Synopsis

This chapter describes multi-CDN delivery for streaming video. It covers manifest and segment behavior for HLS and DASH, CMAF packaging and low latency modes, cache strategy for live and on demand, access control with tokens and keys, DRM and license services, session stickiness and failover, telemetry for quality of experience, and operational patterns for events and steady state.

Protocol context

Most HTTP streaming uses HLS or MPEG-DASH. Both expose a manifest that references media segments. CMAF provides a common container and supports small chunks for low latency playback. The CDN caches manifests and segments and forwards misses to a packager or origin. Multi-CDN adds parallel caches and different network paths, so parity of behavior is required for correctness and quality.

Manifests and segments

Manifests change frequently. Live playlists advance a sliding window of segment references. On demand playlists are stable after publication. Segments are immutable once written. TTLs reflect this difference. Manifests carry short freshness windows with validators to enable revalidation. Segments carry longer TTLs and strong validators to allow widespread caching. Revalidation must return 304 reliably when bytes are unchanged.

Low latency modes

Low latency HLS and low latency DASH reduce glass to glass delay by using small chunks or partial segments and by allowing clients to fetch as data becomes available. This requires consistent support for HTTP features such as chunked transfer and range requests. Multi-CDN deployments must confirm that both providers serve partial objects correctly and cache them without collapsing unrelated ranges. If a provider cannot meet the requirements for low latency, the deployment should disable low latency on that route to avoid playback instability.

Access control and tokens

Access control uses signed URLs, signed cookies, or header tokens. Tokens bind a request to a time window, a resource identity, and optional client attributes. The format and validation logic must be identical across providers and at the origin. Clock drift breaks short lived tokens, so time sources must be monitored. HLS key URIs and DASH content keys are sensitive and must not be exposed in the clear. Key requests should go to authenticated endpoints and should not be cached by the CDN. Manifests must not leak key URLs or tokens beyond the minimum needed for decryption at the player.

DRM and license services

Encrypted streams protect content at the client. Widevine, PlayReady, and FairPlay require a license service. The license path is not cacheable and must remain reachable during peaks. DNS and routing for license servers should be independent of video segments to avoid correlated failures. Multi-region endpoints reduce latency and balance load. Telemetry should isolate license errors from segment delivery errors so investigations remain focused.

Session stickiness

Switching CDNs mid session can increase rebuffering and degrade quality. A simple stickiness rule is to bind a session to the CDN that served the first successful manifest or the first segment, with a maximum duration and clear failover rules. Steering systems must honor stickiness hints while still allowing override during incidents. Stickiness at the application layer is preferred to resolver based hints because DNS caching times are not aligned with segment timing.

flowchart LR Player -->|GET manifest| CDN_A CDN_A -->|200 or 304| Player Player -->|GET segments| CDN_A subgraph Control Sticky[Session stickiness key] Health[CDN health] end Sticky --> Player Health --> Player Player -->|Failover on policy| CDN_B CDN_B --> Player

Live event behavior

Live events create short bursts of manifest and segment requests on cadence boundaries. Multi-CDN helps absorb these bursts if segment publication, cache behavior, and purge policies are aligned. Publication must sequence write, verification, and reference update so that segments exist before playlists point to them. For rolling windows, negative caching of 404 should be kept very short because late publishing can create temporary gaps. Soft purge is preferred when windows move or when bitrate ladders change, because it avoids large origin spikes.

Ad insertion

Server side ad insertion modifies manifests in real time and may add short lived segments. Caching should consider cache keys that include viewer or cohort identity only when content truly differs. Otherwise, cache fragmentation reduces hit ratios and increases origin load. Where personalization is required, manifests may become uncacheable and only segments remain cacheable. Telemetry must separate content delivery errors from SSAI decisioning errors.

Packaging and origin strategy

Packagers generate manifests and segments from mezzanine inputs or just in time from archives. Multi-CDN requires packagers that can serve both providers with the same URLs and metadata. Packaging should use deterministic naming for segments and partial segments so both CDNs cache identical objects. Origin shielding protects packagers from thundering herds when new segments release. Shield locations should be close to packagers to keep time to first byte low across bursts.

