Netflix Streaming - Learning Module

Loading content...

0/273

Open Connect CDN

Building a Purpose-Built Global CDN

In 2007, Netflix started streaming video using third-party CDNs like Akamai and Limelight. By 2012, as streaming exploded in popularity, Netflix was paying hundreds of millions annually for CDN services—and still facing quality limitations. The solution was radical: build a proprietary CDN from scratch.

Open Connect launched in 2012 and now delivers over 95% of Netflix traffic globally. It's not just a cost-saving measure—it's a strategic asset that enables quality and features impossible with generic CDNs.

This page examines Open Connect in depth: its architecture, deployment models, the control plane that orchestrates it, ISP partnership dynamics, and the technical innovations that make it the world's most efficient video delivery network.

Scale Perspective

Open Connect comprises 15,000+ servers across 1,000+ locations in 50+ countries. During peak hours, it accounts for approximately 15% of all downstream internet traffic in North America. A single Open Connect Appliance can serve 100+ Gbps—more bandwidth than entire data centers at many companies.

Why Build a Custom CDN?

Building infrastructure from scratch is usually a mistake—buy don't build. Why did Netflix choose differently? The answer lies in video streaming's unique characteristics and Netflix's scale.

Problems with Third-Party CDNs

•Cost at Scale — CDN pricing doesn't scale linearly. At Netflix's volume, costs were astronomical.
•Generic Optimization — CDNs optimize for diverse workloads. Video streaming has specific needs that differ from web content.
•Limited Visibility — Black-box nature limits ability to debug quality issues and optimize delivery.
•Inflexible Routing — CDNs control routing algorithms. Netflix couldn't experiment with custom strategies.
•ISP Friction — Third-party CDNs have their own ISP relationships, sometimes conflicting with Netflix's interests.

Advantages of Open Connect

•Optimized for Video — Every component designed for streaming, not general web content.
•Direct ISP Relationships — Partner directly with ISPs for optimal placement and peering.
•Full Visibility — Complete telemetry from every server, every stream, every byte.
•Custom Algorithms — Experiment with routing, caching, and delivery without vendor constraints.
•Long-Term Economics — Higher upfront cost but dramatically lower per-stream cost over time.

The Build vs Buy Calculation:

At 2012 scale (30 million subscribers, ~3% of today's traffic), the math was already compelling:

Third-Party CDN Cost:

~$0.02 per GB delivered
Billions of GB per month
Hundreds of millions annually

Open Connect Cost:

Hardware: $10-20K per server
Operational cost: $2-5K per server per year
15,000 servers = $150-300M upfront + $30-75M/year operations

With Netflix serving exabytes of content, Open Connect pays for itself multiple times over each year. The economics only improve with scale.

Not for Everyone

Open Connect makes sense at Netflix scale. For smaller streaming services, third-party CDNs remain the right choice. The crossover point is typically hundreds of petabytes per month—traffic levels only a handful of companies reach.

Open Connect Appliance (OCA) Deep Dive

The Open Connect Appliance (OCA) is a purpose-built server optimized for a single task: serving video efficiently. Every component—hardware and software—is chosen for this specific workload.

Hardware Architecture

•Storage Subsystem — 36 SSDs per server providing 200-400 TB capacity. NVMe for lowest latency. Configured in RAID-like arrangements for performance, not redundancy (content is replicated across servers).
•Network Interface — 100 Gbps Mellanox NICs (latest generation: 200-400 Gbps). Kernel bypass (DPDK) for maximum throughput. Multiple 25/100G ports for redundancy.
•CPU — AMD EPYC processors chosen for core count and PCIe lanes. TLS termination is the primary compute workload. 64+ cores handle 100K+ concurrent TLS sessions.
•Memory — 256-512 GB DDR4. Used primarily for filesystem cache (hot content) and TCP buffer space. Not for application state—OCAs are stateless.
•Power Optimization — Custom firmware for power efficiency. Typical draw: 500-800W at full load. PUE (Power Usage Effectiveness) optimization critical at scale.

