Today we introduced a new dynamic content acceleration network enhancement feature designed to improve response times to the origin server by up to 30%.

Clients using the Imperva content delivery network (CDN) service are now able to more fully leverage the high-quality connectivity between PoPs in the Imperva network. The enhancement translates to an even better experience for our clients’ end users and increased conversion rates for e-commerce websites and alike. And it will especially allow clients who have distributed end users to see a boost to their website performance, with zero code changes required on their end.

How Dynamic Content Acceleration Works

The origin PoP is selected based on the network distance (according to latency, not geographic distance) between the client’s origin server and the Imperva PoP.

Origin PoPs have dedicated machines called forwarders, part of a preconfigured setting. The purpose of the forwarder is to serve as an access point to the origin server.

With this enhancement there’s no change to the traffic inspection process, as traffic will continue to be analyzed in the entry PoP (the access point for the end user’s request).

Example

Say www.example.com is located in a datacenter in New York City and is using the dynamic content acceleration service.

When a request to www.example.com reaches one of our proxy servers (e.g. Sydney) the proxy decides if the content is static or dynamic (A2).

If the content is dynamic, the proxy routes the traffic to the forwarder server in our New York City PoP (B2).

When the request reaches the forwarder in our New York City PoP, it sends the request forward to the origin server in New York City (C2).

When the origin sends a response, the forwarder receives it and sends it to the relevant proxy, which provides a faster response to the user. See our documentation for more information.

Improved Round-Trip Latency

Our improvements in round-trip latency are fueled by our cloud application security single stack architecture, PoPs strategically located to meet user demands, a broad peering footprint, and the fact that our entire network is tuned for DDoS mitigation, mandating the use of the same T1 transit providers across all our PoPs. A side effect of this IP engineering principle is a high-quality connection between PoPs.

Open connections are maintained between the PoPs which eliminates TCP slow start, an algorithm which balances the speed of a network connection. Connectivity to the origin from a nearby PoP also significantly reduces the latency required for the TLS handshake.

And when a packet moves from one PoP to another, it goes through fewer providers. In most cases it goes through just one provider. As a result, there is less packet loss and better latency.

Effect on Production Environment Analysis

As an additional benefit of dynamic content acceleration, clients utilizing XRAY will be able to have more visibility into requests to their origin and understand if a request passed through an origin PoP or not. This may come in handy in cases where there are potential connectivity improvements to the origin that need to be addressed.

The Development Process

We’ve been developing and testing this feature for about a year prior to release, measuring improvements in round-trip latency, time to first byte, and open connection time to the origin.

We found it takes much less time to open a connection to the origin from the forwarder compared to the origin from a faraway proxy (i.e. New York City <-> Tokyo). The forwarder can take 10 ms while a faraway proxy can take up to 300 ms).

Cedexis Testing

We use Cedexis to test different network optimization features. In the above testing we’ve set up two different networks to be monitored via Cedexis, both with origin servers in the same AWS EU-Central-1 Region in Frankfurt, Germany.

Then we applied dynamic content acceleration to one of the platforms by setting its origin PoP to the our Frankfurt PoP.

Lastly, we compared the latency of both networks as measured by eyeballs around the world.

The above results show an average latency of 308 ms vs 188 ms in the last 24 hours – a 120 ms decrease (which is also better than any other dynamic CDN vendor in Cedexis).

Performance improvement will vary based on the geographic traffic distribution of the site and the origin’s proximity to one of our PoPs. But our tests have shown an average improvement of 30% in round-trip time latency.

Considerations

It’s important to remember that dynamic content acceleration does add an additional hop, so in some cases if the origin server is not close to the origin proxy (forwarder), clients may not see an improvement in round-trip latency.

And since only a few proxy servers connect to the origin server with dynamic content acceleration, if a client implements rate limiting or load balancing based on IP only, the fact that all traffic reaches the origin from fewer proxies may trigger a rate threshold and result in dropped traffic.

However, in general we expect dynamic content acceleration to have a widespread, positive performance impact. And this enhancement is just one of many benefits to come as we continue to invest in our CDN service.