This topic describes the terms you may come across when you use Alibaba Cloud CDN. We recommend that you familiarize yourself with these terms to better understand and use Alibaba Cloud CDN.

Origin server

An origin server refers to the server on which your workloads are run. Alibaba Cloud CDN distributes the content hosted on the origin server.

An origin server can process and respond to user requests. If the requested content is not cached on points of presence (POPs), the request is redirected to the origin server to retrieve the content. You can use Object Storage Service (OSS) buckets, Function Compute, and your own servers (with public-facing IP addresses or domain names) as origin servers for Alibaba Cloud CDN.

Point of presence

A point of presence (POP) is where resources from the origin server are cached. POPs are deployed in different geographical regions to accelerate content delivery.

Accelerated domain name

An accelerated domain name refers to a domain name that is accelerated by Alibaba Cloud CDN. This is the domain name typically used by your customers to obtain your services. For example, if you add aliyundoc.com to Alibaba Cloud CDN, aliyundoc.com is considered as an accelerated domain name.

Alibaba Cloud CDN retrieves resources from the origin server and caches them on POPs to accelerate content delivery.

Note A domain name, also known as a network domain, is an identification string that defines one or more Internet resources, such as computers. A domain name is a numerical address and sometimes also represents a physical location.

CNAME record

A CNAME record, also called an alias record, maps a domain name to another domain name, which is then resolved to the IP address of the destination server.

After you add a domain name to Alibaba Cloud CDN, Alibaba Cloud CDN generates a CNAME in the format of *.*kunlun*.com and then assigns the CNAME to the domain name.
Note Alibaba Cloud CDN uses globally distributed POPs to accelerate content delivery. The IP addresses of POPs that are in different regions or used by different Internet service providers (ISPs) are different. In this case, an accelerated domain name cannot be resolved to a specific IP address by using an A record. To resolve this issue, CNAME records are used.

After you add an accelerated domain name, you must add the CNAME provided by Alibaba Cloud CDN to the DNS records of your hosting provider. After the CNAME record takes effect, all requests sent to the domain name are redirected to Alibaba Cloud CDN POPs, effectively accelerating your content. Alibaba Cloud CDN nominates the optimal POP based on the region, ISP, and load. Then, the CNAME record is resolved to the IP address of the optimal POP.

Static content (static resources)

Static content refers to content that remains unchanged regardless of how many times the content is requested by users. Static content includes images, videos, web files (such as HTML, CSS, and JavaScript files), software installation packages, APK files, and compressed files.

Alibaba Cloud CDN caches static content from the origin server to POPs distributed around the globe. When your customers request content, the content is served from the POP closest to them, minimizing delay and improving user experience.

Dynamic content (dynamic resources)

Dynamic content refers to content that may change each time it is requested. Dynamic content includes web files (such as ASP, JSP, PHP, PERL, and CGI files), API operations, and database queries.

If you want to improve the acceleration performance in dynamic content delivery, we recommend that you use Dynamic Route for CDN (DCDN). For more information, see What is DCDN?

DNS/Domain name resolution

Domain Name System (DNS) is a service used to translate human-readable domain names into machine-readable IP addresses.

Domain name resolution is automatically performed by DNS servers. For example, if you enter aliyundoc.com in the address bar of your browser, the domain name is automatically resolved to an IP address, such as 10.10.10.10.

Alibaba Cloud also provides a DNS resolution service called Alibaba Cloud DNS. For more information, see Alibaba Cloud DNS.

Secure sockets layer/Transport layer security

Secure Sockets Layer (SSL) is a secure communication protocol that improves the integrity and security of data that is transmitted over the Internet. SSL encryption is performed between the TCP/IP protocol stack and application layer protocols. Transport Layer Security (TLS) is the successor of SSL and is a cryptographic protocol on the transport layer. SSL and TLS are collectively known as SSL/TLS.

DNS time

The amount of time that it takes for a client to initiate a request and receive the IP address of the destination host.

TCP time

The amount of time that it takes for a client to establish a TCP connection to the destination server.

SSL time

The amount of time that it takes for a client to establish an SSL connection to a web server.

Delivery time

The amount of time that it takes for a client to complete sending a request after SSL handshakes are completed.

Connection time

If a POP uses HTTP to accelerate content delivery, the connection time consists of the DNS time and TCP time. If a POP uses HTTPS to accelerate content delivery, the connection time consists of the DNS time, TCP time, and SSL time. The connection time shows the number of available POPs and the capabilities of the POPs to deliver content.

Response time

The amount of time that it takes for a web server to process an HTTP request and return a response to a client.

