While top-dogs in the sphere of CDN (content delivery networks) like Cloudflare and Akamai are dealing with technological problems and try to introduce innovations, some projects make pretty quick advances. The CDN market is worth $5 bln today, and this number is expected to double by 2019. Although well-established CDN giants introduce proprietary technologies from time to time, newcomers win by offering unbeatable services and other sweet concepts. Who the CDN market will be ruled by – the few dominators, or smaller but smarter companies?

Looking back: A short history of CDNs

The first generation of CDNs appeared two decades ago in 1998, when Akamai launched its first network. Content delivery networks were designed to boost delivery of web content. Just like today, constrained bandwidth was the main problem back then, and speed of page loading was also affected by many different factors including page contents and efficiency of traffic routing. Web projects that have to deal with traffic floods and spikes need a reliable and quick mechanism to guarantee exceptional delivery speed.

Within a year of its work, Akamai has become a well-established company thanks to partnering with Apple that constituted 45% of its total $1.2 million revenues. Shortly after, Limelight Networks followed their suit and was launched in 2001. However, it still didn’t manage to reach the same level. Compare: in 2016, Akamai’s total revenue was $2.3 billion, while Limelight Networks posted $170 million revenues the same year.

With the time being, websites get more bloated with traffic, especially dynamic – introduction of SaaS applications contributed to that to a large degree. Besides, the mobility and cloud technologies altered the way we consume and deliver content. CDN networks seem to satisfy users’ needs, but the growing demand for security makes the entire sphere somewhat disrupted.

Since 2008, many other important CDN players started appearing: Amazon launched CloudFront, Fastly appeared in 2011 followed by SoftLayer. The newcomers have gotten Akamai into trouble by forcing CDN prices down. Akamai’s revenue from content delivery solutions has been dropping 9% every year for almost a decade now. Since CDN demands change, as well, customers benefit from 20-40% price drop.

As the new applications keep conquering the market, the developers adapt to next generation of CDN consumption. Still, what’s valued most is continuous delivery, continuous integration, dynamic microservices and, undoubtedly, security and performance values.

Recent technological tendencies

During the last years, there’ve been several major technological shifts:

1. Web page bloating. Average size of web pages has grown to 7,2 Mb during the last five years mostly due to use of media (images, audio, video, animations).
2. Studies conducted by Akamai also show that average page loading time increased by 64% in two years. And when dynamic content is concerned, this variable seems to be even higher.
3. Popularity of video. The type of content used has also changed. The demand for live streaming, videos and dynamic applications seems to be constantly growing. By 2020, video will comprise four times more page contents: about 82% of traffic will be video. The consumption of video during busy Net hours (from 7 PM to 11 PM) will also grow fivefold by 2020. Therefore, CDNs are expected to deal with delivery of dynamic content and handing bandwidth peaks together with transfer of static cached content.
4. By 2020, mobile consumption will also increase to 30-50% of traffic. However, today, average load time for non-optimized mobile size is incredibly low: 19 seconds via 3G connection. Statistics show that more than 50% of mobile websites are abandoned, if it takes more than 3 seconds to load. The websites with pages loading within 5 seconds instead of 19 have 2x higher revenue.
5. Routing optimization is now defined by an old Border Gateway Protocol (BGP), which isn’t too good in timing for data routing. It only checks the number of hops between networks. But what if the route with less hops is congested, or a protocol chooses a physically longer route for some reasons? Say, your packet travels from Berlin to Moscow via London: there could be a faster route with multiple hops. BGP is good from reliability standpoint. This is one of major technologies used in the Net, but BGP is far not the best solution for addressing latency.

These trends prove that content publishers should be highly motivated to boost loading speed. Therefore, CDN networks are now expected to handle dynamic and mobile delivery better than before. Users want delivery networks to route traffic over different network pathways (mobile, 3G, ISP), to balance traffic and handle spikes, and ensure due security. Gaming companies, VR/AR and IoT organizations also contribute to these technological changes. While ordinary CDNs sometimes fail to meet these demands, next generation networks seem to be more capable.

As for traffic routing, it requires new technologies and approaches for optimization, for instance Teridion platform. It aces like a third-party cloud and makes real-time routing decisions in order to prevent taking congested paths. On the contrary to CDN, it scales on demand and isn’t limited by geography, PoPs, cloud providers or upstream communication, which makes it faster in provision. In this case, data is not cached, there’s no SSL certificate managements, compliance and security problems. It is available for every user of a cloud-delivered service.

Companies opt for their own CDNs

There are many different options for acceleration now, and each has its own security peculiarities and theoretical trade-offs. Some companies are not ready to share their SSL certificates and give others any access to sensitive information. CDN isn’t an option for such companies.