OCA Generations and Evolution
Generation	Year	Storage	Network	Key Improvement
Gen 1	2012	36 HDD (108 TB)	10 Gbps	Initial deployment
Gen 2	2014	36 HDD (144 TB)	40 Gbps	4x network speedup
Gen 3	2016	36 SSD (216 TB)	100 Gbps	SSD transition, 10x IOPS
Gen 4	2019	36 SSD (360 TB)	100 Gbps	NVMe, larger SSDs
Gen 5	2022	36 SSD (400+ TB)	200-400 Gbps	PCIe 4.0, next-gen NICs

Software Stack Deep Dive:

Operating System: FreeBSD

Netflix chose FreeBSD over Linux for OCAs due to:

Superior network stack for high-throughput streaming
ZFS for reliable, self-healing storage
BSD license allows proprietary modifications
Netflix engineers actively contribute to FreeBSD kernel

HTTP Server: Custom nginx Fork

Netflix forked nginx and heavily modified it:

Sendfile (zero-copy I/O) optimizations
TCP tuning specifically for streaming workloads
Custom logging for Netflix telemetry
Integration with FreeBSD's network stack optimizations

TLS Termination:

Every video byte is encrypted. OCAs must terminate TLS at 100+ Gbps:

Hardware acceleration via AES-NI instructions
Session ticket reuse to minimize handshakes
OCSP stapling for certificate validation
TLS 1.3 for reduced round trips

Content Storage:

Content is stored as simple files on ZFS:

Content-addressable naming (hash in filename)
No database—filesystem is the database
ZFS compression for rarely-accessed cold content
Automatic scrubbing for corruption detection

Simplicity at Scale

OCAs are remarkably simple by design. No application databases, no complex state management, no microservices. Just receive HTTP requests, read files from disk, send bytes over network. This simplicity enables reliability—fewer components mean fewer failure modes.

Deployment Models and Location Selection

Open Connect servers are deployed in three primary models, each serving different purposes and requirements. The choice of model depends on traffic volume, ISP relationships, and geographic needs.

Deployment Model Types

•ISP-Embedded (Inside ISP Network) — Servers placed directly within ISP data centers or central offices. Zero internet transit—content never leaves ISP network. Lowest latency, highest quality. Requires ISP partnership. Used for largest ISPs (Comcast, Verizon, Deutsche Telekom).
•Internet Exchange Point (IXP) — Servers at major IXPs where many networks interconnect (e.g., DE-CIX, AMS-IX, LINX). Good reach to multiple networks. Lower partnership overhead than ISP-embedded. Used for regions with fragmented ISP landscape.
•Colocation Facilities — Traditional data center deployments in carrier-neutral facilities. Reach via peering and transit. Used for initial coverage before ISP partnerships established. Higher cost but faster deployment.

Converting Mermaid diagram...

Location Selection Criteria:

Netflix evaluates potential locations using multiple factors:

Traffic Analysis:

Current Netflix traffic volume from that network/region
Growth trajectory and projections
Peak vs. average traffic ratios

Network Quality:

Existing latency to nearest OCAs
Packet loss rates on current paths
Bandwidth constraints on current paths

Economic Factors:

Cost of placement (colocation fees, power)
Transit/peering cost savings from local serving
ISP willingness to participate (for embedded)

Operational Considerations:

Physical security and access
Power reliability and redundancy
Network connectivity redundancy
Remote management capability

A location is added when the ROI is positive—when traffic volume justifies the capital expense and operational overhead.

ISP Partnership Program

Netflix provides OCAs to qualifying ISPs at no cost—no hardware fee, no licensing fee. ISPs provide rack space, power, and network connectivity. Both parties benefit: Netflix gets optimal delivery, ISPs reduce their backhaul traffic. This 'free equipment' model has driven rapid adoption across major ISPs worldwide.

Control Plane: Orchestrating the Fleet

While OCAs are simple content servers, the control plane that manages them is sophisticated. It handles steering decisions, cache management, health monitoring, and configuration across 15,000+ servers.

Control Plane Responsibilities

•Steering Service — Determines which OCA(s) should serve each subscriber. Considers location, load, content availability, network quality. Updates in real-time.
•Cache Management — Decides what content goes on which servers. Handles content pushes, invalidations, and replication policies.
•Health Monitoring — Continuous health checks of every OCA. Removes unhealthy servers from rotation. Alerts operations for hardware issues.
•Telemetry Collection — Aggregates metrics from all OCAs: throughput, latency, error rates, storage utilization. Powers dashboards and ML models.
•Configuration Management — Pushes configuration updates to OCAs uniformly. Manages software versions, TLS certificates, routing tables.
•Fill Orchestration — Schedules content fills during off-peak hours. Prioritizes content based on predicted demand.

Steering Deep Dive:

When a Netflix player initiates playback, it doesn't know which OCA to connect to. The steering process:

Player Request — Client requests playback of title X
Control Plane Lookup — Service identifies client's network (via IP), desired content
Candidate Selection — Control plane computes ranked list of OCAs that:
- Have the content cached (or can fetch quickly)
- Are topologically close to client's network
- Have available capacity
- Have acceptable historical quality to this network
URL Generation — Returns URLs pointing to selected OCA(s) with fallbacks
Player Connection — Player connects to primary OCA; uses fallback if primary fails

Real-Time Adaptation:

Steering decisions aren't static. If an OCA becomes overloaded mid-session:

Telemetry detects rising latency/queue depth
Control plane removes OCA from new steering decisions
Active sessions continue (graceful handling)
Player can switch to different OCA at segment boundaries

This all happens in seconds—users don't notice the orchestration.