Download time

The amount of time that it takes for a client to receive and download the first packet returned from a web server.

Time to first packet

The amount of time that it takes for a client to send a request and receive the first HTTP packet from a server. The time to first packet shows the overall performance of POPs.
  • For content uploading, the time to first packet consists of the DNS time, TCP time, SSL time, request delivery time, and response time.
  • For content downloading, the time to first packet consists of the DNS time, TCP time, SSL time, request delivery time, and response time.
Note A new domain name may require a longer DNS resolution time. This is not affected by the cache retrieval time.

Initial load time

The amount of time that it takes to complete loading the first frame of a stream. The initial load time is determined by the DNS time, connection time, and time to first packet. A shorter initial load time indicates higher performance.

Stalling rate

Stalling events may occur when a video or audio stream is played or a resource is loaded. The stalling rate is calculated based on the following formula: Number of viewers that have stalling events/100. A lower stalling rate indicates higher performance.

Packet loss rate

The rate of lost packets to total packets during transmission.

Overall performance

The amount of time that it takes to upload or download an entire file.

Back-to-origin routing

If the resources requested by your customers are not cached on POPs or have expired, the request is redirected to the origin server to retrieve the resources. This process is called back-to-origin routing.

Origin host

An origin host refers to the domain name to which POPs redirect requests during back-to-origin routing. If multiple domain names are hosted on the same origin server, you must specify the domain name to which POPs redirect requests during back-to-origin routing. For more information, see Configure an origin host.

For example, the domain name to which POPs redirect requests is aliyundoc.com, which is different from the accelerated domain name www.aliyundoc.com. In this case, you must specify aliyundoc.com as the origin host.

Origin protocol policy

An origin protocol policy specifies the protocol that is used to redirect requests to origin servers. An origin protocol policy can specify whether requests are redirected to origin servers over the protocol that is used by the clients. For example, if clients send HTTPS requests to POPs, you can set the origin protocol policy to HTTPS. If the origin server does not support HTTPS, you can set the origin protocol policy to HTTP. For more information, see Configure the origin protocol policy.

Back-to-origin rate

The back-to-origin rate is classified into two: back-to-origin request rate and back-to-origin data transfer rate.
  • The back-to-origin request rate refers to the rate of requests for resources that are not cached, have expired, or cannot be cached on POPs to the total number of requests. Back-to-origin request rate = Number of back-to-origin requests from POPs/Total number of requests sent to POPs. A lower back-to-origin request rate indicates higher performance. However, if the original user requests are fragmented after POPs redirect the requests to the origin servers, the number of back-to-origin requests becomes greater than the total number of requests that are sent to POPs.
  • The back-to-origin data transfer rate refers to the rate of data transfer that is returned by the origin servers to data transfer that is returned by POPs to clients. Back-to-origin data transfer rate = Number of bytes returned from the origin servers to POPs/Number of bytes returned from POPs to clients. A lower data transfer rate indicates higher performance.

Server name indication

Server name indication (SNI) is an extension of SSL/TLS. If multiple domain names are hosted on the same HTTPS server (IP address), you can use SNI to specify the domain name to which requests are redirected.

If the IP address of an origin server is associated with multiple domain names and the origin protocol policy is set to HTTPS, you can configure SNI to specify the domain name to which requests are redirected. When requests are redirected to the origin server, the origin server returns the certificate of the requested domain name. For more information, see Configure SNI.

Object chunking

If a request redirected from POPs to the origin server carries the Range header, the origin server returns the content specified by the Range header. This process is called object chunking. For example, the Range header can specify that the origin server returns only the first 0 to 100 bytes of data from a specified file.

In scenarios where you want to distribute large files, such as on-demand video streaming and software package distribution, object chunking is an ideal method to accelerate file distribution, increase cache hit ratio, reduce back-to-origin network traffic and workloads on origin servers, and reduce the response time of origin servers. For more information, see Object chunking.

Note Range is an HTTP header that specifies the part of content to be retrieved.

302 redirection

302 redirection allows POPs to process the HTTP 302 status code that is returned from the origin server instead of directly returning the HTTP 302 status code to clients. 302 redirection simplifies the request processing pipeline and accelerates content delivery.

Referer-based hotlink protection

Referer-based hotlink protection refers to access control based on the Referer header. For example, you can configure a Referer whitelist to allow only specified requests to access your resources or a blacklist to deny specified requests. Referer-based hotlink protection identifies and filters user identities and protects your resources from unauthorized access. After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or denies requests based on user identities. For more information, see Configure a referer whitelist or blacklist to enable hotlink protection.

