Sign inDeploy a VPS
NODED.CLOUD/Blog/Building Your Own CDN on Bare Metal: A Practical Architecture Guide

Building Your Own CDN on Bare Metal: A Practical Architecture Guide

13 May 2026 · Mario Marin

Why some teams build their own CDN on bare metal instead of using Cloudflare or Fastly. The architecture, software stack (Varnish, Nginx, ATS), economics, and trade-offs.

Most teams shouldn't build their own CDN. Cloudflare, Fastly, Bunny, and other commercial CDNs are excellent and inexpensive at small scale. But once you push enough traffic — particularly video, large downloads, or live streaming — building your own CDN on bare metal stops being crazy and starts being cheaper, faster, and more flexible.

This guide explains when a DIY CDN makes sense, what the architecture looks like, what software to use, and the operational realities you should expect.

When DIY CDN Makes Sense

  • You're pushing a lot of egress. At 100s of Gbps sustained, commercial CDN bills (often $0.005–$0.02/GB) become significant.
  • Your content is large. Video, software downloads, game patches, large datasets — perfect for self-hosted CDN.
  • You want consistent performance. Large CDNs have noisy-neighbor effects; your own CDN doesn't.
  • You need custom features. Specific cache rules, origin authentication, custom TLS handling, edge compute.
  • Compliance or sovereignty concerns. You need to know exactly which countries serve your content.
  • You're a CDN customer of a CDN. Some businesses are large enough that building is cheaper than buying.

When DIY CDN Doesn't Make Sense

  • Your traffic is <10 Gbps sustained.
  • Your content is mostly small dynamic responses (use a CDN, not your own).
  • You don't have engineers to operate caching, BGP, and observability.
  • You need 100+ PoPs globally on day one.

High-Level CDN Architecture

  1. Origin servers — where the content lives.
  2. Mid-tier caches (optional) — regional aggregators that reduce origin load.
  3. Edge caches — many PoPs serving end users.
  4. Anycast or GeoDNS — directing users to the nearest edge.
  5. TLS termination — at the edge.
  6. Observability — logs, metrics, RUM.
  7. Purge / invalidation — to update cached content.

The Software Stack

Edge Cache Software

  • Varnish Cache — extremely fast, in-memory or hybrid storage, VCL programming language for cache logic. The classic choice for HTTP caching at scale.
  • Nginx (with proxy_cache) — simpler, well-documented, integrates with TLS termination. Great default if you don't need VCL flexibility.
  • Apache Traffic Server (ATS) — used by Yahoo, Comcast, and Akamai. Production-grade for very large deployments.
  • HAProxy — primarily for load balancing, but has caching capabilities.

TLS Termination

  • Nginx or HAProxy with OpenSSL or BoringSSL.
  • Modern stacks include HTTP/3 (QUIC) — consider Caddy or Cloudflare's quiche.

Routing / Anycast

  • BIRD or FRR — open-source BGP daemons running on edge servers, advertising the anycast prefix.
  • ExaBGP — useful for orchestration (advertise/withdraw routes based on health).

Health and Failover

  • Local health checks on each edge node — withdraw the BGP announcement when the node is unhealthy.
  • Anycast handles BGP-speed failover automatically.

Observability

  • Prometheus + Grafana for metrics.
  • ClickHouse or Elasticsearch for log analytics.
  • RUM (real user monitoring) to see what users actually experience.

Hardware Specs for Edge Nodes

A common edge node spec in 2026:

  • CPU: 32+ cores, AMD EPYC or Intel Xeon (high single-thread for TLS).
  • RAM: 256–512 GB (used as hot cache).
  • Storage: 8–32 TB NVMe (warm cache tier).
  • Network: 2× 100 Gbps NICs.
  • Power: redundant supplies, 1U or 2U.

One server like this can comfortably push 100+ Gbps of cached HTTP/HTTPS.

PoP Selection

Start small — even 3 PoPs (one per major region) can deliver excellent latency for many use cases:

  • North America: Ashburn, Dallas, or Los Angeles.
  • Europe: Frankfurt or Amsterdam.
  • Asia-Pacific: Singapore or Tokyo.

Add more PoPs based on user analytics — where do you have the most users with poor latency?

Cache Strategy

Hot / Warm / Cold

  • Hot — RAM, microsecond access, top-N most popular objects.
  • Warm — NVMe, sub-millisecond access, broad working set.
  • Cold — fetched from mid-tier or origin on miss.

Cache-Control Hygiene

  • Set explicit Cache-Control headers from origin.
  • Use stale-while-revalidate and stale-if-error to mask origin issues.
  • Use immutable URLs for versioned assets (cache forever).

Mid-Tier Caches

For very large user bases, add a regional mid-tier between edge and origin to reduce origin load. Edge nodes fetch misses from mid-tier first, mid-tier from origin.

Economics: A Quick Model

Suppose you push 1 Pbps-month (1 petabit per month) of egress:

  • Commercial CDN at $0.01/GB: ~$10,000/month for that 1 PB.
  • DIY CDN: 3 PoPs × ~$1,500/month per node + ~$3,000/month transit at 95th percentile = ~$7,500/month plus engineer time.

Numbers vary wildly with content type, hit rate, and provider. The crossover is typically between 100 Gbps and 500 Gbps sustained.

Operational Realities

  • You're now a CDN operator. Pages, on-call rotations, post-mortems.
  • TLS is annoying. Cert provisioning, renewal, OCSP stapling, SNI handling at scale.
  • Cache invalidation is hard. Plan a fast purge mechanism early.
  • Anycast debugging is harder than unicast. Know which PoP a user hit.
  • Capacity planning matters. One PoP saturating means BGP keeps sending it traffic.

DIY CDN at Noded

Noded is purpose-built for customers who want to run their own CDN-class infrastructure: bare metal with high-bandwidth NICs, BYO IP space and ASN, BGP with full community support, IP transit with 95th percentile billing, and direct IXP peering. We provide the substrate; you build the CDN that suits your workload exactly.

Want to talk through architecture? Get in touch — we love this kind of project.

Frequently Asked Questions

How many PoPs do I need to start?

Three (one per major region) is a strong starting point. Many successful private CDNs run 5–15 PoPs total — far fewer than commercial CDNs but covering 90%+ of users with good latency.

Should I use anycast or GeoDNS?

Both work. Anycast gives BGP-speed failover and simpler operations; GeoDNS gives precise regional control. Some private CDNs use both.

What's the simplest stack to start with?

Nginx as edge cache + TLS terminator, BIRD for BGP, Prometheus for metrics. Add Varnish or ATS once you outgrow Nginx caching.

Do I need HTTP/3 / QUIC?

Increasingly yes — it improves performance on lossy networks and is now widely supported. Caddy and Cloudflare's quiche make adoption straightforward.

Can I run a hybrid (DIY + commercial CDN)?

Absolutely — and many do. Use commercial CDN for global reach and overflow, DIY for predictable bulk traffic at low cost.

← All posts

Keep reading

More from the NOC.

Like the way we run things? Spin up a server in 60 seconds.

Deploy a VPS Talk to an engineer