Egnyte (a file sharing upstart), a giant in file sharing sphere like Microsoft and Cirtix, can be viewed as a great example of proprietary content delivery network. It’s 30% faster than Box, and 60% quicker when it comes to files larger than 4 Gb. What’s the secret of its success? It synchronizes content between the cloud and the local user. The process is bidirectional, so all alterations on endpoints should be synchronized as soon as possible. In order to make it possible, the company used web socket connection, their own network acceleration and smart clients.

Instead of usual CDN, Egnyte created its own network of PoPs and worked with Teridion to improve dynamic traffic routing in optimized fashion. In this case, no SSL offloading was required, which decreased the risk of potential attacks.

Teridion is a pretty safe and clever technology, although it’s not widely acknowledged. For many CDNs, it will take time and effort to replicate it. Routing optimization is one of major ways of CDN improvement so far, while security is another number one priority.

CDN puts focus on content and security

CDNs boost security by offering decent DDoS protection – these attacks make websites fail under a flood of requests. When CDN processes the traffic, netflow traffic patterns are checked inline. Recently, WAFs (firewalls) and bot mitigation have been introduced. Enterprise customers start truly relying on CDN to manage website security.

While CDN service is partially designed for security, CDN itself may be pretty vulnerably. Major CDN security threats include SSL-based attacks, dynamic content attacks and direct IP attacks. Besides, due to infrastructure complexity, a lot of private information shared over the network can simply leak. Many users don’t realize that it’s possible, and long-term interactions between complex systems often go unnoticed. One study showed that several CDN networks fail to repel loop attacks when customers of CDN create forwarding loops inside the system. Forwarding loops make CDNs process one client’s request over and over again, which makes DoS attacks possible. Although DDoS attacks have been prevented for many years and are widely known, having one of CDN’s customers confront the network is something truly unexpected. In fact, launching a forward loop attack is not difficult, and you can easily sign up for a free CDN account.

Some companies work on creating an advanced Web Access Firewall (WAF) that ensures security and usability for DevOps. Keeping in mind the previous mistakes, they make CDNs that serve to face several security challenges. Development environment is likely to have different configuration and production environments because of cost and architecture limitations. Since these environments are not the same, a CDN-based WAF may be beneficial for production, but not applicable in development. Dealing with issues at this level is challenging, because the access to CDN console is restricted for operation team.

More attention to edge servers

Edge security is another rapidly developing aspect of CDN business. Industry leaders strive to push WAF, DDoS mitigation and Bot mitigation to edge servers. This is crucial for avoiding vulnerabilities and protecting customers. However, legacy CDNs are not yet ready for the shifts to IoT and online video delivery. Their platforms are not advances, and a user may have to log in many different portals. Many infrastructures are optimized for CDN, but not flexible enough to scale. This is why innovative companies are making steps forward and integrate platforms to mitigate security issues on edge servers while providing exceptional user experience.

What about CDNs for developers?

Developers need somewhat different control tools and flexibility for testing and staging content. Sometimes you may have no idea how website will run until it goes into production. Therefore, you need a CDN for visibility and metrics. To control traffic, CDNs apply various reverse proxies (Nginx, squid cache or Varnish Cache). With content-rich environment, you can select from multiple proxies. However, developers and engineers shouldn’t be locked into one proxy software. Instead, they should be able to select the tools that work better for their websites.

Multi-tenancy allows for isolation, which reduces the risk of contamination. Some CDN providers decouple proxy software from the networks and practice software-driven approach to management, configuration and implementation of reverse proxies. Providing developers with full control over proxy configuration and freedom of testing is the new goal of advanced CDNs.

Web engineers need easy installation, testing and troubleshooting options while being able to manage the processes from beginning to the end. As for legacy CDNs, it can be a challenging task. This technology still needs to be evolved, and innovators are looking for ways to offer better solutions and expand the market. In fact, CDN market can be expanded much, much larger, especially if companies start invading new sectors searching for revenue streams.

This has been also caused by competition between several markets, such as CDNs, Software Defined Wide Area Networks (SD-WAN), and multiprotocol label switching (MPLS) together with Cloud Radio Access Network (RAN).

Betting on winners

Many giant companies like Facebook, Netflix and Apple have developed their own content delivery networks, so legacy CDNs have no choice – they should evolve. Should giants like Akamai be worried about smaller companies taking their piece of pie? Although the company still gets its lion’s share of revenue, competitors forge ahead. AWS CloudFront is slowly but steadily conquering the market crawling to the top of Alexa top 1 million domains.

Amazon has made a pretty important contribution to WAF and DDoS mitigation industry, and AWS is now the main provider of centralized cloud compute services. But Akamai is still the leader of edge services (including streaming, security, and delivery), and since data and business are moved to the edge, it keeps its advantage over AWS.

Most likely, telecom carriers and service providers will opt for working with software-driven technologies. Anyway, innovators who are ready to offer something truly useful and valuable for clients will always win, no matter which direction the wind blows.