From CDN to ADN
The content delivery network (or content distribution network) is inspired and invented in MIT in the late ’90s and later became a successful commercial venture Akamai Technologies in early ’00. The goal of CDN is to distribute service spatially relative to end-users to provide high availability and high performance. As the growth of the Internet, CDNs serve a much larger amount of Internet content today.
The technology doesn’t remain stalled. It keeps evolving and spanning into different types of content delivery services: video streaming, software downloads; add-ons like security, with DDoS protection and web application firewalls (WAF), and WAN optimization.
In a nutshell, business pushes the CDN solution to become sophisticated and comprehensive enough to handle performance and security challenges. The market starts to refer to the evolved CDN as an application delivery network (ADN).
ADN vs CDN
In theory, an application delivery network (ADN) is closely related to a content delivery network. However the differences between a content delivery network (CDN) and an application delivery network are still notable: it’s like static content vs. dynamic applications, bare metal vs. cloud, or the old way of delivering web applications vs. the new way.
The difference between the two delivery networks lies in the intelligence of the ADN to understand and optimize applications, usually referred to as application-aware.
ADN | CDN | |
Deployment Mode | Reversed proxy | Reversed proxy |
Security |
|
|
Performance | High | High |
Cache |
|
|
Deployment Lead Time | Minutes | Days |
Customizable | High | Medium |
Cost | Low | High |
Value-Add Feature | High | Medium |
Application-Aware | Yes | No |
ADN vs CDN Comparison
ADN performance and security techniques
ADN were created out of the demand for a more robust and broad-based content delivery solution. The increasing amount of web-based application has forced traditional CDNs to evolve into an improved solution to deliver dynamic content.
For a web-based application, caching its content on edge servers provides minimal performance improvements since it’s always changing (dynamic) real-time. The data are different for every user, and every request needs to be fetched from the origin server.
So in order to resolve this, a well-programmed traffic monitoring algorithm and application have to be created in order to distribute network traffic over multiple application servers.
ADN’s core technologies are as follow:
- Performance
- Application delivery controller – It serves to distribute web traffic over multiple distributed application servers. It also performs other functions such as caching, compression, and more.
- WAN optimization controller (WOC) – It uses a variety of techniques including compression, caching, de-duplication, protocol spoofing, and latency optimization to improve application performance.
- Content compression – Compression technologies are used to speed up data transfer and improve end-user experience. HTTP compression is commonly used as its main compression technique.
- Load balancers – It distributes traffic using different indicators including network status (health check) and availability. It is mainly responsible for preventing request delays and server downtime.
- Application delivery controller – It serves to distribute web traffic over multiple distributed application servers. It also performs other functions such as caching, compression, and more.
- Security
- Transport layer security – Although often erroneously assigned to the application layer, SSL is the most common method of securing application traffic through an ADN today. SSL uses PKI to establish a secure connection between the client and the ADN, making it difficult for attackers to decrypt the data in transit or hijack the session
- Application layer security
- Resource cloaking – The use of a virtual IP address (VIP) and the position of the ADN in the network provide the means through which certain resources can be cloaked, or hidden, from the client. Because the ADN is designed to understand applications and application protocols, such as HTTP, it can manipulate certain aspects of the protocol to cloak the servers in the pool and prevent potentially useful information regarding the software and hardware infrastructure from being exposed.
- Application firewall – In recent years commercial ADNs have begun to include application firewall functionality to further secure applications during the delivery process. Many commercial ADN companies have acquired and integrated these functions and present such features as part of a defense in depth strategy often cited by security professionals.
- Resource cloaking – The use of a virtual IP address (VIP) and the position of the ADN in the network provide the means through which certain resources can be cloaked, or hidden, from the client. Because the ADN is designed to understand applications and application protocols, such as HTTP, it can manipulate certain aspects of the protocol to cloak the servers in the pool and prevent potentially useful information regarding the software and hardware infrastructure from being exposed.
- Network layer security
- Delayed binding – Also called TCP splicing, is the postponement of the connection between the client and the server in order to obtain sufficient information to make a routing decision so as to prevent DDoS attacks.
- IP filtering – ADNs often have the ability to filter traffic based on access control lists (ACLs), Bogus IP ranges (Bogon filtering) and deep packet inspection pattern matching. In some cases, thresholds or rate limiting of IP addresses or ranges of IP addresses may be employed.
- Delayed binding – Also called TCP splicing, is the postponement of the connection between the client and the server in order to obtain sufficient information to make a routing decision so as to prevent DDoS attacks.
- Transport layer security – Although often erroneously assigned to the application layer, SSL is the most common method of securing application traffic through an ADN today. SSL uses PKI to establish a secure connection between the client and the ADN, making it difficult for attackers to decrypt the data in transit or hijack the session
So, ADN or CDN?
Despite ADN is an evolved technology of CDN. Many don’t hear much about ADN as much as CDN, but most CDNs on the market are actually ADNs. This is due to the term “ADN” is not yet commonly used and it’s similar to CDN on the surface, so most ADN providers repackaged it into “CDN”.
mlytics Multi CDN platform is built on top of CDN global market leader or/and regional provider, and all these CDN platforms are ADN. To a certain extent, mlytics is a Multi ADN platform.