CDN Routing Explained: Architecture and Optimization

Content Delivery Networks route requests to the optimal edge location, dramatically reducing latency for users worldwide. This guide explains how CDN routing works, from DNS to cache to origin, and how to optimize your CDN configuration.

How CDN Routing Works

When a user requests content from a CDN-enabled domain, multiple routing decisions determine which server responds:

1. DNS Resolution

The first routing decision happens at DNS:

User's browser resolves cdn.example.com
Request reaches authoritative DNS (CDN's nameservers)
CDN DNS returns IP of nearest/best edge location
Browser connects to that IP

2. Anycast Routing

Most modern CDNs use Anycast—the same IP address is advertised from multiple locations:

                    ┌────────────────────┐
                    │  Same IP: 1.2.3.4  │
                    └──────────┬─────────┘
       ┌───────────────────────┼───────────────────────┐
       ▼                       ▼                       ▼
   ┌────────┐              ┌────────┐              ┌────────┐
   │ US Edge│              │ EU Edge│              │Asia Edge│
   │1.2.3.4 │              │1.2.3.4 │              │1.2.3.4 │
   └────────┘              └────────┘              └────────┘
   
Internet routing automatically directs traffic to nearest location

Anycast advantages:

No DNS TTL delays for failover
Automatic routing to nearest location
DDoS traffic absorption at edge

Cache Hierarchy

CDNs organize caches in tiers for efficiency:

Edge POPs (Points of Presence)

Closest to users (hundreds of locations)
Serve cached content directly
Limited storage; hot content only

Regional/Shield POPs

Fewer locations but more storage
Edge POPs fetch from regional on cache miss
Reduces origin load significantly

Origin

Your servers (S3, compute instances, etc.)
Only hit on cache miss up the hierarchy
Protected from most traffic by CDN

User Request → Edge (Hit?) → Regional (Hit?) → Origin

With origin shield:
100 Edge POPs → 5 Regional POPs → 1 Shield → Origin

Cache Key and Routing

What Determines a Cache Hit?

The cache key determines if a request matches cached content:

URL path: /images/logo.png
Query string: ?v=1.2 (varies by CDN config)
Headers: Accept-Encoding, Accept-Language
Cookies: (if configured)

Cache Key Best Practices

Normalize query strings: Sort parameters, remove tracking params
Minimize Vary headers: Each combination is separate cache entry
Use cache keys wisely: Add only what affects content

Origin Selection

For multi-origin setups, CDNs can route to different origins based on:

Path-Based Routing

/api/*       → API servers
/static/*    → S3 bucket
/images/*    → Image optimization service
/*           → Default web servers

Geographic Routing

Route EU users to EU origin
Comply with data residency requirements
Reduce cross-region latency for origin fetches

Failover Routing

Primary origin with health checks
Automatic failover to secondary on failure
Return stale content while origin recovers

CDN Features by Provider

Feature	CloudFlare	CloudFront	Fastly	Akamai
Edge POPs	300+	400+	70+	4000+
Anycast	Yes	Yes	Yes	Yes
Edge Compute	Workers	Lambda@Edge	Compute@Edge	EdgeWorkers
Origin Shield	Tiered Cache	Origin Shield	Shielding	Tiered Distribution
Instant Purge	~1s	Minutes	~150ms	~5s

Edge Computing at the CDN

Modern CDNs execute code at the edge, enabling:

Use Cases

A/B testing: Route users to variants without origin
Personalization: Modify responses based on user data
Authentication: Validate tokens at edge
Image optimization: Resize/convert on-the-fly
API gateway: Rate limiting, request routing

Example: Cloudflare Worker

export default {
  async fetch(request) {
    const url = new URL(request.url);
    
    // Route based on country
    const country = request.cf.country;
    if (country === 'EU') {
      url.hostname = 'eu-origin.example.com';
    } else {
      url.hostname = 'us-origin.example.com';
    }
    
    // Add cache control for static content
    if (url.pathname.startsWith('/static/')) {
      const response = await fetch(url, request);
      const newResponse = new Response(response.body, response);
      newResponse.headers.set('Cache-Control', 'public, max-age=31536000');
      return newResponse;
    }
    
    return fetch(url, request);
  }
};

Optimizing CDN Performance

Cache Hit Ratio

Higher hit ratio = less origin load and better performance:

Measure: CDN analytics show hit/miss ratios
Target: 90%+ for static content
Improve: Longer TTLs, consistent cache keys, origin shield

TTL Strategy

# Static assets (immutable with versioned URLs)
Cache-Control: public, max-age=31536000, immutable

# HTML pages
Cache-Control: public, max-age=300, stale-while-revalidate=600

# API responses
Cache-Control: private, max-age=0, no-store

# Dynamic but cacheable
Cache-Control: public, s-maxage=60, max-age=0

Prefetching and Preloading

Prefetch: Warm cache with expected content
Preconnect: <link rel="preconnect"> to CDN domain
Push: HTTP/2 server push for critical resources

CDN Security

DDoS Protection

Anycast absorbs attacks across all edge locations
Rate limiting at edge before origin
Bot detection and challenge pages

WAF at Edge

Block attacks before reaching origin
OWASP rule sets
Custom rules for application-specific threats

Origin Protection

Origin cloaking: Keep origin IP secret
Token validation: Only allow requests from CDN
IP allowlist: Block direct origin access

Key Takeaways

CDN routing uses DNS + Anycast to reach nearest edge
Cache hierarchy reduces origin load significantly
Cache keys determine hit/miss—optimize carefully
Edge compute enables logic at the CDN without origin requests
Origin shield collapses cache misses for efficiency

Need CDN Optimization Help?

We optimize CDN configurations for maximum performance. Contact us for a consultation.