F5 Distributed Cloud Content Delivery Network: an overview and what's new

From a technical feature perspective, there's nothing new in the world of Content Delivery. You read that right.
 
What's new about it, however, is F5's Distributed Cloud blend of Content Delivery: It marries network connectivity, ingress networking, web security, and, of course, caching, and delivers it in a way that no other CDN provider has before.

Most apps nowadays aggregate content from many sources, and many don't use the same internal networks or even one specific cloud provider. Modern apps now pull content from everywhere, and depending on how frequently the content is accessed, it doesn't make sense to pay a premium to have all of it always available within milliseconds. This is where F5 Distributed Cloud CDN breathes new life and adds color to readily accessible on-demand content.
 
If you're like me, you're probably wondering what's different in Content Delivery Networks today? Higher expectations and more specialization among providers. At F5, we see these trends grow by the day:

• Stronger user-driven demand for personalized content, live streaming, on-demand video, and other dynamic elements
• Increased expectations for strong application performance, availability, uptime, and a robust security posture to support a user-focused experience
• A growing need to deliver application logic closer to consumers using standard software development pipeline and lifecycle management
• More specialization – most CDN providers are now focusing primarily on:
  o   Security, the fast-growing market segment
  o   Online gaming
  o   OTT (over-the-top) video
  o   Web, email, and data
  o   File sharing

The first step for any CDN is to deliver content from the location closest to the point of origin. To do that, F5 uses its high-capacity global network to resolve DNS as close to that point as possible, and to direct clients to the closest regional point of presence. From there, F5 provides global DDoS protection at OSI model Layers 3 through 7 with its consolidated DNS, and Web App and API Protection (WAAP).
 
Putting all the bits together, the F5 Distributed Cloud Console streamlines configuration for modern app types and API traffic (files, video, images), with integrated security control and advanced caching policies.

 

The centralized control plane provides both management and observability into specific application traffic and events across all the endpoints, including those on different network.

Now, let's see an example of how we can use the F5 CDN to distribute a modern app. Arcadia Finance is an example of a microservices app that we use at F5 to showcase new product features. It uses independent modules that can live in multiple cloud providers and on different networks.

    Frontend/Main - IBM Cloud Satellite, OpenShift k8s
    Backend - Azure AKS
    Money-Transfer - IBM Cloud Satellite, OpenShift k8s
    Refer-A-Friend - Google GKE

Frontend/Main and Money-Transfer are workloads that run as pods in a k8s cluster on IBM OpenShift and are connected to the F5 Global Network using a Cluster-native k8s customer endpoint (CE), a workload managed by F5.

Backend is a workload connected via F5 Distributed Cloud Customer Endpoint (CE) native to Azure.

Refer-A-Friend is workload connected via F5 Distributed Cloud Customer Endpoint (CE) native to Google Cloud Service.

To support the above app, the following configuration has been added as a distribution in the Distributed Cloud Console CDN service:

metadata:
  name: arcadia-cdn
  labels: {}
spec:
  domains:
    - arcadia-cdn.demo.internal
  http:
    dns_volterra_managed: true
  add_location: false
  more_option:
    cache_ttl_options:
      cache_ttl_default: 1m
  origin_pool:
    public_name:
      dns_name: ves-io-f85551e2-8a82-4fb4-88a4-b5c202e56d41.ac.vh.ves.io
    no_tls: {}
    origin_servers:
      - public_name:
          dns_name: ves-io-f85551e2-8a82-4fb4-88a4-b5c202e56d41.ac.vh.ves.io
  dns_info: []
  state: VIRTUAL_HOST_READY
  auto_cert_info:
    auto_cert_state: AutoCertDisabled
    dns_records: []
  service_domains:
    - domain: arcadia-cdn.demo.internal
      service_domain: ves-io-cdn-arcadia-cdn-demo-internal.autocerts.ves.volterra.io

When a user accesses and logs into the Arcadia App, F5 Distributed Cloud CDN first screens each request and then passes it through to the backend, in this case, Frontend/Main. The main pod then works to pull content from the backend, money-transfer, and refer-a-friend modules, all of which are available as different internal endpoints and virtual servers accessible only from other pods within the F5 Global Network. Only after the content has been successfully fetched by Frontend is the landing page finally presented to the user. In the context of CDN, we refer to this first case as a Cache-Miss.

% curl -I http://arcadia-cdn.demo.internal/images/image1.jpg
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 00:38:22 GMT
Content-Type: image/jpeg
Content-Length: 54142
Connection: keep-alive
last-modified: Wed, 10 Aug 2022 18:48:47 GMT
etag: "62f3fd8f-d37e"
x-envoy-upstream-service-time: 5
Server: volt-cdn
x-cache-status: MISS
Accept-Ranges: bytes

When Arcadia Finance is front ended with the Distributed Cloud CDN, content no longer needs to be fetched by Frontend/Main every time the user accesses the page. To reduce load on the app modules, the CDN caches all the content and delivers it to the user upon subsequent hits. This is known as a Cache-Hit.

% curl -I http://arcadia-cdn.demo.internal/images/image1.jpg
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 00:38:25 GMT
Content-Type: image/jpeg
Content-Length: 54142
Connection: keep-alive
last-modified: Wed, 10 Aug 2022 18:48:47 GMT
etag: "62f3fd8f-d37e"
x-envoy-upstream-service-time: 31
Server: volt-cdn
x-cache-status: HIT
Accept-Ranges: bytes

When using Distributed Cloud CDN to distribute frontend apps, even when there's a Cache-Miss, the user experience will be improved vs going to the app directly because the CDN directs the connection to F5's closest regional point of presence (PoP), eliminating much of the uncontrolled and variable latency inherent on the Internet.
 
After accessing the Arcadia Finance app for some time, even when the cached page Time To Live (TTL) policy is set to a very low value of 1 minute, we're still able to see a good amount of caching provided by F5's CDN. Viewing the app's distribution performance in the Distributed Cloud Console, we can see the percentage of hits vs. misses, what the returned latency is for each, how much of the app is returning HTTP 2xx, 3xx, 4xx, or 5xx status codes, and even which versions of SSL and HTTP the connections use.

 

Overall, F5's CDN pulls out all the stops when it comes to safeguarding your environments. Regardless of whether an app's content sprawls multiple private and public networks, F5's CDN can connect to it securely at the app level and cache it. Endpoint-specific security policies within the CDN can be added with a few clicks and the use of a Swagger file to further restrict the operations and content allowed to prevent malicious actors. All in all, F5's Content Delivery Network delivers the best set of network connectivity and security-focused functionality to enable today's most modern applications.

In the following video, I share some of the additional benefits of using the F5 Distributed Cloud CDN and show the difference that users will notice when the CDN provides more content from the cache.