Method and system for providing on-demand content delivery for an origin server
An infrastructure “insurance” mechanism enables a Web site to fail over to a content delivery network (CDN) upon a given occurrence at the site. Upon such occurrence, at least some portion of the site's content is served preferentially from the CDN so that end users that desire the content can still get it, even if the content is not then available from the origin site. In operation, content requests are serviced from the site in the usual manner, e.g., by resolving DNS queries to the site's IP address, until detection of the given occurrence. Thereafter, DNS queries are managed by a CDN dynamic DNS-based request routing mechanism so that such queries are resolved to optimal CDN edge servers. After the event that caused the occurrence has passed, control of the site's DNS may be returned from the CDN back to the origin server's DNS mechanism.
Latest AKAMAI TECHNOLOGIES, INC. Patents:
- Ensuring coherency across responses when handling a series of client requests
- Detection of site phishing using neural network-enabled site image analysis leveraging few-shot learning
- High performance distributed system of record with extended transaction processing capability
- Low touch integration of a bot detection service in association with a content delivery network
- End-to-end verifiable multi-factor authentication service
This application is a continuation of Ser. No. 13/274,706, filed Oct. 17, 2011, now U.S. Pat. No. 8,239,530, which application was a continuation of Serial No. 12/122,796, filed May 19, 2008, now U.S. Pat. No. 8,041,809, which application was a continuation of Ser. No. 11/598,400, filed Nov. 13, 2006, now U.S. Pat. No. 7,376,736, which application was a continuation of Ser. No. 10/272,368, filed Oct. 15, 2002, now U.S. Pat. No. 7,136,922.
BACKGROUND OF THE INVENTION1. Technical Field
The present invention relates generally to techniques for enabling a Web site origin server to obtain content delivery services from a third party service provider on an as-needed basis.
2. Description of the Related Art
Today's Web sites are a double-edged sword. They present enterprises with the opportunity for both resounding success and costly, dramatic failure. The possibility for either scenario to occur is chiefly due to the Internet's open design. Indeed, the ability to reach a global community of customers and partners via the Web comes with many risks. The open design means that enterprises must expose themselves by opening a public entry-point to get the global reach they need. Couple that with the inherent weaknesses of centralized infrastructure and there is a recipe for failure. Indeed, a growing number of threats can bring a site down daily. These threats include hacker attacks, viruses, Internet worms, content tampering and Denial of Service (DoS) attacks. Moreover, the site's popularity itself can generate “flash crowds” that overload the capabilities of the site's origin server(s). Any one of these events can produce unpredictable site disruptions that impede revenue operations, dilute brand investments, hamper productivity and reduce goodwill and reputation.
A content provider can ameliorate these problems by outsourcing its content delivery requirements to a content delivery network (a “CDN”). A content delivery network is a collection of content servers and associated control mechanisms that offload work from Web site origin servers by delivering content on their behalf to end users. A well-managed CDN achieves this goal by serving some or all of the contents of a site's Web pages, thereby reducing the customer's infrastructure costs while enhancing an end user's browsing experience from the site. In operation, the CDN uses a request routing mechanism to locate a CDN content server close to the client to serve each request directed to the CDN, where the notion of “close” is based, in part, on evaluating results of network traffic tests.
While content delivery networks provide significant advantages, some content providers prefer to maintain primary control over their Web site infrastructure or may not wish to pay for the cost of fully-provisioned CDN services. As a result, the site remains exposed to the myriad of potential security and flash crowds that may bring the site down at any time.
It would be highly desirable to provide a content provider the ability to receive “on demand” use of a CDN to provide an additional layer of protection to ensure business continuity of an enterprise Web site. The present invention addresses this need.
BRIEF SUMMARY OF THE INVENTIONIt is a primary object of the present invention to provide an infrastructure “insurance” mechanism that enables an origin server to selectively use or fail over to a content delivery network (CDN) upon a given occurrence at the site. Upon such occurrence, at least some portion of the site's content is served from the CDN so that end users that desire the content can still get it, even if the content is not then available from the origin site.
It is another primary object of the invention is to provide origin server “insurance” to render server content accessible even if access to the origin server is inhibited in some way.
It is another more specific object of the present invention to provide a mechanism that enables a Web site origin server to use a content delivery network for insurance purposes on an as-needed basis. Preferably, this operation occurs in a seamless and automatic manner, and it is maintained for a given time period, e.g., for as long as the need continues.
According to an illustrative embodiment, the technical advantages of the present invention are achieved by monitoring an origin server for a given occurrence and, upon that occurrence, providing failover of the site to a CDN. Preferably, this is accomplished by re-directing DNS queries (to the origin server) to the CDN service provider's request routing mechanism. In this fashion, DNS queries for content are resolved by the CDN DNS mechanism as opposed to the site's usual DNS. The CDN DNS mechanism then maps each DNS request to an optimal server in the CDN in a known manner to enable the requesting end user to obtain the desired content, even if the origin server is unavailable. As a consequence of this site insurance, given content on the origin server is always available.
The site insurance may be triggered upon a given occurrence—the scope of which is quite variable. Representative occurrences include, without limitation, a flash crowd at the site, a site failure, excess traffic to the site originating from certain geographies or networks, excess demand for certain content on the site such as high resolution streaming content, excess latency or slowdown at the site as perceived by network downloading agents deployed throughout the CDN or elsewhere, or a site attack such as a Denial of Service (DoS) attack at or adjacent the site. Generally, the present invention selectively moves traffic from the origin to the CDN when there is excessive load on the origin or the origin is unreachable. These examples, however, are merely illustrative.
The site insurance functionality may operate in a standalone manner or be integrated with other CDN services, such as global traffic management.
The foregoing has outlined some of the more pertinent features of the present invention. These features should be construed to be merely illustrative. Many other beneficial results can be attained by applying the disclosed invention in a different manner or by modifying the invention as will be described.
By way of background, it is known in the prior art to deliver digital content (e.g., HTTP content, streaming media and applications) using an Internet content delivery network (CDN). A CDN is a network of geographically-distributed content delivery nodes that are arranged for efficient delivery of content on behalf of third party content providers. Typically, a CDN is implemented as a combination of a content delivery infrastructure, a request-routing mechanism, and a distribution infrastructure. The content delivery infrastructure usually comprises a set of “surrogate” origin servers that are located at strategic locations (e.g., Internet network access points, Internet Points of Presence, and the like) for delivering content to requesting end users. The request-routing mechanism allocates servers in the content delivery infrastructure to requesting clients in a way that, for web content delivery, minimizes a given client's response time and, for streaming media delivery, provides for the highest quality. The distribution infrastructure consists of on-demand or push-based mechanisms that move content from the origin server to the surrogates. An effective CDN serves frequently-accessed content from a surrogate that is optimal for a given requesting client. In a typical CDN, a single service provider operates the request-routers, the surrogates, and the content distributors. In addition, that service provider establishes business relationships with content publishers and acts on behalf of their origin server sites to provide a distributed delivery system.
As seen in
Content may be identified for delivery from the CDN using a content migrator or rewrite tool 106 operated, for example, at a participating content provider server. Tool 106 rewrites embedded object URLs to point to the CDNSP domain. A request for such content is resolved through a CDNSP-managed DNS to identify a “best” region, and then to identify an edge server within the region that is not overloaded and that is likely to host the requested content. Instead of using content provider-side migration (e.g., using the tool 106), a participating content provider may simply direct the CDNSP to serve an entire domain (or subdomain) by a DNS directive (e.g., a CNAME). In either case, the CDNSP may provide object-specific metadata to the CDN content servers to determine how the CDN content servers will handle a request for an object being served by the CDN. Metadata, as used herein, refers to a set of control options and parameters for the object (e.g., coherence information, origin server identity information, load balancing information, customer code, other control codes, etc.), and such information may be provided to the CDN content servers via a configuration file, in HTTP headers, or in other ways. The Uniform Resource Locator (URL) of an object that is served from the CDN in this manner does not need to be modified by the content provider. When a request for the object is made, for example, by having an end user navigate to a site and select the URL, a customer's DNS system directs the name query (for whatever domain is in the URL) to the CDNSP DNS request routing mechanism. A representative CDN DNS request routing mechanism is described, for example, in U.S. Pat. No. 6,108,703, the disclosure of which is incorporated herein by reference. Once an edge server is identified, the browser passes the object request to the server, which applies the metadata supplied from a configuration file or HTTP response headers to determine how the object will be handled.
As also seen in
The above described content delivery network is merely illustrative. The present invention may leverage any content delivery infrastructure in which a service provider operates any type of DNS-based request routing mechanism.
