Dynamic Content Acceleration
The Dynamic Content Acceleration service leverages the high-quality connectivity between Incapsula network PoPs to improve response time.
In this topic:
- Dynamic Content Acceleration
When a client request is made for dynamic resources (resources that are not cached on the Incapsula proxy), the request must be sent on to your origin server. The Dynamic Content Acceleration service routes this traffic across our network, between Incapsula PoPs, resulting in improved performance.
Your site www.example.com is located in a data center in New York. Standard routing looks like this:
After you have enabled the Dynamic Content Acceleration Service, routing looks like this:
- A request to www.example.com reaches the Incapsula PoP located in Sydney ("Client PoP"). The proxy determines that the content is dynamic and cannot be served from the cache. (A2 in the image)
- The proxy routes the traffic to the Incapsula PoP with best connectivity to the origin server for www.example.com ("Origin PoP"), located in New York. (B2)
- The Origin PoP sends the request on to your origin server in New York (C2)
- When your origin server sends a response, the Origin PoP receives it and sends it back to the Client PoP, which then responds to the end user.
Round-trip time (RTT) improvements are based on:
- TCP optimization: Open PoP to PoP connections on our network are maintained and reused. This eliminates TCP slow start, in which data transmission is increased gradually until the network's maximum capacity is determined.
- Reduced latency: The latency resulting from the TLS handshake is reduced. By connecting to your origin server from the PoP with the lowest RTT, time is saved on each of the four trips required to establish the connection.
To configure Dynamic Content Acceleration, configure the Origin PoP setting for each data center in each of your protected websites. Select the PoP with the lowest RTT for your origin data center. The selected PoP is used by all servers in the data center.
To activate the service:
- On the Management Console sidebar, select Websites and navigate to Website Settings > Origin Servers.
For each data center, click Help me choose to view the recommended PoPs.
Select the Origin PoP with the lowest round-trip time.
To deactivate the service, select NONE for the Origin PoP setting.
For more details on origin server settings, see Load Balancing Settings.
In some cases, the system does not provide a list of recommended PoPs. There are several possible reasons:
- There is no PoP that produces a round-trip time of less than 10 ms between the PoP and your origin server. In this case, the Dynamic Content Acceleration service will not optimize your dynamic content.
There are more than 4 PoPs with a round-trip time of less than 10 ms between the PoP and your origin server. In this case, we suspect that your server is using anycast routing or is located behind another CDN. Selecting an Origin PoP would not improve response time for your dynamic content.
- Your origin server cannot be reached. Check the configuration of your origin server and try again.
What is the expected impact on performance?
Performance improvements vary based on the geographic traffic distribution of a site, and on your origin server's proximity to an Incapsula PoP. Our tests have shown an average improvement of 30% in RTT latency.
Can opting-in have a negative impact on performance?
Yes. If the origin data center isn’t near an Incapsula PoP (within <10ms RTT), activating the service may have a negative impact on site performance.
Can rate limiting on the origin be an issue?
Yes. When Dynamic Content Acceleration is enabled, all traffic reaches the origin from a single PoP. If you have implemented a rate limiting policy per IP on your origin server, the traffic reaching the origin may exceed the threshold and result in dropped traffic.
Can I whitelist just the Origin PoP IPs instead of the Incapsula ranges?
No. In the event of a connectivity issue between the origin PoP and your origin data center, Incapsula automatically reverts to the standard traffic flow and sends the traffic from the PoP closest to the client directly to your origin server. The origin must be able to accept connections from any Incapsula PoP, regardless of the Origin PoP setting.
Is there a change in the way that caching works?
No. Cacheable resources are returned from the PoP closest to the client. Only requests reaching the Origin PoP are forwarded to the origin.
How can I check if Dynamic Content Acceleration is enabled?
Run XRAY Debug Headers and check for the incap-origin-pop header.