Must Know CDN Skillsets for Server Engineers

In the cloud era, everyone is fighting to increase static resource loading speeds. In recent years, this alone has promoted the gradual popularization of CDNs, especially in rapidly expanding markets like China. I work in a company whose core business is centered on image sharing communities and therefore we rely heavily on image CDNs. This article uses to case studies to highlight must have skillsets for server engineers working with CDN. It will discuss CDN background and basic principles, distributed image storage, procedures and considerations for batch adding and switching CDNs as well as CDN access fault analysis.

Everything in this article is based from my own experiences.
Background and principles of CDN and distributed image storage
Before we start, let’s have a quick look at the basic CDN image storage architecture:

These main principles of the above architecture can be illustrated in the diagram below:

In this architecture we aim to switch the image access traffic for a certain domain name (a.mengkang.net) to the CDN. Here’s a rundown of the procedure:

  1. First, we need to collect statistics on the original domain name's access logs to find the image addresses with high access frequencies (around 200,000 addresses for example). Then, we will hand these addresses over to the CDN provider.
  2. The CDN provider will then do the warm-up crawling on the resources from the 200,000 addresses.
  3. After warm-up crawling is complete, when can change the domain name for a portion of a.mengkang.net to b.mengkang.net. Then, we need to resolve the b.mengkang.net CNAME to the CDN server's domain name, such as b.mengkang.ccgslb.com.cn.
  4. Using wget testing, we will access the images in the b.mengkang.net domain name to see whether or not they can be cached by the CDN.
  5. If the cache test is successful, we will switch some of the traffic from a.mengkang.net to b.mengkang.net. The O&M staff will monitor the back-to-source traffic situation and adjust the allocation of traffic accordingly.

Locating CDN resource access faults

Case Study 1:

Problem:

Recently we had a unique issue with large images. The access to the same image address sometimes succeeded and sometimes fails and when an image could not be accessed, individual image addresses access requests jumped to the game site's homepage.

We contacted the CDN provider's customer support and were told that the carrier's DNS was hijacked, but there was no problem with the CDN service (they seemed very passive). Here’s how we solved the problem.

Solution:

Let's use the following image as an example: http://f4.topit.me/4/2d/d1/1133196716aead12d4s.jpg

  • First, we confirmed that our origin site resources could be accessed and there was no problem with CDN back-to-source

    We used the wget command to bind the domain name host (here, we assumed the origin site IP is 111.1.23.214). This allows us to bypass the CDN and directly access our origin site:

    This confirms that the image can be accessed normally.

  • Then, we used wget -S to print out detailed HTTP header information

Using this request, we can clearly see that the request first connected to 123.150.50.14:80 and then experienced a 302 redirect. The header information clearly states: Powered-By-ChinaCache: HIT from CHN-TJ-7-3V2.6. This means that this is a problem with the CDN itself. Also, the redirect page also is a ChinaCache customer. Now that we had located the problem, the CDN provider could no longer deny responsibility and started fixing the problem.

Case Study 2:

Problem:

When accessing a certain webpage, the images in the CSS could not be accessed. However, images can be accessed by following the image address independently. Using wget --referer, we found that the problem was an incorrect anti-leeching setting:

I reported this to customer service and they told me that they did not impose any restrictions and the problem is with our origin site. So we have to dig for evidences.

Solution:

  • First, we confirmed that there was no problem with the origin site by simulating browser access with a referrer

    At the same time, to bind the host, we also used another method: wget -e http_proxy

  • Then, we requested directly, without binding the host

This clearly shows the domain name resolution process. The CDN DNS uses a predefined policy, returning the optimal IP, 111.202.7.252. Then, it returned 403. Only after I provided screenshots showing the two situations, the CDN customer service staff had to start fixing the problem.

Conclusion:

The above problems caused our development engineers to take on too much operations and management responsibilities. Recently we switched to Alibaba Cloud OSS for storage, and now we do not have to worry about the above problems anymore. There is no more back-to-source because we can directly store images on the cloud! It's that simple!

