Google Cloud CDN (Content Delivery Network) caches website and application content closer to the user
Cloud CDN uses Google’s global edge network to serve content closer to users, which accelerates the websites and applications.
Cloud CDN works with external HTTP(S) Load Balancing to deliver content to the users.
Cloud CDN requires the use of Google Premium Network Tier which provides the Global Anycast IP address
Cloud CDN content can be sourced from various types of backends (also referred to as origin servers) :
Zonal network endpoint groups (NEGs)
Serverless NEGs: One or more App Engine, Cloud Run, or Cloud Functions services
Internet NEGs, for endpoints that are outside of Google Cloud (also known as custom origins)
Buckets in Cloud Storage
Cloud CDN with Google Cloud Armor enforces security policies only for requests for dynamic content, cache misses, or other requests that are destined for the origin server. Cache hits are served even if the downstream Google Cloud Armor security policy would prevent that request from reaching the origin server.
Cloud CDN Flow
When a user requests content from an external HTTP(S) load balancer, the request arrives at a Google Front End (GFE), which is at the edge of Google’s network as close as possible to the user.
GFE uses Cloud CDN if the load balancer’s URL map routes traffic to a backend service or backend bucket that has Cloud CDN configured
Cloud CDN doesn’t perform any URL redirection. The Cloud CDN cache is located at the GFE.
Caching happens automatically for all cacheable content, once Cloud CDN is enabled
Cache Hits and Cache Misses
A cache is a group of servers that stores and manages content so that future requests for that content can be served faster.
Cached content is a copy of cacheable content that is stored on origin servers.
Cache Hit – GFE sends the cached response, if the GFE looks in the Cloud CDN cache and finds a cached response to the user’s request
Cache Miss – GFE determines that it can’t fulfill the request from the cache, if the content is requested first time or expired or evicated
Cache Hit Ratio
Cache Hit Ration is the percentage of times that a requested object is served from the cache
Cache Egress and Cache Fill
Cache Egress – Data transfer from a cache to the client
Cache Fill – Data transfer to a cache
Cloud CDN removes or evicts content to insert new content once the it reaches its capacity
Content evicted is usually the one that hasn’t recently been accessed, regardless of the content’s expiration time
Content in HTTP(S) caches can have a configurable expiration time or Time To Live (TTL)
Cache Invalidation allows one to force an object or set of objects to be ignored by the cache
Invalidations don’t affect cached copies in web browser caches or caches operated by third-party internet service providers.
Cache Invalidation are eventual
Invalidations are rate-limited and use patterns to control the same for e.g. use /images/* instead of each request for /images/1.jpg etc.
Caching is reactive in that an object is stored in a particular cache only if a request goes through that cache and if the response is cacheable.
Caches cannot be preloaded except by causing the individual caches to respond to requests.
An object stored in one cache does not automatically replicate into other caches; cache fill happens only in response to a client-initiated request.
Cloud CDN Signed URL
Cloud CDN signed URLs helps serve responses from Google Cloud’s globally distributed caches, even for authorized requests
Cloud CDN signed URLs help control access to the cached content
Signed URL is a URL that provides user read access to a private resource for a limited time without needing a Google Account
Anyone who knows the URL can access the resource until the expiration time for the URL is reached or the key used to sign the URL is rotated.
Cryptographic keys are created on a backend service or bucket, or both
Signed URL contains authorization within the request URL with selected elements of the request that are hashed and cryptographically signed by using a strongly generated random key.
Cloud CDN Best Practices
Cache static content
Use proper expiration time or TTL for time sensitive data
Use custom cache keys to improve cache hit ratio
Cloud CDN, by default, uses entire request URL to build the cache key
Cache keys can be customized to include or omit any combination of protocol, host, and query string
Use versioning to update content instead of cache invalidation
Versioning content serves a different version of the same content, effectively removing it by showing users new content before the cache entry expires
Invalidation is eventually consistent and should be used as a last resort
GCP Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
GCP services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
GCP exam questions are not updated to keep up the pace with GCP updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.