Networking & Content Delivery
Snap Inc. uses Amazon CloudFront Origin Shield to improve download and upload latency
This blog was co-authored by Manchun Yao, Staff Software Engineer at Snap Inc.
Snapchat is a popular app used by hundreds of millions of people around the world to communicate with their close friends and family. Snapchat’s focus is on enabling a fast and fun way to communicate by building features such as augmented reality (AR) Lenses, Maps, Bitmoji and Spotlight. The content is primarily visual, such as photos and short videos, often enhanced with AR effects and filters. This post explains how Snapchat used Amazon CloudFront and CloudFront Origin Shield to improve both download and upload experiences for users located farther away from the Amazon S3 content origins.
CloudFront is the AWS content delivery network (CDN) service that securely delivers data, images, video, and APIs for your applications globally with low latency and high transfer speeds. CloudFront uses edge locations (also known as points of presence (PoPs)) to cache and deliver content closer to end users around the world. CloudFront Regional Edge Caches (RECs) provide another layer of caching between the CloudFront PoPs and your origin servers. This helps improve performance for content that isn’t accessed frequently enough to remain in an edge location. CloudFront Origin Shield is another caching layer hosted on Amazon Elastic Compute Cloud (Amazon EC2) that helps minimize origin load, improve availability, and reduce operating costs by consolidating multiple cache requests into a single origin request.
With just a few clicks, Snap created a high performance solution that needed zero coding. Snap enabled CloudFront Origin Shield, which improved the download and upload performance by reducing upload latency by up to 30% and cache-miss download latency by up to 15%. This implementation further optimized the cache hit ratio and reduced the number of requests to the origin.
Enhanced origin protection with CloudFront Origin Shield on top of REC
To serve popular content quickly to your users, CloudFront uses PoPs. When the content is not popular enough to stay at a PoP, CloudFront uses REC to help improve the regional aggregation for that content. REC is a caching layer that is generally closer to the PoPs. RECs are located in AWS Regions across multiple Availability Zones (AZs). CloudFront Origin Shield is a service built on REC, but it is usually configured to be closer to your origin and its purpose is to provide global content aggregation.
CloudFront Origin Shield is designed to complement REC in the CloudFront architecture. CloudFront Origin Shield provides another caching layer between the REC and your content origin. Furthermore, CloudFront Origin Shield reduces the number of requests to the origin through request collapsing, a technique that combines multiple identical requests for the same resource into a single request. The opening, closing, or maintaining of TCP connections between the edge and the origin is generally considered a resource and time-consuming mechanism. Instead of opening, maintaining, and closing a new TCP connection for each request to the origin, CloudFront Origin Shield uses persistent connections to the origin, which in Snap’s case is Amazon S3. This reduction in load translates to decreased costs and improved availability for your origin. As a general best practice, you should always choose the CloudFront Origin Shield Region that is closest to your origin.
To improve the performance of your CDN, CloudFront Origin Shield creates a centralized caching layer that acts as a proxy to the origin. When multiple requests for the same content arrive simultaneously from different AWS Regions, Origin Shield consolidates them into as few as one request to the origin, using a technique called request collapsing. Moreover, CloudFront Origin Shield helps reduce the overall request latency by having lower round-trip time (RTT) for establishing new connections. It also helps improve the overall connection reuse rate toward origins by maintaining persistent connections. Connection reuse improves the connection setup, because it reduces the number of round trips, and it leads to faster performance. CloudFront Origin Shield helps reduce latency by reusing the same TCP connection for multiple requests.
The following diagram depicts users requesting content from a PoP in an edge location in Sydney with the content origin in Amazon S3 in the Frankfurt Region. If the content is not cached at the PoP, then CloudFront routes the request to the CloudFront Origin Shield closest to the content origin using the high-throughput AWS Global Network, as shown in the following figure.
Figure 1: Accessing content origin in another region using Origin Shield
Snap’s requirements for choosing CloudFront Origin Shield
Snap enabled Origin Shield to deliver two key outcomes:
1. Improve the network performance for both download and upload.
2. Maintain high availability, because CloudFront Origin Shield spans multiple AZs within AWS Regions.
Snap implemented CloudFront Origin Shield for multiple benefits
Snap first enabled CloudFront Origin Shield in the US East (N. Virginia) Region. The positive effect was almost immediate, especially for Snapchat users located farther away from the Amazon S3 origin. The implementation reduced upload latency by up to 30%. Additionally, it decreased cache-miss download latency by up to 15%. The performance improvements were the direct result of the reduced number of round trips due to connection reuse and from the network traffic remaining on the low latency AWS Global Network.
Figure 2. A sample of reduced Time-To-First-Byte (TTFB) P50 latency for uploads from users located in Colombia
Snap used CloudFront Origin Shield to improve content delivery speeds for its global users while reducing load on its Amazon S3 storage infrastructure.
“CloudFront Origin Shield gave us an almost instantaneous, zero code, and very cost-effective way to improve both upload and download performance for users that are farther away from the content origin. We were able to improve the CloudFront cache-miss P50 latency performance by up to 15% for download and in some cases up to 30% for upload without having to redesign or make any architectural changes” said Mingkui Liu, Sr. Manager at Snap.
Solution set up
Snap began the CloudFront Origin Shield deployment by enabling the feature in the N. Virginia Region, which is closest to the Amazon S3 origin in the same Region. By default, CloudFront Origin Shield is disabled for CloudFront Origins. To enable CloudFront Origin Shield, proceed with the following steps:
Step 1: Enable Origin Shield. In the CloudFront console, choose Edit or Create Distribution, then choose Yes.
Step 2: Choose Origin Shield Region. Under the Origin Shield Region dropdown menu, choose the AWS Region.
Always choose the AWS Region that is closest to your origin for the optimal performance. For the purposes of this example, we choose US East (N. Virginia) as the AWS Region for CloudFront Origin Shield to be the same as the Region of the S3 bucket, as shown in the following figure.
Figure 3: Enabling CloudFront Origin Shield in the AWS console
Summary
CloudFront Origin Shield can improve the performance of your CloudFront distribution, especially for clients that are located farther away from the content origin. With just a few clicks, you can create a highly effective solution that needs zero coding and zero design and architectural changes. For the pricing details of Amazon CloudFront Origin Shield, see the CloudFront pricing. For information on how to estimate the monthly cost of CloudFront Origin Shield, see the CloudFront Developer Guide. Other charges may apply.
CloudFront Origin Shield can improve the performance of your CloudFront distribution, especially for clients that are located farther away from the content origin. With just a few clicks, you can create a highly effective solution that needs zero coding and zero design and architectural changes. Origin Shield is included at no added cost in the CloudFront Premium flat-rate pricing plan. It’s also available on CloudFront pay-as-you-go pricing. For information on how to estimate the monthly cost of CloudFront Origin Shield with pay-as-you-go pricing, see the CloudFront Developer Guide. Other charges may apply.
Additional resources
If you want to learn more about CloudFront Origin Shield, check out these resources: