edge_architecture.md (4206B)
1 # Edge Architecture 2 3 Edge Architecture utilizes a tiered architecture to move data as close to the 4 end user as possible while protecting the origin from traffic spikes. 5 6 ``` 7 +-------------------+ 8 | Developer | 9 | (npm/docker pull) | 10 +---------+---------+ 11 | 12 v 13 +-------------------+ 14 | Anycast / Geo-DNS | 15 +---------+---------+ 16 | (Routes to nearest PoP) 17 v 18 +-----------------------------------------------------------+ 19 | EDGE PoP | 20 | | 21 | +-------------+ +---------------+ +--------------+ | 22 | | Edge Compute|--->| L1 Cache | | WAF / DDoS | | 23 | | (Auth/Route)| | (Memory/NVMe) | | Protection | | 24 | +-------------+ +-------+-------+ +--------------+ | 25 +-----------------------------|-----------------------------+ 26 | (Cache Miss) 27 v 28 +-----------------------------------------------------------+ 29 | REGIONAL SHIELD CACHE | 30 | +-----------------------------------------------------+ | 31 | | L2 Cache (High Capacity SSD, Request Collapsing) | | 32 | +--------------------------+--------------------------+ | 33 +-----------------------------|-----------------------------+ 34 | (Cache Miss) 35 v 36 +-----------------------------------------------------------+ 37 | ORIGIN INFRASTRUCTURE | 38 | +--------------------+ +------------------------+ | 39 | | Blob Storage | | Global Metadata DB | | 40 | | (S3 / GCS) | | (Spanner / DynamoDB) | | 41 | +--------------------+ +------------------------+ | 42 +-----------------------------------------------------------+ 43 ``` 44 45 To achieve this scale, the technology stack must be highly concurrent and 46 lightweight: 47 48 - **Edge Routing & Proxy**: NGINX, Envoy, or Rust-based proxies to handle 49 millions of concurrent TCP connections and perform TLS termination. 50 51 -- **Edge Compute**: WebAssembly (Wasm) or V8 Isolates running directly on the 52 CDN edge to execute custom logic like authentication, A/B testing, and request 53 filtering without routing back to the origin. 54 55 -- **Caching Layer**: Varnish or custom memory-mapped file systems for L1 edge 56 caching, backed by high-capacity NVMe drives for L2 regional shields. 57 58 -- **Data & Origin**: Geographically replicated object storage (like AWS S3) for 59 immutable package blobs, and a globally distributed database (like Google Cloud 60 Spanner) for mutable package metadata and user entitlements. 61 62 ## System Data Flows 63 64 When a user pulls a package, the request follows a strict path to ensure 65 authorization and speed: 66 67 -- **Resolution**: The client's DNS query hits a Geo-DNS provider, returning the 68 Anycast IP of the nearest Edge PoP (Point of Presence). 69 70 -- **Edge Auth**: The request reaches the Edge Proxy. An Edge Function executes 71 immediately, verifying the user's API token against a highly cached subset of 72 the metadata database. 73 74 -- **Cache Lookup**: The proxy checks the L1 Cache. If the package is found, it 75 is returned instantly. 76 77 -- **Shield Fallback**: On an L1 miss, the request goes to the Regional Shield. 78 If the package is present in the L2 cache, it is returned and populated in L1. 79 80 -- **Origin Fetch**: On an L2 miss, the shield fetches the blob from Origin 81 Storage, caches it, and streams it back down the chain to the client. 82 83 ## Performance Impact Chart 84 85 This tiered networking approach reduces latency across the distribution 86 lifecycle. 87 88 ``` 89 Average Response Latency (ms) by Retrieval Tier 90 ------------------------------------------------------------ 91 Origin Fetch |################################ (250ms) 92 Regional Shield L2 |########### (85ms) 93 Edge PoP L1 |### (20ms) 94 Predictive Cache |# (5ms) 95 ------------------------------------------------------------ 96 ` 97 ```