时间: 2025-01-19 12:55:57

Must Know CDN Skillsets for Server Engineers的相关文章

Understanding the Terminologies Used for CDN

Content Delivery Network (CDN) is a popular service provided by many cloud providers, such as Alibaba Cloud. The main purpose of using CDN is to accelerate content delivery to users from across the globe. When using CDN, you are bound to encounter so

利用阿里云产品的数据备份与恢复实践

背景 对业务系统来说,数据可靠性非常重要.如何通过简单的配置,实现适当有效的备份机制并具备快速恢复能力是本最佳实践所要解决的主要问题. 不同的业务系统,对可用性和备份恢复的要求有很大的不同:对一般系统来说,因为阿里云默认有3份冗余副本.对磁盘和数据库的每天自动备份,并承诺99.9%的可用性,所以不须做更多配置.但为了应对意外情况,需要做好变更日志和本地备份: 对业务价值比较大的系统来说,只要做到严格遵守操作规范和利用阿里云提供高可用.数据备份和恢复机制,无论发生何种类型的故障或灾难,也能降低损失

分享下今天研究的流量上限DDos攻击分析和解决方案

分享下今天研究的流量上限DDos攻击分析和解决方案   经常听到或者碰到某个网站被攻击,一般都是流量攻击.今天自己写了个程序测下相关的上限,程序只简单做了个get html操作(不包含图片等资源文件). 用一台双核CPU机器A,启100个线程,连续发送服务器B,统计出的结果是每秒钟发173个请求,机器A的发送带宽450Kbps,机器A的接收带宽2.8Mbps,机器B的发送带宽2.8Mbps,机器B的接收带宽450Kbps. 用一台双核CPU机器A,启1000个线程,连续发送服务器B,统计出的结果

jNETx Open Convergent Feature Server

server jNETx Open Convergent Feature Server  The jNETx Feature Server is a carrier grade, network convergent application server that allows communication service providers to cost effectively create, test and deploy integrated voice and data services

Web前端优化最佳实践之Server篇

Web 前端优化最佳实践第二部分面向 Server .目前共计有 6 条实践规则.[注,这最多算技术笔记,查看最原始内容,还请访问:Exceptional Performance : Best Practices for Speeding Up Your Web Site ] 1. 使用 CDN (Use a Content Delivery Network) 国内 CDN 的普及还不够.不过我们有独特的电信.网通之间的问题,如果针对这个作优化,基本上也算能收到 CDN 或类似的效果吧(假装如此

服务器集群负载均衡(F5,LVS,DNS,CDN)区别以及选型

  ======================================= F5全称: F5-BIG-IP-GTM 全球流量管理器. 是一家叫F5 Networks的公司开发的四~七层交换机,软硬件捆绑. 据说最初用BSD系统,现在是LINUX;硬件是Intel的PC架构,再加周边的网络和专用加速设备. 当然要提提售价, 都是几十万RMB的身价. 这宝贝是用于对流量和内容进行管理分配的设备,也就是负载均衡. 从名字就能看出来:BIG-IP. 外部看来是一个IP,内部可却是几十台应用服务器

阿里云 CDN HTTPS 最佳实践系列——动态证书(一)

背景 了解阿里云 CDN 架构的朋友应该知道,阿里云 CDN 7层的接入组件是 Tengine,我们知道 Tengine 原生是支持 SSL 的,只需要在配置文件中配置证书和私钥即可.在 CDN HTTPS 产品化以前,要开通 HTTPS 的域名需要把证书私钥给我们,我们在 Tengine 静态配置中配置,然后再同步到所有 CDN 边缘节点,显然这种方式在越来越多的域名开通 HTTPS 后,Tengine 静态配置文件会越来越大,难以管理,同时也会导致 Tengine reload 变得很慢,这

从运维的角度分析使用阿里云数据库RDS的必要性--你不应该在阿里云上使用自建的MySQL/SQL Server/Oracle/PostgreSQL数据库

开宗明义,你不应该在阿里云上使用自建的MySQL or SQL Server数据库,对了,还有Oracle or PostgreSQL数据库. 云数据库 RDS(Relational Database Service)是一种稳定可靠.可弹性伸缩的在线数据库服务.基于飞天分布式系统和全SSD盘高性能存储,支持MySQL.SQL Server.PostgreSQL和PPAS(高度兼容Oracle)引擎,默认部署主备架构且提供了容灾.备份.恢复.监控.迁移等方面的全套解决方案. 当然,并不是指所有用户

CDN HTTPS解决方案及优化实践

2017在线技术峰会,阿里云CDN技术专家容恪来为大家解析CDN HTTPS 红包背后的技术实践.本文主要从SSL/TLS 及 HTTP/2开始谈起,着重分析了HTTPS 架构和优化实践,最后对用户如何更好使用 HTTPS作了指导.   以下是精彩内容整理: SSL/TLS及HTTP/2介绍 HTTPS 对于HTTPS,其实是在HTTP 之下增加了 SSL/TLS的传输.在整个TCP/IP协议中的结构如图,传输层之上是会话层,会话层中传输的是SSL/TLS协议,HTTP 是在应用层.如果不用 S