June 16, 2021
3 min read time

Five reasons why you need an origin shield


Whether you have one CDN or many, an origin shield is a must-have as part of your resilience and risk mitigation strategy. If something goes wrong, the CDN itself can become a DDoS attack on your origin (the whole reason you want origin shielding in the first place!). And, as we’ve learned from recent events that saw half of the internet go offline for 49 minutes, no one can afford to have a single point of failure. 

An origin shield guards against the single-point-of-failure bottleneck while also being regarded as a best practice for companies with mission-critical single and multi-CDN deployments. In any kind of CDN setup, origin shielding is about risk tolerance: how much downtime can your business afford? In a 24/7/365 digital world, the answer is probably “none”.

Protect the origin; preserve the uptime

The origin shield works by “standing guard” in front of your origin server(s) and prevents requests from flooding, or in many cases, ever reaching the origin. The origin shield is a cache that gathers all incoming requests at the cache/point of presence level. The origin shield serves the request from cache (making request fulfillment faster) or requests the content from the origin, effectively making it the gatekeeper of origin traffic. 

For uncached requests, the origin shield collapses duplicate requests into a single request before fetching it from the origin, which also saves time and increases efficiency while at the same time doing its main job: protecting the origin from being overloaded, and worse, total disaster.

Varnish CDN - Origin Shield Tier TP-03

Stop the thundering herd in its tracks: Shield your origin

CDNs are great at doing what they are designed to do. But in the high-stakes, high-performance content delivery environment most companies find themselves in today, they need greater flexibility and redundancy. Sometimes a CDN on its own isn’t enough, and adding more caching is the answer. What does an origin shield offer that can protect backends and performance at the same time?

  1. Redundancy: An origin shield is more than just a backup. It’s a resilience and redundancy strategy that protects your backends.
  2. Avoid costly problems: Whether you’re running an origin shield in front of a single CDN or a multi-CDN setup, origin shielding offers a cost effective solution to thundering herd traffic. Avoid downtime and performance slowdowns, satisfying end users and your SLAs.
  3. Flexibility: Origin shields help ensure that you’re always online and actively defending against downtime while delivering content as efficiently as possible. Whether you’re running a commercial CDN, a hybrid setup or a private CDN, origin shielding meets your CDN strategy and setup however it’s built.
  4. Efficiency and speed: An origin shield delivers content more efficiently with request coalescing and, of course, by delivering more content from cache.
  5. An extra layer of security: Reduce risk from and gain protection against intentional DDoS and unintentional DDoS-like attacks with no extra effort.

Always online, defending against downtime: Origin shield with Varnish

Origin shielding is always a good idea. You never want to experience an outage of the type the world recently experienced, and you never want to leave the user experience to chance. 

Origin shielding has gone from a “nice to have” to a critical component in your architecture. 

With Varnish Enterprise, you have a partner who will work with you to develop your origin shield based on your specific needs.