How Fastly's CDN Service works
Last updated 2021-09-21
Fastly is a content delivery network (CDN). We serve as an internet intermediary and offer the Fastly CDN Service to make transmission of your content to your end users more efficient.
You can make content available through your websites and internet-accessible (hosted) application programming interfaces (APIs). You can create content (customer-generated content), as can your end users (user-generated content). Fastly's CDN Service then makes the transmission of that content (which we sometimes refer to as "content objects") more efficient by automatically storing copies at intermediate locations on a temporary basis. The process of storing these copies is known as "caching" and the server locations in which they are stored are referred to as "caches."
Fastly's delivers its CDN service from key access points to the internet called "points of presence" (POPs). Fastly places POPs where their connectivity to the internet reduces network transit time when delivering content to end-users. Each POP has a cluster of Fastly cache servers. When end users request your content objects, Fastly delivers them from whichever of the cache locations are closest to each end user.
Fastly's caches only receive and process your end user requests for content objects. You decide which objects will be cached, for how long, who can access them, whether they are to be encrypted when transmitted over the internet, and when the objects will be deleted from the caching service. You make these decisions by specifically configuring Fastly's CDN Service with these requirements. We refer to this configuration process as "provisioning."
To provision Fastly's CDN service, you must identify which of your application servers will provide the original content objects for each of your various domains (e.g., company.com, myco.com). Your application servers can be physical servers in a data center or hosting facility, or applications running on cloud services like Amazon, or any combination. Fastly refers to these source servers as "origin" and "backend" servers interchangeably.
The first time each Fastly cache receives a request for a content object, it fetches the object from the appropriate origin server. If multiple origin servers are specified, the cache will distribute the processing load for the fetches across all of them (based on the configuration criteria set by you). After the content object is fetched, the cache stores a copy of it and forwards its response to the end user.
Each time after the first time an end user requests that same content object, the Fastly cache fulfills requests by retrieving the cached copy from storage (or memory) and immediately delivering it to the end user – the fetch step to the original copy is not repeated until the content object either expires or becomes invalidated.
Can Fastly host my content?
We accelerate your site by caching both static assets and dynamic content by acting as a reverse proxy to your origin server (also known as "Origin Pull"), but we do not provide services for uploading your content to our servers.
In addition to using your own servers as the source, we also support various "cloud storage" services as your origin, such as Amazon Simple Storage Service (S3), Google Cloud Storage (GCS), and Google Compute Engine (GCE) as your file origin. Our partnership with Google in particular enables us to have direct connectivity to their cloud infrastructure.
Fastly POP locations
Our points of presence (POPs) on the internet are strategically placed at the center of the highest density Internet Exchange Points around the world. Fastly's Network Map shows a detailed view of current and planned locations for all Fastly POPs. In addition, our data centers API endpoint provides a list of all Fastly POPs, including their latitude and longitude locations.
Once you're signed up for Fastly service (either through a test account or a paid plan) you can see a live, real-time visual representation of the general regions of the world in which Fastly's POPs receive requests for your service.
How Fastly chooses POP locations
Geographic distribution is just one of the factors Fastly considers when building its global infrastructure. Other factors include connectivity, provider diversity, and our ability to build a scalable, performant modern network centered around internet infrastructure hubs to best support our customers' markets. Fastly's focus on automation, operational redundancy, and global delivery when building our infrastructure means our POPs often combine multiple physical sites to better serve densely populated markets.
Will Fastly ever adjust POP locations or service regions? How will I be notified?
Fastly continues to grow its network footprint, adding and combining new service POPs in the process. At times, expansion may result in the addition of new billable regions to our network. We'll announce new POP locations and new billable regions in advance through our network status page at status.fastly.com. Contact email@example.com with specific contract or billing questions.
Self-provisioned Fastly services
You can configure or "provision" Fastly caching and video services personally, independent of Fastly staff, via the Fastly web interface. Fastly calls this "self-provisioning." Self-provisioning tasks include things like:
- creating and activating services
- adding domains and origin servers
- configuring load balancing
- modifying how services handle HTTP headers
- submitting purge commands
Once provisioned, Fastly services can be activated immediately. If self-provisioned tasks fail to operate in an appropriate or expected manner, you can find answers to a variety of frequently asked questions in Fastly's guides and tutorials. You can also receive personalized assistance by submitting requests directly to Fastly's Customer Support staff.
Always-on DDoS mitigation
Fastly's globally distributed network was built to absorb DDoS attacks. As part of Fastly's standard CDN services, all customers receive:
- Access to origin shielding. Fastly allows you to designate a specific point of presence (POP) to host cached content from your origin servers. This POP acts as a "shield" that protects those servers from every cache miss or pass through the Fastly network, reducing the load that directly reaches them.
- Automatic resistance to availability attacks. Before they're even processed by our caching infrastructure, we filter out Layer 3 and 4 attacks (e.g., Ping floods, ICMP floods, UDP abuse) as well as distributed reflection and amplification (DRDoS) attacks that rely on anonymity to abuse internet protocols (e.g., DNS and NTP).
- Access to Fastly cache IP space. Fastly provides an API endpoint to any customer who would like to know which IP addresses our caches will use to send traffic from our CDN to your origin servers. We make this data available so you can update firewalls at your origin to ensure only our cache traffic can access your resources.
- Custom DDoS filter creation abilities. Using custom VCL, we allow you to craft your own DDoS protection rules to protect your network from complex Layer 7 attacks. Once you identify signs of a potential DDoS attack, you can mix and match Fastly VCL with custom VCL to construct filter configurations based on a variety of client and request criteria (e.g., headers, cookies, request path, client IP, geographic location) that block malicious requests before they hit your origin servers.
In addition to these standard DDoS protection services, Fastly offers a DDoS Protection and Mitigation Service. For more information about this or any of our advanced services, including their subscription costs, contact firstname.lastname@example.org.