Caching strategy

Segment URLs are immutable, so long TTLs and strong validators are appropriate. Manifests change rapidly and require short TTLs with ETag or Last-Modified. Revalidation for manifests should be cheap at the packager, returning 304 with updated freshness directives when appropriate. For low latency modes, partial segment caches must be tested for behavior on overlapping ranges. Range coalescing and collapsed forwarding reduce duplicate origin fetches.

Playlist variants and ABR

Adaptive bitrate manifests reference multiple tracks. Variant lists must be consistent across providers so player choices do not depend on route. Variant ordering should remain stable to reduce churn. For live channels that change ladders dynamically, clients must handle updates without resetting playback. CDN caches must not serve stale variant lists after a ladder change. Validators and soft purge help move caches to the new set.

Transport protocols

HTTP/2 and HTTP/3 change connection behavior and head of line blocking characteristics. Many players prefer persistent connections for segment fetches. Mixed protocol behavior across providers can change effective throughput. Enable the same set of protocols on each CDN and track playback metrics by protocol to detect regressions. UDP reliability for HTTP/3 must be validated in target regions and networks.

Failure handling

When a CDN is degraded, stickiness rules must allow controlled failover. A conservative approach replaces the route for new sessions while allowing existing sessions to complete, unless error rates exceed a threshold that justifies immediate migration. Manifests should include absolute URLs or consistent base URLs so that switching providers does not break path resolution. Error handling should prefer stale segments briefly over failing a session when correctness allows it.

Telemetry and QoE

Video quality is measured by startup time, stall count and duration, average bitrate, rendition switches, error rates, and completion rates. RUM from players provides ground truth. Synthetic probes verify correctness of playlists and cold cache behavior but do not reflect last mile conditions. Metrics must be segmented by provider, region, ASN, protocol, device class, and content type. Correlating CDN routing decisions with QoE changes confirms that steering improves outcomes. License errors and key errors must be tracked separately from segment fetch errors.

sequenceDiagram participant Pl as Player participant CDN as CDN participant P as Packager Pl->>CDN: GET master.m3u8 CDN-->>Pl: 200 or 304 Pl->>CDN: GET variant.m3u8 CDN-->>Pl: 200 or 304 Pl->>CDN: GET segment_001.ts CDN->>P: MISS fetch segment P-->>CDN: 200 segment bytes CDN-->>Pl: 200 segment bytes Note right of Pl: Record startup time, stalls, bitrate

Purge and rollover

On demand libraries rarely need purge beyond operational fixes. Live channels roll windows continuously. When encoder resets or key rotations occur, purges should remove only the affected path or tag to avoid cache collapse. Revalidation signals should push caches to the new cryptographic state without mass invalidation of unrelated content. Purge controllers must translate intent to each CDN API and record results for audits.

CDN differences

Providers differ in cache hierarchy depth, range handling, default negative caching, and LL-HLS or LL-DASH feature maturity. A provider matrix should document behaviors that affect manifests and segments. Tests should exercise overlapping range requests, partial segment publication, and mixed protocol connections. Configuration should target the lowest common denominator when parity cannot be achieved safely.

Operations

Events require rehearsals. Load and latency should be profiled with synthetic bursts and regional failover drills. Packagers, shields, and CDNs should be observed with the same dashboards during the event. Alarms should page on startup time and stall rates before synthetic probe scores. Runbooks must include actions for disabling low latency mode, pinning to a single provider, or reducing ladder complexity under stress. Post event reviews should compare provider performance and update steering and capacity plans.

Compliance and data handling

Playback telemetry can include identifiers. Collection and retention must follow documented policies and regional laws. DRM license paths and key servers process sensitive data and should remain in defined jurisdictions when required. Manifests must not expose personally identifiable information.

For cache behavior and purge strategy see /multicdn/cache-consistency/. For origin and shielding design see /multicdn/origin-architecture/. For telemetry that feeds routing decisions see /multicdn/signals-telemetry/. For steering rules and stickiness see /multicdn/traffic-steering/.

Further reading

Apple HLS specification describes playlists, keys, and low latency behavior. ISO/IEC 23009-1 defines MPEG-DASH. ISO/IEC 23000-19 defines CMAF. Platform documentation for license services and player telemetry should be reviewed for regional support and limits.