FAQs
The following are a few FAQs to provide insight into the CDN product.
Fundamentals
What is a CDN?
A Content Delivery Network (CDN) is a system of distributed servers strategically placed worldwide to deliver web content and applications more quickly and reliably. CDN caches content at edge locations closer to the end users and delivers content with reduced latency and improved load times, ensuring a better user experience. CDN offers enhanced security and scalability and protects against various DDoS attacks. For more information, see Overview.
Why do I need a CDN?
With CDN, you can experience faster loading times for web applications with high reliability of content delivery with globally distributed edge servers and delivering content to users from the closest server. For more information on how CDN best suits your business, see Features and Benefits and Use Cases.
How does a CDN improve my website performance?
A CDN works by caching content on servers located close to your users. When a user requests content from your website or application, the CDN server will deliver it from its cache rather than from your origin server. Additionally, an origin server is relieved of cacheable requests, leaving it with more resources available for processing non-cacheable requests. These aspects overall speed up your website performance.
What is the difference between an edge server and an edge region?
An edge location is a specific data center within the CDN network housing multiple edge servers where content is cached. An edge region is a broader geographic area containing numerous edge locations to ensure high availability. IONOS CDN leverages both to ensure optimal content delivery.
How does using a CDN impact my origin server's bandwidth?
Using a CDN significantly reduces the bandwidth required from your origin server by caching content at edge locations. Hence, it offloads the heavy lifting to the CDN, allowing you to maintain a smaller, more cost-effective infrastructure with fewer resources.
How can I ensure high availability with IONOS CDN?
IONOS CDN is designed for high availability with a redundant, distributed network of edge servers. In the event of a server failure, traffic is automatically rerouted to ensure uninterrupted access to your content. Even if your origin server is offline, our edge servers may still have some cached content and serve that "stale" content in its place, keeping your website available.
Is dual stack supported in CDN?
Yes. Both IPv4 and IPv6 are supported. This ensures that your content is accessible to users on IPv4 and IPv6 networks, helping future-proof your web services and ensuring broad accessibility. Our edge servers can also access your origin servers via public IPv4 and IPv6 addresses.
Is there a CDN API for automation?
Yes, we provide a comprehensive CDN API complemented by a GO SDK and Terraform tooling that allows for the automation of various CDN-related tasks. This ensures seamless integration with your DevOps workflow.
Getting started
How can I get started with using IONOS CDN?
To get started with IONOS CDN, sign up for an account with IONOS Cloud. Once you have signed up, configure CDN distributions for your domain via the DCD or API.
How do I integrate CDN with my existing infrastructure?
To integrate CDN with your existing infrastructure, you need to create a CDN distribution with routing rules for the domain after which an IPv4 and IPv6 Anycast IP address is provided which is needed to configure the domain's DNS settings for the CDN distribution to be fully functional. For more information, see Create a CDN Distribution.
Is access management possible for CDN operations via the DCD and API?
Yes. Contract administrators and owners can enable access to sub-users to manage CDN by providing the “Access and Manage CDN” group privilege. For more information, see Set User Privileges via the DCD and API. You can also view audit logs for CDN operations via the Activity Log functionality.
How can I get the best from IONOS CDN?
IONOS CDN is best complimented by using Cloud DNS for your domain's DNS management and utilizing IONOS S3 Object Storage or Compute Engine as the origin servers. This will ensure traffic stays in IONOS networks for optimal content delivery.
Are there limits to how many CDN distributions I can create?
You can create up to twenty CDN distributions per contract, and each distribution can be configured with up to twenty-five routing rules.
What is the price model for using IONOS CDN?
CDN distribution is charged monthly; additional charges apply when enabling WAF on individual routing rules. For more information, see Prices.
Caching
What if the origin server goes down?
If the origin server goes down, IONOS CDN will continue to serve cached content until the cache expires. This provides a level of redundancy that helps maintain content availability during origin server outages.
What is the caching policy?
Using the Caching policy, you can define how long the content cached in the edge server must be retained. IONOS CDN has a default caching behavior in which the content is cached based on status code HTTP 2xx
from the origin server and cache-control
headers. For more information, see Caching.
Can I set custom caching rules for my content?
No. Custom cache rules are currently not supported. For your CDN distribution, you can only enable or disable caching on a per-routing rule basis.
Does IONOS CDN set Cache response headers?
Yes, X-CDN-Cache-Status
set as a header to responses indicates whether a resource is cached or not. For more information, see Cache response headers.
Is disabling caching for a CDN routing rule equivalent to a purge operation?
No, disabling caching does not automatically delete the cache contents. Content will remain until expiry. When caching is disabled, the requests are always forwarded to the origin server.
Security
How secure is data transferred through the CDN?
Data transferred through IONOS CDN is secured using SSL/TLS encryption to prevent unauthorized access and ensure data integrity. To enforce this, configure HTTPS
as the protocol for the corresponding routing rule and provide a publicly trusted, valid TLS certificate for either the origin server's name or the website's configured name. Multi-layered DDoS protection and WAF features also offer added security against threats.
What are the IP addresses of the IONOS CDN edge servers?
The IP addresses of IONOS edge servers currently belong to the following ranges:
212.227.172.0/24
2001:8d8:105::/64
216.250.123.0/25
2607:f1c0:105::/64
If your origin is hosted on IONOS Cloud and protected by firewall rules, you can use the above IP addresses to allow inbound traffic to your origin only from IONOS CDN’s origin-facing servers, preventing any non-CDN traffic from reaching your origin.
If the origin is an Object Storage bucket, a Bucket Policy can be set up to restrict access only from the above IP addresses.
The same list can also be used as a list of “trusted” IPs for Apache
httpd’s
mod_remoteip, Nginx’s ngx_http_realip module, or similar features in other software to restore the original client's IP address in requests reaching the origin server.
Can geo restrictions be applied to domains using CDN?
Yes. Geo restriction can be optionally applied for CDN distributions. You can either create a ”block” list or an “allow” list of countries to restrict access to your domain.
Does CDN support rate limiting of requests?
Yes. You can configure rate limits for every CDN routing rule to control the number of incoming requests on a per-client IP basis for a given edge server. A response header X-WS-RateLimit-Limit
indicates which rate limit is configured. Each edge server and routing rule has its bucket for the client IP limits and will not be shared across all routes or edge servers. For more information, see Rate Limit Class.
How does CDN handle SSL/TLS certificates?
CDN supports SSL/TLS encryption for secure data transmission. Remember to use valid certificates from recognized and reputable Certificate Authorities (CAs). You can manage and store TLS certificates using the Certificate Manager to terminate HTTPS connections from the internet. The Automatic Certificate Management Environment (ACME) protocol automatically renews TLS certificates. For more information, see Certificate Manager.
What protection does WAF provide on CDN?
WAF can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by OWASP® CRS.
Does CDN support sniMode?
Yes, CDN supports Server Name Indication(SNI) mode particularly in the context of Secure Sockets Layer SSL or Transport Layer Security (TLS) communications. Specify the following mandatory properties to configure sniMode in CDN for outgoing connections to the upstream host:
Properties
Description
Usage
distribution
CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution.
You can use this sniMode property to point CDN to an API gateway. For more information, see CDN Distribution API.
origin
CDN requires the upstream host to present a valid certificate that matches the configured upstream or the origin hostname. This avoids leaking traffic to unauthorized, misconfigured hosts that are not authorized to serve the same domain.
You can use this sniMode property for Object Storage hosted static websites.
Last updated