Optimising Media Delivery with Google’s Media CDN
Introduction
Media CDN offers a robust solution for optimising media delivery, specifically tailored for high-throughput egress workloads such as streaming video and large file downloads. Central to Media CDN’s effectiveness is the concept of edge caching, which strategically places content closer to end users within Google’s global infrastructure. By doing so, Media CDN significantly reduces latency and relieves pressure on origin servers, enhancing overall performance.
What sets Media CDN apart is its remarkable adaptability in fetching content from various sources. Whether the content resides in Cloud Storage, another cloud provider, or on-premises infrastructure, Media CDN seamlessly integrates with existing setups.
Media CDN Capabilities
Media CDN offers a range of powerful features to optimise content delivery:
SSL (TLS) Certificate Support: Serve encrypted traffic from your own domain without additional charges.
Google Cloud Armor Support: Control access to content using IP address allow-lists/deny-lists and geographic filtering.
Extensibility: Customise request-response processing with Service Extensions plugins.
Origin Authentication: Securely access private Cloud Storage buckets.
Advanced Routing Features: Map traffic to specific edge configurations and origins.
Client Connectivity Features: Support modern networking protocols like HTTP/2 and QUIC.
Cache Invalidation: Invalidate cached content by host, URL path, URL prefix, cache tags, etc.
Custom HTTP Headers: Specify custom headers for various purposes.
Integration with Cloud Logging: Log each HTTP request for analysis and monitoring.
Signed Requests: Use signed cookies and URLs for content authentication.
Media CDN is by default not enabled in GCP projects. To inquire about accessing Media CDN, please reach out to your designated Google Cloud sales representative or your account team.
Here’s a step-by-step guide on configuring Media CDN origin and service in Google Cloud Platform (GCP):
- Create a Cloud Storage bucket to store your content:
Create a private GCS and add some objects (images and videos) to it.
2. Grant Permission:
Grant the “Storage Object Viewer” permission to the Media CDN service account.
3. Enable the required services:
To configure and deploy Media CDN services, you need to enable APIs using the following gcloud command:
$ gcloud services enable networkservices.googleapis.com
$ gcloud services enable certificatemanager.googleapis.com
$ gcloud services enable edgecache.googleapis.com
4. Create and EdgeCache Origin:
- Create an origin that points to your Cloud Storage bucket by selecting the same for the Origin address. If you have an external origin instead, replace Origin Address with the FQDN or IP address.
- Here, I am using HTTPS protocol with 443 port, you can also use HTTP protocol at 80 port.
- Optional: Select a failover origin to try in case this origin becomes unreachable. You can update this field later.
For Max attempts, select the maximum number of attempts to fill the cache from this origin. - Optional: Specify the following timeout values:
- For Connect timeout, select the maximum duration to wait for the origin connection to be established.
- For Response timeout, select the maximum duration to allow for a response to complete.
- For Read timeout, select the maximum duration to wait between reads of a single HTTP connection or stream.
You can either create it using console or using the following gcloud command:gcloud edge-cache origins create ORIGIN --origin-address="ADDRESS"where:ORIGIN: the name of the new originADDRESS: the bucket name, gs://my-bucketIf you have an external origin instead, replace ADDRESS with the FQDN or IP address.
This is the same whether the bucket is multi-regional, dual-region, or regional.
5. Creating a Media CDN Service:
In the Google Cloud console, go to the Media CDN page and create the service in the Service Tab.
- Enter a unique name for your service — for example, my-service.
- In the Routing section, Add host rule, and then enter one or more host domain names.
- For Hosts, enter a host domain name — for example, web.example.com.
- Add route rule and for Priority, specify 1.
- Add match condition, for Path match, specify / - Select Fetch from an Origin, and then select the origin that you configured.
- In Add-on actions. Add Response header.
- For Header Key, specify x-cache-status, and for Value, specify {cdn_cache_status}. - For Route action, Add an item:
- For Type, select CDN policy.
- For Cache mode, select FORCE_CACHE_ALL. - Save and create service.
6. Create a DNS authorization
First, you must create a DNS authorization to demonstrate ownership of the domain before you can issue certificates for it using the following command:
gcloud certificate-manager dns-authorizations create <Domain-name-auth> — domain= “<Domain-name>”
gcloud certificate-manager dns-authorizations describe
Now in your DNS Provider, add the name of dnsResourceRecord (for example: _acme-challenge.example.com.’) as a CNAME record and add the IP address of the service as A record.
7. Create a certificate
After you have added the DNS record demonstrating ownership of the domain(s) you want to create a certificate for, you can issue a certificate creation request using the command:
gcloud certificate-manager certificates create <certificate-name> — domains=”<domain-name>” — dns-authorizations=”<Domain-name-auth>” — scope=EDGE_CACHE
Now edit the Media CDN service and add the created certificate
Now open the domain in the browser along with the object path as follows:
https://<domain_name>/<path_of_the_object>
Media CDN also utilises Google Cloud Armor for regulating content access, enabling users to grant or restrict permissions. Media CDN integrates with Google Cloud Armor’s Edge Security Policies to facilitates IP address allowlists and denylists, geographical filtering controls and operating on country and region codes.
Media CDN effortlessly integrates with Edge Security Policy, offering IP and geolocation controls. Moreover, it provides the flexibility to incorporate custom code into the request-response processing path via Service Extensions plugins (Preview). This customisation unlocks a plethora of lightweight use cases, including header normalisation and custom tokenization.
Thank you for reading :)
Questions?
If you have any questions, I’ll be happy to read them in the comments.
You can also follow me on LinkedIn: Divya Kurothe
Reference:
https://cloud.google.com/blog/products/networking/introducing-media-cdn
