← Back to Distributed Systems

CDN

Distributed SystemsMid

The Question

What is a CDN and how does it work?

What a Strong Answer Covers

  • Edge caching
  • origin fetch
  • anycast DNS.

Senior-Level Answer

A Content Delivery Network (CDN) is a geographically distributed network of servers (edge nodes or PoPs—Points of Presence) that cache and serve content closer to end users than a single origin server can.

The request flow works as follows: a user's browser performs a DNS lookup for `assets.example.com`. The CDN's authoritative DNS responds with the IP of the nearest edge node, determined by anycast routing or GeoDNS. The browser connects to that edge node. If the edge has the asset cached (cache hit), it serves it directly—often in single-digit milliseconds. On a cache miss, the edge fetches from the origin (or a mid-tier cache), stores the response according to cache-control headers, and returns it to the user.

CDNs reduce latency by eliminating round trips to a distant origin. They also reduce origin load dramatically—a popular asset served with a high cache-hit ratio means the origin receives a tiny fraction of actual user requests. This provides implicit DDoS mitigation, since the CDN absorbs volumetric traffic.

Cache behavior is controlled by HTTP headers: `Cache-Control: max-age`, `s-maxage` (CDN-specific TTL), `Surrogate-Control`, and `Vary`. `Vary: Accept-Encoding` tells the CDN to cache separate copies for gzip vs. brotli. `Vary: Cookie` essentially disables caching for authenticated content—a common pitfall.

Cache invalidation is the hard problem. Options include: TTL expiry (lazy, no active invalidation), URL versioning/fingerprinting (`app.a3f7c.js`—permanent cache, invalidation by deploy), and API-based purge (Cloudflare, Fastly, Akamai all expose purge APIs for instant invalidation by URL or tag).

Modern CDNs also support edge compute (Cloudflare Workers, Fastly Compute@Edge), allowing request manipulation, A/B testing, and auth at the edge without hitting the origin. They handle TLS termination at the edge, reducing handshake latency for users far from the origin.

Key metrics: cache-hit ratio (higher is better), TTFB (Time to First Byte), and origin offload percentage. A well-configured CDN typically achieves 90%+ cache-hit ratio for static assets.

What Separates a 2/3 from a 3/3

2/3 — Passing but Incomplete

Explains edge node concept, describes cache-hit vs. cache-miss flow with origin fetch, mentions cache-control headers and TTL-based expiry.

3/3 — Strong Answer

Covers DNS/anycast routing to nearest PoP, explains cache hierarchy (edge → mid-tier → origin), discusses Vary header pitfalls, names multiple invalidation strategies (TTL, fingerprinting, purge API), and mentions DDoS mitigation and edge compute as modern CDN capabilities.

Common Mistakes

  • Describing a CDN as 'just a proxy'—missing the geographic distribution and DNS routing mechanism
  • Not explaining how cache invalidation works beyond TTL expiry
  • Ignoring the Vary header and its impact on caching authenticated or compressed content
  • Confusing CDN caching with browser caching—s-maxage is CDN-specific and separate from max-age

Follow-Up Questions

  • How do you handle cache invalidation when you deploy a new version of your site? — URL fingerprinting (content hashing in filenames) makes assets permanently cacheable and invalidates by deploying new URLs. HTML files have short TTLs or are never cached.
  • What happens with 'Vary: Cookie' on a CDN? — The CDN caches separate responses per unique Cookie header value, which is effectively every authenticated user—destroying cache-hit ratio. Never set Vary: Cookie on assets you want cached.
  • How does a CDN help with DDoS mitigation? — Edge nodes absorb volumetric traffic before it reaches the origin. The CDN can also apply rate limiting and IP blocking at the edge.
  • What is the difference between push CDN and pull CDN? — Pull CDN fetches from origin on first cache miss (lazy). Push CDN requires you to upload assets proactively. Pull is simpler; push gives more control over what's cached.

Related Questions

  • Consistent Hashing
  • Rate Limiting
  • Load Balancer — L4 vs L7
  • Distributed Transactions — 2PC, Saga
  • Exactly-once Delivery

Can You Explain This Cold?

Reading the answer is step one. Explaining it unprompted — under interview pressure — is what actually matters. Get AI-graded feedback on your answer with follow-up probes on your weak points.

Get Graded — Free Assessment
GrindQuestionsAITechnical interview assessment
TermsPrivacyAbout