← Lessons

quiz vs the machine

Gold1400

System Design

The Origin Shield

An extra cache tier that protects origin from a storm of edge misses.

5 min read · core · beat Gold to climb

The Thundering Herd

A large CDN has hundreds of edge locations. When a popular object expires, every edge can miss at once and all of them hit origin together. This thundering herd can overwhelm a small origin.

What a Shield Does

An origin shield is a designated mid tier cache that sits between the edges and origin. All edge misses route through it.

  • The shield collapses many misses into one origin fetch
  • It caches the result and serves it back to every edge
  • Origin sees far fewer requests, often from a single region

Benefits

  • Reduced origin load during traffic spikes and expiries
  • Higher effective hit ratio because the shield aggregates demand
  • Lower bandwidth cost since origin transfers an object once

The trade off is one extra hop on a cold path, which adds slight latency on misses but rarely on hits.

Key idea

An origin shield is a mid tier cache that funnels all edge misses through one node, collapsing a thundering herd into a single origin fetch and protecting origin during spikes.

Check yourself

Answer to earn rating on the learn ladder.

1. What problem does an origin shield primarily solve?

2. What is the main trade off of adding an origin shield?