Feedback on EBU Recommendation R 159: "Procurement of Interoperable Content Delivery Networks"
Launched on June 8, 2023, Recommendation R 159 is an invaluable initiative by the EBU. We genuinely appreciate the effort that must have gone into it and found the discussion during the Horizons Webinar on September 5, 2023, to be quite enlightening. With nearly a quarter-century of experience in selling, implementing, and maintaining CDNs for our clients, we have several points we'd like to bring into the conversation.
General
- If certain aspects of your infrastructure, particularly the interfaces to the CDN, are already defined, it's beneficial to share these details. This ensures that the CDN knows what it's integrating with.
- Often, the reasoning behind specific requirements is unclear. If you have a solid rationale for a requirement, make it known. This minimizes the risk of misunderstandings.
Technical
URL Encryption
- For Multi-CDN setups, it's crucial for the content owner to control load balancing. If you're not using token authentication and URL encryption, you run a higher risk of unauthorized users, content scrapers, or attackers bypassing your balancer and directly accessing the balanced CDNs. This could interfere with your pricing and capacity planning. All large Multi-CDNs we're aware of use token authentication.
- CTA WAVE is collaborating with SVTA on the Common Token Standards Project. If adopted by CDNs, this should reduce the cost of implementing and maintaining Multi-CDN URL encryption architectures.
SVTA & Open Caching
- SVTA has also defined standards for Open Caching CDN configurations. These standards offer the appealing prospect of unifying CDN configurations but may limit you to a least common denominator, causing you to miss out on helpful, non-standard features of individual CDNs. Make an informed decision about this.
Observability
- Ensure your origin servers provide CMSD data and implement CMCD in your playback. Decide whether you want the CDN to merely pass CMCD data through to your logs or if you expect it to actively respond to and act upon CMCD and CMSD data. The CMCD Specification CTA-5004 has been in use since September 2020 and is expected to launch its Version 2.0 soon, with significant support from Google for YouTube usage.
- As a public broadcaster without login sessions, you may find it challenging to correlate HTTP requests to individual users. Utilize CMCD to inject an anonymous session ID across all involved CDNs. Otherwise, you'll face difficulties in merging log lines into a cohesive session.
Debugging
- Debugging in a Multi-CDN environment can be time-consuming. R 159 suggests asking CDNs for debug headers. Consider the market options, mainly debug headers, request IDs, and breadcrumbs, and decide what you specifically need.
Range Normalization
- R 159 recommends asking CDNs for byte range normalization to achieve consistent and cacheable responses to HTTP RANGE requests. This topic is complex, and a detailed overview can be found here. Ensure your setup aligns with the capacity of your origin servers and clarify your expectations with a sequence of range requests.
Quality and SLAs
- Annex B in R 159 provides example definitions for Availability, Throughput, and Rebuffing SLAs. CMCD will undoubtedly assist in measuring throughput and rebuffering. Given that CDNs deliver traffic through ISP networks, these metrics can vary. It's useful to define your total bitrate needs per ASN/ISP, especially during peak usage times like bi-annual sports events.
- Customers often have unstated expectations about SLAs for ancillary services, such as server log availability. If these are important to you, communicate your required SLAs explicitly.
Data Privacy
- Discussions with clients often revolve around the processing location of Personally Identifiable Information (PII), including client IPs. Some consider EU standard contractual clauses (SCC), a Transfer Impact Assessment (TIA), and the new US-EU Data Privacy Framework sufficient for processing PII outside the EU. However, a potential Schrems III ruling could jeopardize this.
- If you require log information from CDNs, you may need them to anonymize or pseudonymize client IP addresses. RFC 8932 provides a good overview of commonly used methods in the context of DNS. Due to the way official measurement entities like agma in Germany count user sessions, you may need to standardize the hashing method across all CDN vendors.
Sustainability
- While sustainability is a topic of universal importance, the lack of standards means it's not often a deciding factor in CDN tenders. If it matters to you, specify your expectations clearly.
CDN Content Policies
- Some customers are indifferent to their CDN's content policy, while others prioritize not being associated with controversial content like alcohol, tobacco, weapons, war games, or pornography. Make a conscious decision on this matter and inquire accordingly.
Billing
- CDN architectures can be intricate, involving multiple components and tiers. Simple edge server logs may not capture this complexity. If you expect the byte count in server logs to match your invoice, specify this requirement.
Pricing
- ISP costs and peak-to-average ratios are significant cost drivers for most CDNs. Clearly state your traffic shaping policies by ASN/ISP and describe how your average traffic compares to peak levels.