Google Cloud networking in depth: Cloud CDN

For more than a decade, Google has invested heavily in the infrastructure and software to build a network that offers a great experience to users all over the planet. At Google Cloud, we leverage these same core technologies and infrastructure as the foundation of Cloud CDN, which lets businesses deliver content to their users with industry-leading performance and throughput. Cloud CDN caches content in locations all over the world to stream video, serve images, download game updates, and other digital distribution use cases.

In this blog post, we’ll discuss Cloud CDN’s architecture and key features that help you accelerate content delivery to users across the globe. We’ll conclude with some best practices and useful references.

Cloud CDN infrastructure
We realized early on that we needed to build our own systems and infrastructure to keep up with traffic growth and delight our users. That’s when we started our investments in core infrastructure and technology innovations that we continue to this day.

The result of these investments is that Google Cloud operates on one of the best connected and fastest networks on the planet, reaching most of the Internet’s users through a direct connection between Google and their ISP.

As part of Google Cloud, Cloud CDN caches your content in 96 locations around the world and hands it off to 134 network edge locations, placing your content close to your users, usually within one network hop through their ISP.

While the number of points of presence (PoPs) and cache locations are important, other factors also contribute to Cloud CDN’s high performance, high throughput, and low latency:

• Direct network connections with the vast majority of user-facing networks allow Cloud CDN to choose the optimal cache regardless of the location of the origin.

• Google’s proprietary fiber optic backbone carries network traffic uninterrupted by extra hops.

• Innovations such as QUIC, HTTP/2, and advanced congestion control protocols such as BBR, contribute to higher performance at the edge. This blog post outlines the benefits of these innovations on Google Cloud Platform to an app’s overall performance globally.

To learn more about Cloud CDN’s performance, check out these benchmark reports from Citrix ITM.

Cloud CDN architecture: caching, load balancing, and Google’s premium network
HTTP(S) Load Balancer is a distributed system that provides load balancing at the edge of our global infrastructure. Cloud CDN is integrated with the HTTP(S) Load Balancer at those edge locations.

When your customers request content, they connect with Cloud CDN at the edge location closest to them. In the case of a cache hit, Cloud CDN serves it directly from the most proximal of the 96 aforementioned edge caches located in metros around the world. In the case of a cache miss, Cloud CDN requests the content from the GCP origin (either a storage bucket or a VM) over Google’s high performance backbone, and then delivers the content back to the customer through the same route. This “cold potato” routing runs on our Premium Network Service Tier, keeping the customer’s traffic on GCP fiber for the longest possible distance, for reduced latency and improved throughput.

Cloud CDN features
In addition to running over Google’s premium fiber, Cloud CDN offers a wealth of advanced useability features.

First of all, it’s incredibly easy to turn on Cloud CDN for a Google Cloud back-end service (either a storage bucket or a virtual machine). There are no complex DNS rules or distributions to configure—selecting a single checkbox (or making a single API call) employs all of Google’s distribution infrastructure in the service of caching and serving your content.

In addition, Cloud CDN offers many features out of the box that make it a great option for global content delivery:

1. Google premium network: using Cloud CDN automatically gives access to Google’s premium networkfor delivering content to end users

2. Global Anycast IP: Cloud CDN is accessed through a single global anycast IP, greatly simplifying DNS configurations. Additionally, utilizing Anycast IP distributes inbound requests and makes it hard for bad actors to concentrate their attacks on a single regional or zonal component, thus giving you more resilience to volumetric attacks.

3. No-cost SSL termination: As an extension of the HTTP(S) Load Balancer, Cloud CDN offloads TLS termination from back-end applications. You can control how the load balancer negotiates TLS, providing up to 15 certificates per target proxy at no charge, and applying configurable SSL policies to restrict the TLS versions and cipher suites that the load balancer will negotiate. And load balancers can even use Google-managed TLS certificates, which entirely offloads the process of issuing and renewing certificates.

4. Encryption in-transit: Cloud Load Balancer implicitly encrypts all transit to the back end. Also, you can attach your own certificate to create an SSL connection from Cloud HTTP(S) Load Balancer to the back-end service if you choose.

5. Signed URLs: Cloud CDN can use a 128-bit AES key (provided by you, or generated by GCP) to produce signed URLs with an expiration date. Signed URLs give a client temporary access to a private resource without requiring additional authorization.

6. Global Scale: Cloud CDN leverages the same high availability and scaling infrastructure used by other Google products to provide resiliency and scale without pre-warming. This allows you to ensure that your services and content remain available to legitimate customers even in the event of large scale demand.

7. Logging and monitoring through Stackdriver: Cloud CDN logs each content request. You can then use this information to build dashboards that measure various metrics, cache hits, cache misses, etc. for a near-real-time view into your CDN usage.

8. Configurable cache keys: You can configure inclusions/exclusions for various query parameters when computing the cache keys.

9. Large object support and automatic content size optimization: Cloud CDN can cache objects ranging from 1 byte to 5 terabytes. It also automatically optimizes the underlying storage substrate based on the object size, using flash for smaller objects and HDD for larger objects, thus freeing you from having to tune this manually.

10. IPV6 support: Cloud CDN supports IPV6 clients.

Getting started with Cloud CDN Since Cloud CDN is an extension of HTTP(S) Load Balancer, setting up a CDN distribution involves creating a load balancer and attaching CDN caching functionality to one or more of the load-balanced back ends:

1. Create a load balancer: Follow these instructions to set up a load balancer for a content bucket with a suitable front end (using an Anycast IP) and attach the appropriate SSL certificates and DNS entries as required.

2. Activate CDN: Enable Cloud CDN on the back-end service/bucket created above using these instructions.

And that’s it! Cloud CDN now caches any content with the appropriate caching headers, served through the Anycast IP (or any domain names mapped to that IP through DNS records).

In addition, Cloud CDN’s documentation lists some best practices that can help you optimize its use for your content. Some things to consider are:

1. Thoughtful use of invalidations

2. Tuning the expiration date of time-sensitive content

3. Using custom cache keys to improve the cache hit ratio

4. Using versioned URLs to update content

To learn more about Cloud CDN, here are some helpful references:

1. Presentation on Cloud CDN from Google Cloud Next ‘19

2. Cloud CDN Product Page

We’d love your feedback on the above and more that you’d like to see—you can reach us at gcp-networking@google.com.