Shulou(Shulou.com)06/01 Report--

Introduction to CDN

The full name of CDN is Content Delivery Network, that is, content delivery network. The basic idea is to avoid the bottlenecks and links that may affect the speed and stability of data transmission on the Internet as far as possible, so as to make the content transmission faster and more stable. By placing node servers everywhere in the network to form a layer of intelligent virtual network based on the existing Internet, the CDN system can redirect the user's request to the nearest service node in real time according to the comprehensive information such as network traffic, connection of each node, load status, distance to the user and response time. Its purpose is to enable users to get the content they need nearby, solve the situation of Internet network congestion, and improve the response speed of users visiting the website.

Introduction to OCSP

OCSP (Online Certificate Status Protocol, online Certificate status Protocol) is one of the two common modes to maintain the security of servers and other network resources. OCSP overcomes the main drawback of certificate cancellation lists (CRL): they must be downloaded frequently on the client side to ensure that the list is updated. When a user tries to access a server, the online certificate status protocol sends a request for certificate status information. The server replies with a "valid", "expired" or "unknown" response. The protocol specifies the communication syntax between the server and client applications. The online certificate status protocol gives users a grace period for expired certificates so that they can continue to access the server for a period of time prior to the update.

The dilemma of 1.OCSP

We know that OCSP (online Certificate status Protocol) is a mode for maintaining the security of servers and other network resources. After the client gets a certificate from the server, it goes to the interface of the server to verify whether the certificate has expired. When a client tries to access a server, OCSP (online Certificate status Protocol) sends a request for certificate status information. The server replies with a "valid", "expired" or "unknown" response.

OCSP binding solves most of the problems in online certificate protocols. After CA issues a certificate to the site, each visitor to the site makes an OCSP query. Therefore, when using the online certificate protocol, the highly concurrent requests will put a lot of pressure on the CA server. At the same time, because the client must establish a connection with CA, OCSP query will also affect the speed of the browser to open the page and disclose the user's privacy.

2.CDN and its advantages

CDN (Content Distribution Network), the Chinese name is "content distribution network". Content delivery Network (CDN) is a set of geographically dispersed servers that work together to provide rapid delivery of Internet content. CDN can cache the content of your site on multiple servers in different geographical locations. Speed up site access by providing content to your site visitors through the nearest server.

CDN has the following advantages:

1) in order to achieve full network coverage across operators and regions

Various factors such as non-interconnection, regional ISP limitations, export bandwidth restrictions and other factors have caused the regional inaccessibility of the website. CDN acceleration can cover lines all over the world, cooperate with operators to deploy IDC resources, reasonably deploy CDN edge distribution storage nodes in the national backbone nodes, make full use of bandwidth resources, and balance origin server traffic.

2) ensure the security of origin server and source server

CDN's load balancing and distributed storage technology can enhance the reliability of the website, which is equivalent to adding an umbrella to the origin server to deal with the vast majority of Internet attacks. Anti-attack system can also prevent websites from malicious attacks.

3) remote backup

When a server fails unexpectedly, CDN will call other nearby health server nodes for service, thus providing nearly 100% reliability, so that the origin server that provides the service can never go down.

4) economize on cost input

The global deployment of the origin server can be achieved by using CDN acceleration. Service providers do not have to consider purchasing servers and subsequent hosting operations, image synchronization between servers, and do not have to worry about managing and maintaining technicians, thus saving manpower, energy and financial resources.

5) Let the service provider focus more on the business itself.

CDN acceleration vendors generally provide one-stop service, which is not limited to CDN, but also includes cloud storage, big data service, video cloud service, etc., and generally provides 7x24 OPS monitoring support to ensure that the network is smooth at any time, and service providers can rest assured to use it. And put more energy into the development of their own core business.

The application of 3.CDN in OCSP?

Binding the OCSP server to the CDN service can break the dilemma of OCSP and integrate a little bit of CDN into the OCSP service. The application of CDN in OCSP has the following advantages:

1) ensure the accessibility of the client to access the OCSP server. OCSP services cover global lines with the help of CDN, and provide OCSP services across operators and backbone nodes.

2) ensure the availability of OCSP server under high concurrent traffic. Because CDN reasonably deploys the CDN edge distribution storage node, the OCSP server can make full use of bandwidth resources and balance the concurrent traffic of the server.

3) the operation and maintenance cost of the OCSP server is saved. Service providers do not have to consider buying servers and subsequent hosting operations and maintenance, mirror synchronization between servers, and do not have to worry about managing and maintaining technicians, saving manpower, energy and financial resources.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.