Possibly moving Debian services to a CDN
The System Administration Team (DSA) are considering moving some of the
static hosting that Debian currently provides from our infrastructure to
one or more CDNs. We have received feedback indicating that a broader
discussion is desired.
Debian has, for over a decade, operated its own form of a content
delivery network (multiple variants, actually) by leveraging our own
infrastructure as master sources and community-provided infrastructure
(primarily from universities and regional network providers) for local
This «proto-CDN» has required users to select the mirror 'closest' to
them. Recent efforts (http.debian.net, cdn.debian.net) have attempted
to alleviate the configuration challenge of pre-selecting a mirror
node. In the commercial world, this challenge has been addressed
through a mix of anycast DNS redirection and geo/BGP-based DNS views to
local distribution nodes hosted at ISPs. Akamai is the best known CDN
but other significant players include Amazon and Fastly and a host of
other more specialised CDNs for example for video.
In the DSA team's view, CDNs have become sufficiently mature for Debian
to consider leveraging external service providers for our CDN needs. We
have approached several providers and they have agreed, in principle, to
sponsor bandwidth and storage for Debian's CDN needs. This allows us to
consider combining the efforts of http.debian.net, cdn.debian.net,
static.debian.org and the mirror network under a single effort to
provide our users with the most transparent access to Debian public
resources as possible.
We appreciate that there are some sensitivities regarding the use of
commercial service providers and/or our reliance upon them. Our
mitigation strategy is to utilize multiple CDN service providers so that
we can survive the loss of any single one (with quick change-over via
DNS record modification). The concern regarding commercial entities
support Debian activity is somewhat misdirected given our reliance on
sponsors (often commercial) to support Debian and DebConf. For many
years, Debian survived on the good graces of HP, for example, who
provided cash and in-kind donations.
Ultimately, we are of the opinion that the content delivery problem is a
solved one and it behooves us to investigate whether CDNs can benefit
There are several technical challenges that we must overcome. In
particular, CDN offerings are very focussed on HTTP/HTTPS while Debian
has a strong reliance (and strong desire to continue to use) other
protocols such as rsync. Also, since CDNs primarily utilize CNAME
records, they are incompatible with email service for that particular
domain name. The address firstname.lastname@example.org is a good example
here. In addition, using a CNAME means all services are redirected to
the CDN, not just HTTP, which is incompatible with rsync.
We are working with CDN service providers to find a resolution to these
technical challenges and we hope to be able to report successful
resolution in the near future.
The services that we consider would benefit from a move to a CDN are:
- the various bits and bobs that are currently hosted on static.debian.org
There has been concerns that switching to a CDN would harm our existing
relationships with mirror operators and make it impossible to go back if
we later wanted to do so. The ftp mirror network is one of the most
important mirror networks, so we wouldn't have to start with that. We
could start with (for instance) www.debian.org and only later move the
actual package mirrors over once we are confident CDNs are not a passing
fad. It will also take time to coordinate switching to a CDN with all
the country operators, we do not wish to undermine the existing
relationships or upset anybody needlessly. Assuming that our experiences
are positive, we don't believe it will be interesting to go back, and
even if one CDN folds, they are fast becoming a commodity so we think
switching to another will be fairly easy.
We appreciate feedback while we continue our investigation of CDNs.
Thanks for your interest,
Tollef Fog Heen for the Debian System Administration team