According to the present invention, a content provider's origin server(s) provide the Web site's content in the usual manner that would occur in the absence of a content delivery network (CDN). The origin server(s) may be located at a content provider location or a third party hosting site. Thus, conventionally, an end user running a client machine would launch his or her Web browser to a URL identifying the content provider Web site. Through conventional DNS, the end user's browser would be connected to the origin server to fetch the content. That well-known operation is augmented according to the present invention to provide so-called “site insurance,” which is a technique to provide “on-demand” use of the CDN in given circumstances. The CDN service provider preferably makes the site insurance functionality available to one or more content provider customers as a managed service, which is available on an as-needed basis. Thus, according to the invention, Web site traffic is handled by the origin server(s) in the usual manner (i.e., without the CDN) and is triggered upon a given occurrence at the origin server. Representative occurrences include, without limitation, a flash crowd at the site, a site failure, excess traffic to the site originating from certain geographies or networks, excess demand for certain content on the site such as high resolution streaming content, excess latency or slowdown at the site as perceived by network downloading agents deployed throughout the CDN or elsewhere, a Denial of Service (DoS) attack at or adjacent the site, a DoS attack that indirectly impacts the site, or the like. Of course, the above examples are merely illustrative.
The content delivery network service provider may provide the site insurance functionality as a standalone product or managed service (as described above) or integrated with a global traffic management (GTM) product or service. An illustrative GTM system is known commercially as FirstPointSM and is available from Akamai Technologies of Cambridge, Mass. This technique is described in commonly-owned U.S. Pat. No. 7,111,061, titled Global Load Balancing Across Mirrored Data Centers, which is incorporated herein by reference. Other commercial available products include Cisco Global Director, global load balancers from F5, and the like. Any product/system/managed service that has the ability to direct a client request to one of a set of mirrored sites based on network traffic conditions, server load, and the like, may be used as the GTM system.
In this embodiment, the content provider purchases the GTM and the site insurance services from the CDN service provider. The content provider's origin server may or may not be mirrored, but typically it will be. Accordingly, the GTM directs end user requests to the origin server, or to one of the mirrored origin servers, in the usual manner. Upon occurrence of a given event triggering the insurance policy, however, the GTM, as modified to include the site insurance mechanism, automatically and seamlessly moves traffic away from the origin servers and onto the CDN.
Integrating GTM and site insurance functionality in this manner provides significant advantages. In low demand situations, the GTM simply directs end users to the origin servers in the normal manner. As the demand increases, however, the GTM automatically senses the load changes and directs it to the CDN, where it can be more effectively managed by the distributed CDN infrastructure.
Representative machines on which the present invention is operated may be Intel Pentium-based computers running a Linux or Linux-variant operating system and one or more applications to carry out the described functionality. One or more of the processes described above are implemented as computer programs, namely, as a set of computer instructions, for performing the functionality described.
Claims
1. A method to protect a server, wherein data deliverable from the server is associated with a first domain, the first domain identified in a domain name service (DNS) record, comprising:
- in response to receipt of an indication of an occurrence of a given condition associated with the server, using a hardware element to perform an automated rewrite of the DNS record such that that the first domain points to a second domain, the second domain being distinct from the first domain and being associated with a service provider, wherein the given condition is one of: a failure at the server, an occurrence of excess demand at a Web site hosted on the server, a receipt of a request for content that cannot then be served from the server, an occurrence of excess traffic to the Web site originating from a given geography or network, an occurrence of excess latency at the Web site as measured by network agents, and a denial of service attack; and
- following termination of the given condition, using the hardware element to update the DNS record such that the first domain no longer points to the second domain.
2. The method as described in claim 1 wherein the rewriting of the DNS record associates a canonical name with the first domain.
3. The method as described in claim 1 wherein the server is an origin server.
4. The method as described in claim 3 wherein the service provider provides delivery of the data on behalf of the origin server.
5. The method as described in claim 1 wherein the rewriting occurs in a name service associated with the server.
6. A system to protect a server, wherein data deliverable from the server is associated with a first domain, the first domain identified in a domain name service (DNS) record, comprising:
- a name service;
- a monitor; and
- a control routine executing in hardware in response to receipt of an indication from the monitor of an occurrence of a given condition associated with the server, to cause the name service to perform an automated rewrite of the DNS record such that that the first domain points to a second domain, the second domain being distinct from the first domain and being associated with a service provider, wherein the given condition is one of: a failure at the server, an occurrence of excess demand at a Web site hosted on the server, a receipt of a request for content that cannot then be served from the server, an occurrence of excess traffic to the Web site originating from a given geography or network, an occurrence of excess latency at the Web site as measured by network agents, and a denial of service attack; and
- the control routine further executing in hardware following termination of the given condition as indicated by the monitor to update the DNS record such that the first domain no longer points to the second domain.
7. The system as described in claim 6 wherein the monitor is associated with the service provider.
Type: Application
Filed: Aug 6, 2012
Publication Date: Nov 29, 2012
Applicant: AKAMAI TECHNOLOGIES, INC. (Cambridge, MA)
Inventors: Ravi Sundaram (Cambridge, MA), Hariharan S. Rahul (Cambridge, MA)
Application Number: 13/567,351
International Classification: G06F 15/16 (20060101);