Stacking CDNs for Improved Performance and Security

I recently worked with a client whose large e-commerce site was hosted with a popular cloud-based commerce solution. Its business was growing rapidly into new geographic markets, and it was not satisfied with the embedded content delivery network (eCDN) that was bundled with the cloud solution. We demonstrated that stacking CDNs — adding Akamai’s Ion solution on top of the eCDN — could significantly improve performance as well as provide the client with much greater control over its delivery configuration.

This scenario is quite common: many website owners use the content delivery network that comes bundled with their chosen cloud solution, without realizing that it is possible to greatly improve on the delivery architecture by stacking CDNs — using your own CDN in front of the cloud provider’s. eCDNs are often a compulsory part of the solution, and are designed to deliver better performance and offload for the cloud provider rather than the client; this means that most configuration is hidden away, being either completely unavailable or only available through a professional services engagement with the provider.

Using Akamai in front of your eCDN is typically just as simple as using Akamai in front of a traditional origin, with a few simple configuration tweaks to adapt to the stacked CDN architecture. “Doubling up” on CDNs may seem counterintuitive, but the outcome is almost always worth the effort: improved performance, a better security posture, and much greater control over the experience you deliver to your customers.

What results might you see

We set up a number of tests to measure the performance impact of stacking CDNs with our e-commerce client. These tests also allowed us to measure the impact of configuration tweaks to ensure we deliver the best user experience possible.

By tuning the configuration and enabling the latest features, we saw a consistent improvement of 100 ms (246%) in TLS negotiation time, measured using Rigor’s market-leading synthetic monitoring solution:

Stacking CDNs 3.png

Overall, time to first byte (TTFB) performance was consistently 12% improved with the stacked CDNs, although Akamai’s distributed edge network resulted in up to 25% improvement for uncached pages in locations far from the cloud provider’s European origin:

Stacking CDNs 5.png

Moreover, resource download performance improved and became more consistent. The image below shows a waterfall chart of a page load from the eCDN on the left and Akamai Ion on the right. The page delivered by the eCDN was three seconds slower to render due to delays in delivering static assets.

Stacking CDNs 2.jpg Stacking CDNs 1.jpg

These performance improvements at the network and resource level led to an overall improvement in all key metrics. Marked improvements were observed in Largest Contentful Paint (17%) which is an important measure for SEO, among others.

Stacking CDNs 4.png

How simple is it to configure?

Using an eCDN as an origin is very similar to using a traditional origin, except we will be fetching content from a CDN server rather than a hosted instance of your application. There are some considerations here: ensuring we can load balance across multiple CDN servers, adapting connection parameters to make the most of the greater bandwidth, and disabling some features that will already be implemented by the eCDN. The vast majority of required changes can be made by our clients within the Control Center web interface, or programmatically with the Akamai CLI. Akamai’s professional services team is experienced in exactly this scenario and can help you quickly get started with a well-established baseline configuration. Further configuration changes that are specific to your website can be made — such as automatically preloading web fonts with Adaptive Acceleration, reducing the impact of third-party scripts and costly outages with Script Management, and dynamically optimizing images and video with Image & Video Manager.


One of the common surprises with clients that stack CDNs is how much data they now have access to. Akamai reporting allows customers to get the data they need from their traffic, ranging from high-level offload and status code reporting down to individual log lines from every single request. This level of visibility allows clients to interrogate their data and optimize their configuration to deliver the very best experience.

Reporting data can be interrogated through the web interface, extracted through the Akamai Reporting API, streamed to an endpoint using DataStream, or integrated with SIEM consumers in the case of security events. mPulse is a popular upgrade to Akamai reporting, allowing clients to measure the in-browser performance of every page view.

What about security?

I mentioned that stacking CDNs could improve security posture; this is because owning the full client-facing CDN configuration is critical to build a strong security solution. Akamai’s portfolio of WAF with both default and custom rules, Bot Manager, Page Integrity Manager, and DDoS protection can all be managed through our single Control Center interface. From enabling default protection right through to the Akamai security operations centers (SOCs) identifying and mitigating attacks in real time, owning your security configuration is critical to ensuring your customers and your data are protected.

A “checkbox” security solution may protect you from simple attacks, but only a comprehensive security solution gives you confidence in the security of your cloud platform.

Stacking CDNs — using Akamai on top of an embedded CDN — is a sensible move to improve performance, upgrade security, and provide more control over your delivery configuration. We have shown significant performance improvements with multiple clients, improving response times and consistency. Using Akamai as the client-facing CDN also enables clients to use Akamai edge security solutions and edge compute with EdgeWorkers, as well as integrate with many other Akamai solutions such as Page Integrity Manager, Bot Manager, and Image & Video Manager.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Simon Hearne. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)