In this blog series, we’ve been looking inside Varnish to see what’s under the hood. There’s a lot more going on than meets the eye, beyond simple caching, beyond even Varnish Configuration Language.
Content delivery networks (CDNs) can be much more than just the workhorse of content delivery. Sure, that’s what they are designed for, but you can get much more from them if you’re able to extend their functionality -- everything from being able to create separate ‘tenants’ in your own CDN setup (for internal use or to sell CDN services on to external customers) to building in web application firewalls, cache replication, and load balancing functions, and much more.
Until recently, most users of private CDN solutions have had unique use cases, requiring flexibility and customizability without the costs and challenges of building from scratch or relying solely on public/commercial CDNs. And in fairness, the features of a private CDN, such as custom PoP placement and custom configuration, aren’t for everyone. After all, commercial CDNs deliver what they promise: efficiency and performance in content delivery at large scale.
Until they don't.
Whether you have one CDN or many, an origin shield is a must-have as part of your resilience and risk mitigation strategy. If something goes wrong, the CDN itself can become a DDoS attack on your origin (the whole reason you want origin shielding in the first place!). And, as we’ve learned from recent events that saw half of the internet go offline for 49 minutes, no one can afford to have a single point of failure.