Control Plane Availability

If the control plane fails, new playback sessions can't be steered. But ongoing sessions continue—players already have URLs. The control plane is therefore built with extreme redundancy across multiple AWS regions. It's the most protected component in the entire Netflix infrastructure.

Advanced Traffic Steering Algorithms

Optimal traffic steering is a complex optimization problem. Netflix has developed sophisticated algorithms that continuously learn and adapt to network conditions.

Steering Algorithm Inputs

•Network Topology — BGP routing tables, AS path lengths, known peering relationships. Prefer shorter AS paths.
•Historical Performance — Past streaming quality from this client network to candidate OCAs. Use quality predictors based on history.
•Real-Time Telemetry — Current load on candidate OCAs и network path conditions. Avoid overloaded paths.
•Geographic Data — MaxMind-style geo databases for IP location. Used as fallback when network data insufficient.
•Content Locality — Which OCAs have the requested content cached. Strongly prefer caching hits.
•Cost Model — Transit costs vary by path. Prefer lower-cost delivery paths when quality is equal.

Multi-Armed Bandit Approach:

Netflix uses a variant of the multi-armed bandit algorithm for steering decisions:

The Problem:

Many candidate OCAs could serve a request
Historical data provides quality estimates for each
But the best choice might be an OCA we haven't tried recently
Need to balance exploitation (use known-good) with exploration (try others)

The Solution:

Model each (client-network, OCA) pair as a 'bandit arm'
Track expected quality (mean) and uncertainty (variance)
Use Upper Confidence Bound (UCB) to select:
- If confident about quality, pick highest expected quality
- If uncertain, occasionally explore to update estimates

Continuous Learning:

Every stream provides feedback: actual quality achieved
Update models in real-time
Network conditions change (ISP upgrades, congestion patterns)
Model automatically adapts without manual intervention

Failover Logic:

Steering always provides multiple fallback OCAs:

Primary: oca1.netflix.com (best predicted quality)
Secondary: oca2.netflix.com (second best, different cluster)
Tertiary: oca3.netflix.com (different region, worst-case fallback)

Players try primary first, fall back on errors. This provides resilience without control plane involvement during playback.

Quality-Based Steering

Netflix doesn't just optimize for lowest latency—they optimize for stream quality: bitrate achieved, rebuffer rate, video resolution. A slightly higher-latency path that delivers better quality is preferred. This is why Netflix built their own CDN: third-party CDNs optimize for generic web metrics, not streaming-specific quality.

Fill Policies and Cache Warming Strategies

Getting content onto OCAs before users request it is critical for quality streaming. The fill system is a complex choreography of prediction, prioritization, and network utilization.

Fill Timing Strategies

•Scheduled Night Fill — Bulk of filling happens 2-6 AM local time. Network is uncongested, OCA capacity available. Predictable daily refresh.
•Pre-Release Push — New content pushed 12-24 hours before launch. Major releases (Stranger Things season) pushed globally with high priority.
•Reactive Fill — Cache miss triggers upstream fetch. Content pulled from fill tier and cached for future requests. Slower first request.
•Popularity Cascade — As content gains popularity, it automatically spreads to more OCAs. Viral content triggers immediate replication.
•Predictive Pre-warming — ML models predict what each region will watch. Pre-position content before demand materializes.

Content Priority for Fill Operations
Priority	Content Type	Fill Strategy	Cache Duration
P0 (Critical)	New release first 24h	Push to all relevant OCAs pre-launch	Indefinite
P1 (High)	Top 100 titles	Keep on all OCAs, immediate refill	Weeks
P2 (Medium)	Top 1000 titles	Regional OCAs, moderate fill priority	Days
P3 (Low)	Long tail content	On-demand fill only, limited replication	Hours
P4 (Archive)	Rarely accessed	Origin-only, no edge caching	N/A

Fill Traffic Engineering:

Fill operations must not interfere with viewer traffic. Several mechanisms ensure this:

Bandwidth Limiting:

Fill traffic rate-limited per OCA and per path
Automatically throttled if viewer traffic increases
Night-hour fills can use 100% of available capacity
Day-hour fills limited to spare capacity only

Hierarchical Filling:

Don't fetch from origin for every OCA
Regional fill servers aggregate demand
Content flows: Origin → Fill servers → Edge OCAs
Reduces origin egress by 90%+

Deduplication:

If 10 OCAs in a cluster need the same content, fetch once and replicate locally
Intra-cluster copying is cheap (local network)
One upstream fetch serves multiple OCAs

Graceful Degradation:

If fill infrastructure is overloaded, delay non-critical fills
New releases always get priority
Long-tail content fills can wait

Cache Hit Targets

Netflix targets 95%+ cache hit rate at edge OCAs. This means only 5% of requests need upstream fetches. For popular content, hit rates exceed 99%. This is achieved through careful fill policies, not luck—every fill decision is data-driven.

