Every CDN delivers content from their own ASNs, but Several CDN providers also embed caches into 3rd party ASNs to deliver traffic over transit.
If you Solely rely on ASN visibility Through BGP you only see a small fraction of the story.
Here’s how we access the rest:
Aside from delivering their own content directly, CDNs such as Akamai and others embed their caches in 3rd party ASNs. This leads to a large amount of CDN traffic being delivered from 3rd party ASNs that are transit providers and not the ASN of the CDN. Without an intelligent mechanism to delve into the traffic and classify it, ISPs are blind to the fact that this is CDN traffic.
When Deepfield classifies traffic, we break it down by source IP address. Since the IP address of the cache traffic resolves to its 3rd party ASN, you would erroneously attribute this traffic to the transit provider if you only looked at source ASN. However, with the use of Deepfield's patented Cloud Genome®, we are able to classify that this traffic actually belongs to the embedded CDN provider, not the transit provider.
Deepfield’s proprietary technology, Cloud Genome®, constantly monitors the Internet’s global service footprint, providing you unparalleled visibility into CDN and site traffic. This service delivery map of the Internet is sent as a data feed to all Deepfield Cloud Intelligence customers, allowing real-time classification of CDN-originated traffic.
If you're relying on a tool that can only breakdown traffic by AS-Path and does not have a way to drill down to the originating infrastructure components inside, you're only seeing a fraction of the story.
This practice becomes a problem in the case of an unforeseen Internet event that involves unanticipated traffic. For instance, if you only rely on the categorization of traffic by AS-Path, you will expect a certain amount of traffic to flow directly from one CDN. If an unexpected Internet event occurs and a flood of unexpected traffic overwhelms your network, all this additional traffic would be diverted to a potentially full or non-optimal port resulting in poor quality of experience (QoE) for customers.
For example, this ISP had visibility into CDN traffic by an ASN to see how much traffic was originating from this CDN. When they viewed CDN1 by source ASN, they believed they were receiving only 5.2G of traffic from solely ASN 1234.
When Deepfield looked at the same instance using Cloud Genome’s global service map, we were able to classify traffic coming from CDN1’s onnet ASN 1234, but also mapped traffic from dozens of additional transit caches hosted by 3rd party transit providers in varying quantities—adding up to 30G of traffic, not 5G.
This new data provided the insight to plan for an internet event that might cause unexpected traffic to flood the port.
Cloud Genome sees through AS level visibility and provides previously-unattainable context to your network. Whether you need to see exactly how much traffic is coming through and where, or whether you need to ensure your DDoS attack alerts have complete accuracy, Cloud Genome global service mapping provides the multi-dimension view to categorize even the most complex traffic paths.