Netflix Open Connect is our purpose-built Content Delivery Network (CDN) responsible for serving 100% of our video traffic.
Close to 95% of our traffic globally is delivered via direct connections between Open Connect and the residential ISPs our members use to access the Internet. Most of these connections are localized to the regional point of interconnection geographically closest to the member watching.
The Open Connect Appliance (OCAs) is the foundation of the service. We provide, free of charge to qualifying ISPs, the same OCAs we use in our Internet interconnection locations. These appliances store and serve our video content with the sole responsibility of delivering playable bits to client devices as efficiently as possible.
How Netflix works
The following diagram illustrates how the playback process works:
- OCAs periodically communicate health, routability, and content availability to the cache control service.
- A user on a client device requests playback of a title from the Netflix application.
- The playback application services check user authorization and licensing and then determine which specific streaming assets are required to handle the playback request, taking individual client characteristics and current network conditions into account.
- The steering service uses the information stored by the cache control service to select the best OCAs the requested video assets should be streamed from, generates URLs for these OCAs, and hands the URLs over to the playback application services.
- The playback application services handover URLs of the appropriate OCAs to the client device and video streaming starts.
Types of deployments
Our global network of OCAs are deployed in two ways:
- IX deployment — We install OCAs within IXPs in significant Netflix markets throughout the world. These OCAs are interconnected with mutually present ISPs via settlement free public or private peering (SFI).
- Embedded deployment — We provide OCAs free of charge to qualifying ISPs. These OCAs, with the same capabilities as the OCAs in the IXPs, are deployed directly inside ISP networks. We provide the server hardware and the ISPs provide power, space, and connectivity. ISPs directly control which of their customers are routed to their embedded OCAs.
The ideal Open Connect implementation is both SFI peering and deployed embedded OCAs.
Traffic delivery from an OCA
OCAs are directed-cache appliances, meaning the manner in which traffic is directed to the appliance is determined explicitly by the ISP partner and by Netflix, not by the appliance itself.
An OCA only serves clients at IP addresses that are advertised to the OCA via a BGP session. In other words, traffic is only delivered from the embedded OCAs to the customer prefixes that are explicitly announced to them. Therefore, the ISP partner has full control over the networks that the appliances will serve. BGP sessions are established between the appliance and the closest connected router.
If content is requested that is not contained on an embedded OCA, the client request is directed to the closest Netflix content site via peering (if present) or via transit.
We steer clients to our OCAs based on an ISP’s BGP advertisements, coupled with the routing and steering algorithms in the Open Connect control plane. ISP partners can control some aspects of content steering via the BGP routes that are announced to each OCA. The control plane steers requests from end-user clients to the best available appliance based on multiple factors.
Appliance selection criteria
The following appliance selection criteria are considered, in order, by the Open Connect control plane service. If there is a tie for a given criterion, then the next criterion is considered. If there is a tie on all criteria, traffic is balanced between appliances.
- Longest Match — The appliance that receives the most-specific route to the client’s prefix.
- Shortest AS path — The appliance that receives the route to the client’s netblock with the shortest AS path.
- Lowest MED — The appliance that receives the route to the client’s netblock with the lowest multi-exit discriminator (MED).
- Geolocation — We geolocate based on client IPs, comparing it to the latitude and longitude of nearby OCAs to determine the closest available system.
Prefixes are collected from Open Connect servers, both those present in our Points of Presence (POPs) and those embedded within partner networks. We use two separate Autonomous Systems (ASes) for peering:
- AS2906 for peering at IXPs
- AS40027 for peering with embedded OCAs within partner ISP networks
We always prefer embedded OCAs over peering because the Open Connect control plane will have two BGP entries for that prefix:
- One with an AS-PATH LENGTH of 1 (<AS_NUMBER>) from the appliance itself
- One with an AS-PATH LENGTH of 2 (2906 <AS_NUMBER>) from an IX location
When OCAs and Open Connect SFI peering is combined, embedded OCAs are preferred and peering is used primarily for backup, filing, and serving long-tail titles.
Moving content closer to end users
The Internet is the most important technology for communicating information across the globe today. As such, it is crucial to make sure the infrastructure behind it can scale to support any current and future needs.
With the help of CDNs, this is being achieved in the most efficient manner by moving the content closer to end users and delivering from multiple servers located at the edge of the Internet. This technology will help scale mass-distributed content for many years to come.
Check out our website for further information about Open Connect, and feel free to leave a comment or questions below.
Nihit Tandon is Partner Engagement Manager at Netflix for the Asia Pacific region where he undertakes the responsibility of building partnerships with ISPs in India.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.