Note The Referer header is a component of the header section in HTTP requests and contains information about the source address, including the protocol, domain name, and query string. Referer is used to identify the source of a request.

Bandwidth cap

A bandwidth cap specifies the maximum amount of bandwidth resources that can be consumed to prevent bandwidth usage spikes.

If the average bandwidth value of an accelerated domain name during a statistical period (1 minute) reaches the specified bandwidth cap, Alibaba Cloud CDN suspends services and disables the domain name. Then, the domain name is mapped to the invalid domain name offline.***.com. In this case, the domain name becomes inaccessible. For more information, see Configure bandwidth caps.

Time-to-live

Time-to-live (TTL) refers to the amount of time that a resource is cached on Alibaba Cloud CDN POPs. Expired resources are automatically removed from POPs. Requests for expired resources are considered cache misses and redirected to the origin server. The retrieved resources are returned to the clients and cached on POPs. For more information, see Add a cache rule.

Cache hit ratio

The cache hit ratio of Alibaba Cloud CDN is classified into two: byte cache hit ratio and request cache hit ratio. The cache hit ratio of Alibaba Cloud CDN is represented by the byte cache hit ratio. A higher cache hit ratio indicates higher performance.
  • Byte cache hit ratio = (Total number of bytes returned from POPs to clients - Total number of bytes returned from the origin servers to POPs)/Total number of bytes returned from POPs to clients.
    Note A lower byte cache hit ratio indicates a higher volume of back-to-origin traffic. A higher volume of outbound traffic from the origin server indicates a larger bandwidth value and heavier workloads of the origin server. Back-to-origin traffic represents the amount of workloads on the origin server, and the byte cache hit ratio is a major concern in actual business scenarios.
  • Request cache hit ratio = (Total number of requests to POPs - Total number of back-to-origin requests)/Total number of requests to POPs.

Cross-origin resource sharing

Cross-origin resource sharing (CORS) is an access control mechanism that is based on HTTP headers. CORS allows web servers to define the origin servers by specifying the domain name, protocol, and port from which a browser is allowed to retrieve specified resources. For more information, see Configure CORS.

EdgeScript

EdgeScript allows you to specify custom Alibaba Cloud CDN and DCDN configurations by running scripts if the built-in configurations provided by Alibaba Cloud CDN or DCDN cannot meet your business requirements.

EdgeRoutine

EdgeRoutine is a JavaScript code runtime environment that runs on globally distributed Alibaba Cloud CDN POPs. EdgeRoutine supports the ES6 syntax and standard Web Service Worker APIs. You can deploy your JavaScript code to EdgeRoutine, which then propagates your code across the entire Alibaba Cloud CDN global network. This allows Alibaba Cloud CDN to process requests on the POPs that are closest to the clients.

HTTP strict transport security

HTTP strict transport security (HSTS) is a policy mechanism that allows websites to accept only HTTPS connections. Websites can use HSTS to specify that clients, such as browsers, must use HTTPS. All HTTP requests and untrusted SSL certificates are rejected. HSTS prevents man-in-the-middle (MITM) attacks during the first visits from clients. For more information, see Configure HSTS.

If HSTS is disabled and the origin server supports only HTTPS, HTTP user requests are redirected to HTTPS by using 301 redirection or 302 redirection. When users access the origin server over HTTP, HTTP requests may be hijacked or tampered with. This raises security issues. If HSTS is enabled, clients can access the origin server only over HTTPS. This prevents hijacking and tampering of requests.

Quick UDP internet connections

Quick UDP internet connections (QUIC) is a general-purpose transport layer network protocol built on top of UDP. QUIC provides the same level of security as TLS/SSL but with a significantly reduced connection and transmission time. QUIC reduces network congestion and ensures service availability in scenarios with high packet loss and network latency.

QUIC can implement different congestion control algorithms at the application layer regardless of the operating system or kernel that is used. Compared with TCP, QUIC supports flexible adjustments based on business requirements. QUIC is a suitable alternative when TCP optimization encounters bottlenecks.

HTTP status code

An HTTP status code is a numeric code that indicates a server response. You can determine and analyze server status based on HTTP status codes. After a client, such as a browser, sends a request to a server, the server returns a response header that includes an HTTP status code. The HTTP status code indicates the response status.

HTTP status codes are classified into the following types:
  • 1xx: indicates messages.
  • 2xx: indicates successful requests.
  • 3xx: indicates request redirection.
  • 4xx: indicates client errors.
  • 5xx: indicates server errors.