How to select a CDN provider that addresses your specialized needs

Traffic management

One of the key methods for optimizing delivery at the network level is to direct traffic to the best source for delivery. Many companies already use some form of load balancing in their data centers to provide a front end that distributes traffic to a local farm of web servers. CDNs can do that for you on a global level. In addition, they can provide another layer of caching to further reduce the demand for content on your local servers.

Application load balancing. Load balancing is a fairly broad term, covering everything from simple domain-name-system-based traffic balancing to sophisticated Layer 7 load balancing based on traffic content. So, it's no surprise that every CDN provider examined here offers this functionality.

As a stand-alone product class, devices performing functions like these are called application delivery controllers (ADCs), and they can offer a wide range of features and performance. It's likely what you will be able to get from a CDN provider will deliver only a subset of what ADC-only vendors can offer.

Most CDN providers balance traffic at the domain-name-system level -- the most basic take on load balancing. Akamai provides load balancing based on HTTP header attributes, such as URL path, device characteristics and request method. Fastly provides similar functionality and offers client location as an additional session characteristic that can be used to direct traffic.

Origin shield. Origin shield is an extra caching layer that's located between the CDN edge and the user, delivering content while shielding the origin server from handling additional traffic. All the vendors, except AWS CloudFront and Cloudflare, provide this feature, and CDNetworks offers a paid add-on origin shield.

Network security

The CDN is in the ideal position between the end user and origin server to provide a variety of security services.

The CDN is in the ideal position between the end user and origin server to provide a variety of security services. All the CDN providers profiled here offer various security-related products. Among those vendors, Incapsula is unique in that it offers security as a service.

Distributed denial-of-service (DDoS) protection. All the vendors profiled here provide some level of DDoS protection, either integrated within the core service or by using another vendor's product. But they differ in the details. Limelight uses multiple locations at the CDN edge to monitor for DDoS attacks. Fastly provides DDoS as an option and can provide emergency reconfiguration and personalized response plans under its attack mitigation options.

Incapsula identifies itself, first and foremost, as a cybersecurity company and advertises a service-level agreement for detecting and blocking all attacks in less than 10 seconds.

Web application firewall. WAF functionality is available across the board, with the exception of CenturyLink, due to its focus on large-scale video.

Rate limiting. Closely related to WAF functionality, rate limiting can prevent resources from being overwhelmed and help prevent intentional or inadvertent denial-of-service situations. While not supported by CDNetworks or Fastly, the eight other CDN providers examined here offer some level of rate-limiting support. The granularity of the ability to control rate limiting varies.

With Akamai, customers can set rate thresholds. Once exceeded, a customer can generate an alert. Customers also have the option to block the offending client. Instart lets customers specify the time span for rate monitoring and limiting. CDN provider Instart Logic also lets customers determine how long to block an offending client if the threshold is exceeded. Limelight Network allows customers to cap the number of requests per second that originate from a single IP address.

Bot detection and protection. Not all clients accessing CDN services are human. Programs, or bots, are quite common. But not all bots are bad bots. Web search engines and other programs regularly scan websites for content. But customers may wish to limit the resources made available to bots. As a result, bot detection and protection of resources can be an important consideration.

All CDN vendors, except CenturyLink, offer some kind of bot support, either integrated into their products or in partnership with third-party providers. Given the relatively esoteric nature of bots, it's helpful to understand how individual vendors support them.

Akamai's bot manager application allows users to manage how bots access resources, rather than automatically blocking all of them. Instart detects bots and provides a detailed analysis of the bots' behavior. Limelight asks users to answer questions to verify they aren't bots. Fastly partners with bot detection specialist PerimeterX for its bot detection and management capabilities.

Geographical considerations

While CDNs can deliver content globally, some geographical areas, regions or countries may have specific requirements. As a result, certain CDN providers have chosen to specialize in offering services to businesses with geographically specific needs.

China-specific services. Providing web services to users in China has unique requirements. Chinese authorities track web usage, so be sure your CDN provider explicitly recognizes and addresses this fact. CenturyLink doesn't have an offering for China at this time, and Verizon makes no direct reference to a China service. But the other eight vendors either offer a China-specific service directly or do so via partners.

Some of the vendors have specific license requirements for China. If reaching users on mainland China or conducting e-commerce with those users is a requirement, you should research and verify the scope of the CDN provider's China service before delving too deeply into specific CDN capabilities.

Storage location for information and GDPR compliance. Privacy laws and, therefore, data protection vary by country or region. In May, GDPR went into effect in the EU, making storage location an even more pressing issue. CDNs generally store data worldwide. Before this year, many companies might not have cared where their data sets were being stored, as long as they were secure and performed well. Now, the physical location of data might dictate what rules and regulations apply to that data. Some vendors examined here handle this issue as a regulatory one, while others handle it as a performance issue and some as both.

Given GDPR is a relatively new requirement, expect support to evolve and CDN providers to become more specific about how they oversee storage. Akamai confirms compliance with relevant Payment Card Industry and GDPR regulations without providing specifics on storage locations. Fastly allows customers to specify which point of presence can receive and cache requests in support of GDPR compliance.

CenturyLink storage locations are available in several U.S. sites, along with ones in the United Kingdom and continental Europe. And the carrier can anonymize or strip out personal and other demographic information from logs to comply with GDPR regulations. Customers of CDN provider Instart can choose where to store information in its locations in the United States, EU, India and Asia-Pacific.