HUAWEI CLOUD Recharge: HUAWEI CLOUD CDN Acceleration Principle and Configuration

In the Internet circle, as long as your website, App or applet starts to have users, you will definitely hear three words at high frequency:

"Add CDN"

.

Many technical Xiaobai or brothers who have just switched to cloud operation and maintenance are dizzy when they see the professional terms "content distribution network", "edge node" and "back-to-source ratio. In fact, the core logic of CDN is very simple, to put it bluntly

Cloud vendors have hired a group of "online takeaways" for you all over the country"

.

Today, we will continue to use the vernacular to clearly understand the underlying acceleration principle of Huawei Cloud CDN(Content Delivery Network) and send you a set of actual combat pit avoidance configuration guidelines summarized by the old bird.

Part I: How Does HUAWEI CLOUD CDN Make You Faster?

Suppose your website server (such as HUAWEI CLOUD ECS) is bought in

Guangzhou Computer Room

, static pictures exist in Guangzhou.

When a

Harbin

When a user of wants to see a big picture on your page:

There is no CDN tragedy: users' requests have to span more than 3000 kilometers and pass through more than half of China's public network routers before they can touch the servers in Guangzhou and slowly transport the pictures back to Harbin. As long as there is a traffic jam in the middle of a network node, the web page will turn around indefinitely.

With the feeling of HUAWEI CLOUD CDN: Huawei has already saved this map in advance in Harbin's local computer room (edge node). Harbin users click, Harbin local CDN node seconds to spit the picture to the user. There is no need to leave the province for traffic, let alone run to Guangzhou.

Why is the CDN of a big factory more stable than a small manufacturer? We can look at the above architecture diagram, which has two exclusive hard powers of Huawei:

Intelligent whole-network scheduling (AI Smart Routing): HUAWEI CLOUD CDN has more than 2000 nodes across the country. It can sense in seconds which province and which operator (such as Heilongjiang Unicom) is stuck in traffic, and then automatically guide users to the fastest and healthiest local node.

High-quality backbone network back to the source: as shown on the right side of the figure, if the Harbin node (edge cache) happens to have no new file (Cache Miss) that the user wants, it will not let the user go to Guangzhou to get it through the public network, but the Huawei CDN node will flash back to the Guangzhou source station (OBS/ECS) through the high-speed backbone network pulled by Huawei to pull the file and then cache one locally.

Part II: How to Configure HUAWEI CLOUD CDN

It is very fast to open CDN in the background of HUAWEI CLOUD, but there are several very hidden pop-up holes when configuring domain names and caching rules. please follow the pace of the old bird go:

Step 1: Add domain name and source station (the core is to select the "back-to-source protocol")

Log in to the HUAWEI CLOUD console and search for Content Delivery Network (CDN) ".

Click "Domain Name Management $\rightarrow $Add Domain Name".

Source station configuration: if your picture is stored in the object, select "OBS bucket domain name"; If it is on the server, fill in "IP"

address ".

[Pit Avoidance]: Look carefully at the "Back-to-Source Port" and "Back-to-Source Protocol". If your back-end server has already been equipped with SSL certificate, the whole station is running HTTPS(443 port), here must be changed to HTTPS back to the source, port selection 443! If HTTP 80 is selected by default, your website will probably fall into an endless loop of "301/302 unlimited redirection", and users will directly see "the web page has tried to redirect too many times".

Step 2: Go to the DNS service provider's "handover stick" (configure CNAME)

After the domain name is added, Huawei will generate a

of/’s

CNAME alias address

.

You must go to the background of the service provider where you bought the domain name (such as Aliyun, Tengxun Cloud or Huawei Cloud DNS resolution) and change your domain name resolution type

CNAME

, enter the aliases of the HUAWEI CLOUD record values. Only after this step is completed, the whole network traffic will be officially connected to Huawei's accelerated network.

Step 3: match the "dynamic and static separation" cache rules (not equal to white buy)

Listen, CDN's default caching rules are usually very conservative, and if you don't optimize them manually, you're giving Huawei money for nothing.

Find the "Cache Configuration" tab corresponding to the domain name, refer to the following

Old bird production environment gold rules

To configure:

Match type

Match Path/Suffix

Cache expiration time

Old bird's depth big vernacular explanation

File Suffix

.jpg, .png, .gif, .css, .js

30 days or 1 year

Static resources, hardly changed. Let CDN cache hard, users directly return in situ when accessing, don't disturb my server.

Directory Path

/static/, /assets/

30 days

The front-end packaged static static folder directly lengthens the cache time.

File Suffix

.php, .jsp, .asp, .json

0 seconds (no caching)

[Life Protection Rules] Dynamic Interface, API Data, Background Login Verification. Absolutely can not cache! Otherwise, after user A logs in, user B may see the private data of user A.

The third part: operation and maintenance of the old bird's "safety and money saving" killing skills

CDN is a consumable and is billed by traffic. If you encounter malicious peers who use software to frantically brush your static picture links, hundreds of G's of traffic can burn out in a few minutes. In the HUAWEI CLOUD CDN background, three functions must be enabled:

1. Broadband capping/traffic billing threshold alarm

In advanced settings, configure a "bandwidth cap": for example, "when the bandwidth exceeds 50Mbps per second, automatically disable the domain name, or directly switch all traffic back to the source station".

This trick is used to "prevent bankruptcy. Even if you encounter a big hacker attack, it's a big deal.

The website cannot be opened temporarily, at least it can keep your wallet from being emptied.

2. IP frequency limit (accurate interception brush)

Normal human beings look at web pages, up to 3-5 times a second. The hacker's brush flow script can initiate hundreds of requests for the same picture in a second.

In HUAWEI CLOUD CDN access control, find

IP frequency limit

, setting:

Single IP access to a single node is limited to 30 times per second

. IP over this frequency automatically returns 429 error and pulls black for a while. This move can directly help you save 90% of the wronged traffic fee.

3. HTTPS forced jump and HTTP/2 open

After uploading your SSL certificate in the certificate management, remember to open it.

"Force jump to HTTPS"

. At the same time, be sure to put the following

“HTTP/2”

Switch hook.

HTTP/2 allows a user's browser to download dozens of images concurrently on the same network channel, without the need to queue up like traditional HTTP/1.1. After opening, with CDN edge cache, the user experience will have a qualitative leap.

Summary

Matching the website with HUAWEI CLOUD CDN is like setting up countless "unattended static branches" in China ".

All you need to do is take care of the core "central kitchen (source server)" and hand over all the heavy work and tiring work (distributing big pictures, CSS, video traffic) to Huawei cloud's network takeout workers who don't blink for 24 hours. Clear up the boundaries of the dynamic cache, do a good job of security threshold interception, your system will be able to resist the extreme impact of massive concurrency at a very low cost.