How CDNs Actually Work: Edge Caching, PoPs, and Anycast Routing

A Content Delivery Network (CDN) is a globally distributed cache that sits between your users and your origin server. Instead of every request flying across the planet to your single data center, the CDN serves content from a Point of Presence (PoP) close to the user — often within a few milliseconds.

The mental model

Think of a CDN as a thin “wrapper” in front of your site. When a user requests cdn.example.com/logo.png:

1. DNS resolves cdn.example.com to a CDN-owned IP via Anycast.
2. The user lands on the closest PoP automatically.
3. If the file is cached locally, the PoP serves it in milliseconds.
4. If not, the PoP fetches from your origin, caches it, then serves the user.

Anycast: the magic that picks the closest PoP

Anycast is a routing trick where many physical servers around the world advertise the same IP address. BGP (the internet’s routing protocol) directs each user to the topologically closest one. A user in Tokyo and one in Berlin hit the exact same IP — but each lands on a different PoP. No GeoDNS, no client logic, just packets following the shortest BGP path.

The cache key

CDNs decide what to cache based on the cache key. By default it includes the URL path and querystring. You can extend it with headers like Accept-Language for localized variants, or strip cookies you don’t care about. A poorly tuned cache key kills your hit rate — every unique cookie value becomes a separate cache entry.

Cache control headers

Your origin tells the CDN how to cache:

Cache-Control: public, max-age=86400, s-maxage=604800
Cache-Control: private, no-cache         (do not cache, always revalidate)
Cache-Control: no-store                   (never cache anywhere)

max-age is for browsers, s-maxage overrides it for shared caches like CDNs. stale-while-revalidate lets the CDN serve stale content while quietly re-fetching in the background — a huge win for perceived performance.

Cache invalidation

“There are only two hard things in computer science: cache invalidation and naming things.” When you update a file, you have two options: purge the cache (slow, expensive) or change the URL (app.v2.css instead of app.css). The second is what every modern build tool does — fingerprint the filename with a content hash so the URL changes whenever the bytes change.

Beyond static files

Modern CDNs do far more than serve images. Edge functions (Cloudflare Workers, AWS Lambda@Edge, Vercel Edge Functions) let you run code at the PoP — perfect for A/B testing, auth checks, or personalization without a round-trip to your origin.

What to learn next

CDNs are built on DNS and BGP. To understand their security benefits read network hardening, and pair them with smart routing via modern load balancing.