ISP Partnership Dynamics

Open Connect's success depends on ISP partnerships. These relationships are complex—technical, commercial, and sometimes political. Understanding them is essential for any large-scale content delivery system.

Benefits to ISPs

•Reduced backbone traffic — Netflix is 15%+ of traffic; keep it local
•Free hardware — Netflix provides and maintains equipment
•Better customer experience — Fewer complaints about Netflix quality
•No transit costs — Content served locally, no upstream fees
•Competitive advantage — Advertise 'optimized for Netflix'

ISP Concerns

•Rack space — OCAs occupy valuable data center space
•Power costs — ISP pays electricity (500-800W per OCA)
•Operational overhead — Coordinating with Netflix operations
•Business leverage — Netflix gains insight into ISP network
•Net neutrality optics — Perception of preferential treatment

Partnership Requirements:

To qualify for Open Connect, ISPs must meet technical and business requirements:

Technical Requirements:

Minimum subscriber base (typically 500K+ Netflix subscribers)
Adequate space in a BGP-speaking data center
10 Gbps minimum connectivity (100 Gbps preferred)
Ability to provide secure physical access for maintenance
Support for remote out-of-band management

Operational Requirements:

Named engineering contact for coordination
Timely response for hardware issues (RMA)
Notification of network changes affecting OCAs
Cooperation on traffic steering optimization

Relationship Tiers:

Tier	Subscriber Count	Typical Deployment	Netflix Involvement
Tier 1	10M+	100+ OCAs, multiple sites	Dedicated relationship manager
Tier 2	1-10M	10-100 OCAs, several sites	Regional partnership team
Tier 3	100K-1M	2-10 OCAs, 1-2 sites	Automated onboarding
IXP-only	<100K	Served via shared IXP deployment	No direct partnership

Partnership Conflicts

Not all ISPs want Open Connect. Some see it as Netflix avoiding transit payments. Others (especially those with own streaming services) resist making Netflix's experience superior. In these cases, Netflix relies on IXP deployments and transit—quality is lower, but service continues.

Monitoring, Operations, and Incident Response

Operating 15,000+ servers across 1,000+ locations requires sophisticated monitoring and streamlined operations. Netflix has developed tools and processes that enable a relatively small team to manage this massive fleet.

Telemetry Pipeline

•Server Metrics — Every OCA reports: CPU, memory, disk I/O, network throughput, connection counts, error rates. Reported every 10 seconds.
•Stream Quality Metrics — Per-stream data: bitrate achieved, rebuffer events, latency percentiles. Aggregated per-network, per-OCA.
•Infrastructure Health — Hardware sensor data: temperatures, fan speeds, disk SMART data. Predictive failure detection.
•Network Path Metrics — BGP routing changes, peering health, transit quality. Correlation with streaming quality.
•Client Telemetry — Player-side data: time to first frame, quality transitions, playback failures. Golden signal for user experience.

Operational Philosophy:

Automate Everything:

With 15,000+ servers, human-driven operations don't scale. Netflix automates:

Health check and automatic removal of failing servers
Software updates rolled out progressively
Certificate rotation across entire fleet
Capacity planning and server provisioning recommendations

No On-Site Requirements:

OCAs are designed for fully remote operation:

Remote console access (IPMI/BMC)
Remote power cycling
Remote firmware updates
Only hardware replacement requires hands-on

Hardware Replacement Process:

Automated detection of hardware failure
Server automatically drained of traffic
Ticket created with ISP partner
ISP technician (or Netflix contractor) performs replacement
Server rejoins fleet after automated validation

Typical time from failure to replacement: 24-72 hours depending on location.

Incident Response:

When issues occur, the incident process:

Automatic Detection — Anomaly detection on quality metrics
Automatic Mitigation — Traffic steered away from affected servers/regions
Alerting — Page on-call if automatic mitigation insufficient
Investigation — Root cause analysis using telemetry
Resolution — Fix applied, traffic restored
Post-mortem — Document learnings, prevent recurrence

Page Complete

You now have deep knowledge of Open Connect—Netflix's proprietary CDN that serves 15%+ of global internet traffic. From purpose-built hardware to sophisticated steering algorithms to ISP partnerships, Open Connect is a masterclass in building infrastructure at planetary scale. Next, we'll explore the Personalization Engine—how Netflix decides what to show you.