How an origin shield can save you in an outage

Varnish Software
3 min readJun 30, 2021

Origin shield technology isn’t new, and many companies already rely on origin shielding to protect their CDNs from overload.

Until recently, when two outages put catastrophic CDN downtime into the global spotlight, the powerful but quiet benefits of the humble, hard-working origin shield have been the unsung heroes of internet resilience. Offering an extra layer of protection against downtime, mitigating the effects of traffic overloads, origin shielding is a must-have. But it’s also a bulwark in crisis situations, such as the one we witnessed in June 2021.

Understanding how an origin shield protects you in outage situations

The idea behind an origin shield is fairly simple. By adding an extra layer of caching in front of your origin, you protect one of the most valuable things you have: seamless, high-performance content delivery.

We have all seen that every CDN and CDN provider can have a bad day now and then, which is why you never want to let the CDN stand alone as a single point of failure. An origin shield is an easy-to-implement solution that delivers resilience in a crisis while also providing considerable value in day-to-day operations. It’s not just a solution for “just-in-case” scenarios; it’s also great for offloading traffic all the time without adding significant cost or complexity.

In response to the Fastly outage, a Guardian engineer stated:

“There is little we can do about it. But this outage went on for longer, so we started to explore other approaches. One group of engineers focused on what was going on, and another team thought about what we could do if we needed to move away from” the commercial CDN.

And the answer to that, of course, is the origin shield, which could be right there working all along, waiting to take over in the event of an outage and otherwise sharing the workaday content delivery duties and doing what it does best: protecting the origin server(s).

How does the origin shield work in an outage situation?

Let’s say your CDN services are down. If you already have an origin shield (or decided to implement one), one way Varnish would handle this is simply to point your domains to the origin shield to serve traffic directly from your environment.

Because the origin shield is basically additional caching, it’s already got your content stored and can continue to serve the content. Yes, the origin shield would have to be sized and scaled up to meet the level of traffic demand, but for most typical websites, the origin shield fits well into the ‘disaster mitigation’ strategy as well as the daily operations strategy.

Start small: Add origin shielding to your setup

You’ve got nothing to lose and a lot of peace of mind and protection to gain by introducing an origin shield layer to your architecture. An origin shield slides right into existing setups as a plan B backup and as an extra boost to performance and efficiency in everyday content delivery operations as well as potential reductions in origin operating costs. When your content delivery is business-critical, and both resilience and quality of experience fundamental to the bottom line, securing your origin is at the heart of your success.

Content owners, broadcasters, OTT providers, gaming companies, e-commerce companies and technology companies of all kinds can gain an outsize level of resilience, protection and value for a relatively small addition to the architecture.



Varnish Software

Varnish Software is the world’s leading provider of open source web application acceleration software.