure the domain BtO configuration is set as primary/backup.
b) To use the feature of Zero-delay Disaster Recovery, the status code of an abnormal origin response should be confirmed. In other word, define what status code the origin should response when the origin is abnormal.
c) f an alarm is needed for primary/backup origin switchover, activate the feature of zero-delay switchover email alarm. After the feature is enabled, the details of the primary/backup switchover will be sent through email and can be queried on the CDNW portal.
Note: The email alarm data of Zero-delay Disaster Recovery will be huge, so the email alarm is not recommended. - Modification
The primary/backup configuration mode is still used, and the modification of BtO IP will not affect the feature of Zero-delay Disaster Recovery. - Cancellation
If customers need to disable the zero-delay disaster recovery feature, they can directly inform the CSE of cancellation.
- Offline Mode
For all the websites that use the CDNetworks http protocol acceleration product, the CDN system will activate the normal offline mode by default; Advanced offline mode needs custom configuration. (the probing uses the system default URL by default; or uses designated URL if necessary, and probe URL needs to be provided in this case).
Key Benefits
- Zero-delay disaster recovery will automatically switch between primary/backup origins, guaranteeing a smooth customer access.
- The offline mode will return the related information of PoP cache when the origin malfunctions, minimizing the website losses.