Mouser Left Banner
Mouser Left Banner
Mouser Left Banner
Mouser Right Banner
Mouser Right Banner
Mouser Right Banner
More

    Looking into CDN Traffic in the Network

    A CDN or Content Delivery Server, is a geographically distributed network of interconnected servers. CDNs are a crucial part of the modern internet infrastructure which solves the problem of latency (delay before transfer of data begins from a web server) by speeding up the webpage loading time for data-heavy (like multimedia) web applications.

    The usage of CDN has significantly increased with the rise of data volumes in web applications in the last few years. As per the Sandvine Global Internet Phenomena Report 2023, different popular CDN providers are included in the list of top 10 video applications for APAC region for their increased volume of application traffic.

    Figure 1: Without CDN and with CDN scenario
    Figure 1: Without CDN and with CDN scenario

    Network Traffic Analysis

    The ATI team in Keysight has analyzed the network traffic of different popular CDN like Amazon CloudFront, Cloudflare, Akamai, Fastly and has seen some interesting information from the decrypted traffic which can be useful for other researchers.

    Inside HTTP Request Header:

    When a website decides to use CDN, then sometimes it typically integrates the CDN service name like CloudFront, Cloudflare, akamai etc. at the DNS level which changes the DNS records like CNAME records to point into the CDN’s domain. The same behavior is also seen inside the “Host” or “: authority” header inside the HTTP request. For example, if the original website is “www. popularOTT.com”, then after the CDN name integration the URL looks like www.popularOTT.cdnprovider.com as shown below –

    Figure 2: Sample CDN request header
    Figure 2: Sample CDN request header

    Inside HTTP Response Header:

    When a response is sent from the Content Delivery Server (CDN) server, it often includes some specific headers inside the HTTP response packet which provide some information about the CDN server as shown below –

    • X-Cache: This header indicates whether a request is a hit, miss or bypass in the CDN cache. If its value is set as “HIT” (“HIT from cloudfront” for CloudFront) inside the HTTP response that means the request is served by the CDN server, not the origin server.
    Figure 3: Sample response header from CDN server containing X-Cache header.
    Figure 3: Sample response header from CDN server containing X-Cache header.
    • X-Cache-Status: It is similar to “X-Cache” header which provides some detailed information about the caching process. Sometimes we also see the CDN provider information inside the header name. As example when a response is sent from Cloudflare CDN, then sometimes we see this “cf-cache-status” (here cf refers to Cloudflare) header inside the response packet.
    Figure 4: Sample response header from CDN server containing X-Cache-Status header.
    Figure 4: Sample response header from CDN server containing X-Cache-Status header.
    • Via: This repones header indicates if any intermediate proxy or CDN presents through which the request has passed. As example when a request has passed through Amazon CloudFront CDN, then sometimes we see information about that like “1 2b14bcf8de4af74db0f6562ceac643f8.cloudfront.net (CloudFront)” inside the “via” response header.
    Figure 5: Sample response header from CDN server containing Via header.
    Figure 5: Sample response header from CDN server containing Via header.
    • Server: In some cases, we can see the CDN server name in the “server” header inside the HTTP response packet as shown below –
    Figure 6: Sample response header from CDN server containing Server header.
    Figure 6: Sample response header from CDN server containing Server header.
    • Sometimes, we see other custom headers like “x-akamai-request-id”, “x-bdcdn-cache-status” etc. inside the HTTP response which indicates that the response is sent from a CDN server.
    Figure 7: Sample response header from CDN server containing other CDN related headers.
    Figure 7: Sample response header from CDN server containing other CDN related headers.

    CDN in Keysight ATI

    At Keysight Technologies, our Application and Threat Intelligence (ATI) team, researchers have examined the traffic pattern of various leading CDN service providers based on their application traffic from the world’s top 50 most popular websites and they have published the network traffic pattern of 2 popular CDNs (Amazon CloudFront and Cloudflare) in ATI-2024-03 Strike Pack released on February 15, 2024. So please stay tuned for the other popular CDN application traffic which will be released in the upcoming ATI releases.

     

    ELE Times Report
    ELE Times Reporthttps://www.eletimes.com/
    ELE Times provides extensive global coverage of Electronics, Technology and the Market. In addition to providing in-depth articles, ELE Times attracts the industry’s largest, qualified and highly engaged audiences, who appreciate our timely, relevant content and popular formats. ELE Times helps you build experience, drive traffic, communicate your contributions to the right audience, generate leads and market your products favourably.

    Technology Articles

    Popular Posts

    Latest News

    Must Read

    ELE Times Top 10