System Design Interview: Design a Content Delivery Network (CDN)

By /

What Is a CDN?

A Content Delivery Network is a globally distributed network of edge servers (Points of Presence, PoPs) that cache and serve content from locations close to end users. Instead of every request crossing the ocean to a single origin, users are served from a nearby PoP — reducing latency from 200ms to under 10ms and reducing origin load by 90%+. Cloudflare, Akamai, AWS CloudFront, and Fastly are major CDNs.

  • LinkedIn Interview Guide
  • Airbnb Interview Guide
  • Shopify Interview Guide
  • Twitter Interview Guide
  • Netflix Interview Guide
  • Cloudflare Interview Guide

    • Core Architecture

    Anycast Routing

    All CDN PoPs announce the same IP address via BGP anycast. User’s DNS resolves to the CDN’s anycast IP. The internet’s routing protocol naturally directs the user’s packets to the nearest PoP (lowest BGP hop count). No DNS-based geolocation needed — anycast gives automatic traffic steering. Single IP address, globally optimal routing.

    Edge Cache

    Each PoP runs a large cache (SSD + RAM). Cache key = URL + Vary headers (e.g., Accept-Encoding). Cache policy controlled by HTTP headers: Cache-Control: max-age=86400 (cache for 1 day), s-maxage (CDN-specific max-age), Surrogate-Control. On cache miss: PoP fetches from origin shield (not directly from origin) and caches the response.

    Origin Shield

    A regional “shield” PoP sits between edge PoPs and the origin. Cache misses from edge PoPs fan-in to the shield rather than all hitting origin independently. Reduces origin load by another 10-50x for cache misses. Critical for content that is popular but not globally uniform (regional news, local sports scores).

    Cache Eviction

    CDN edge cache is finite (e.g., 10TB SSD per PoP). Eviction policies:

    • LRU: evict least recently accessed. Simple, good for general workloads.
    • LFU: evict least frequently accessed. Better for skewed access patterns (top 1% of URLs get 90% of traffic).
    • SLRU (Segmented LRU): two-segment queue — new objects enter probation, promoted to protected on second access. Prevents one-time viral content from evicting stable popular content.

    Cache Invalidation / Purge

    When content changes (new article, price update), stale cached copies must be invalidated. Methods:

    • TTL expiry: let cache expire naturally. Simple; delay = TTL duration (seconds to hours).
    • Surrogate-Key / Cache-Tag purge: tag responses with cache keys (e.g., Surrogate-Key: product-123). Purge all responses tagged product-123 with one API call. Used by Fastly and Cloudflare.
    • URL purge: invalidate specific URLs. Works across all CDNs but requires knowing all affected URLs.

    SSL/TLS Termination at Edge

    TLS handshake adds 1-2 RTTs. CDN terminates TLS at the edge PoP (close to user), reducing handshake latency. Origin connection uses a separate TLS session or HTTP over private backbone. Benefits: (1) reduced TLS handshake RTT, (2) TLS certificate management centralized at CDN, (3) DDoS absorption at edge (attacker traffic never reaches origin).

    Dynamic Content Acceleration

    For non-cacheable dynamic content (personalized pages, API responses), CDN still helps via:

    • TCP optimization: CDN maintains persistent TCP connections to origin (avoiding 3-way handshake per request)
    • Route optimization: CDN’s private backbone (optimized routing) vs. public internet
    • Edge compute: run logic at the edge (Cloudflare Workers, Lambda@Edge) — A/B testing, auth, personalization without origin round trip

    Interview Framework

    1. What content is being served? Static (images, JS, video) vs. dynamic (API responses)?
    2. Cache policy: TTL? Vary headers? Stale-while-revalidate?
    3. Invalidation: how fast must changes propagate? (Seconds: cache tags; Hours: TTL is fine)
    4. Geographic distribution: how many PoPs? Which regions have highest traffic?
    5. Origin protection: rate limiting, DDoS absorption, origin shield.

    {
    “@context”: “https://schema.org”,
    “@type”: “FAQPage”,
    “mainEntity”: [
    {
    “@type”: “Question”,
    “name”: “How does anycast routing work in a CDN and why is it better than DNS-based geolocation?”,
    “acceptedAnswer”: { “@type”: “Answer”, “text”: “Anycast routing: all CDN PoPs advertise the same IP address prefix to BGP (Border Gateway Protocol). When a user sends a packet to the CDN IP, internet routers forward it toward the PoP with the fewest BGP hops — which is typically the nearest PoP by network topology. No DNS lookup, no geolocation database. DNS-based geolocation: CDN runs authoritative DNS servers that return different IPs for users in different regions. Problem: ISP DNS resolvers cache responses (TTL), so a user may be directed to a distant PoP if their ISP resolves from a different region. Anycast advantages: (1) naturally routes to nearest PoP every time, (2) automatic failover — if a PoP goes down, BGP withdraws its route and traffic reroutes to the next nearest, (3) DDoS mitigation — attack traffic is absorbed across all PoPs rather than one target IP. Disadvantage: TCP state is node-local, so a PoP failure mid-connection drops existing sessions.” }
    },
    {
    “@type”: “Question”,
    “name”: “How does cache invalidation work in a CDN and what is surrogate-key purging?”,
    “acceptedAnswer”: { “@type”: “Answer”, “text”: “Cache invalidation is the hard part of caching. Three strategies: (1) TTL expiry: set Cache-Control: max-age=3600. Content is stale after 1 hour. Simple, no invalidation API needed. Appropriate for slowly-changing content (weekly blog posts, product images). (2) URL purge: call CDN API to purge a specific URL across all PoPs. Takes 1-5 seconds globally. Limited to one URL per call — impractical for invalidating all pages that show a changed product. (3) Surrogate-key (cache tag) purging: tag response with Surrogate-Key: product-456 article-789 header. CDN stores the mapping. When product 456 changes, one API call purges all responses tagged product-456 instantly. Used by Fastly, Cloudflare, and Varnish. Instant global invalidation for any content related to an object. The engineering challenge: maintaining correct surrogate key tags on every response as the site evolves. Missing a tag = stale content. Extra tags = unnecessary cache misses.” }
    },
    {
    “@type”: “Question”,
    “name”: “How does a CDN handle a cache miss and what is an origin shield?”,
    “acceptedAnswer”: { “@type”: “Answer”, “text”: “Cache miss flow without origin shield: edge PoP receives request, has no cached copy, fetches directly from origin server. If 1000 edge PoPs each have a cache miss for the same URL simultaneously (thundering herd — e.g., after a cache purge or new content publish), origin receives 1000 concurrent requests for the same object. Origin shield: a regional "parent" PoP layer between edge PoPs and origin. Edge PoPs with a cache miss forward to the shield PoP, not origin. The shield collapses multiple concurrent miss requests into one origin fetch (request coalescing / request collapsing). Only one request reaches origin per object per shield. Shield may also cache longer than edges. Benefits: origin traffic reduction of 10-50x on top of edge caching. Configuration: typically one shield per major region (US-East, US-West, EU, APAC). The shield adds one hop latency on cache miss paths but dramatically reduces origin load and cost.” }
    }
    ]
    }

    Scroll to Top