Building an Enterprise Anycast CDN at the Network Edge

This series is a theory — my theory. It is not presented as a standard, a prescription, or a finished product, but as a deliberate exploration of an idea that emerges from operating large networks over time. Some parts are well‑understood practices; others are hypotheses tested through reasoning, experience, and constraint. Like any good theory, it is meant to be examined, challenged, adapted, and occasionally rejected. What follows is an attempt to think clearly and honestly about what might be possible, not to declare what must be done.

Section 6 — Private Transport as an Optimization, Not a Dependency

By now, the system should make sense without any mention of private WANs or MPLS. That is intentional.

A useful test of the architecture is this: if all private transport disappeared, would the system still function correctly? In this design, the answer must be yes.

Private transport improves performance. It must never be required for correctness.

Why Private WANs Complicate Design

Private WANs such as MPLS are often cleaner, faster, and more predictable than the public Internet. This makes them attractive — and dangerous.

When private transport is treated as a foundational dependency:

• Failures become harder to reason about
• Bootstrap assumptions leak into steady state
• Implicit trust replaces explicit verification
• Recovery paths are poorly exercised

In short, the system becomes correct only when everything is working.

Earned Use of Private Transport

In this architecture, private transport is introduced only after:

• Nodes have discovered each other
• Nodes have authenticated over an untrusted medium
• Overlay adjacencies exist and are stable

At that point, private links may be used as an alternative underlay for existing adjacencies.

Nothing new is created:

• No new peers
• No new routes
• No new trust relationships

Only the path between already‑trusted nodes improves.

Dual Underlay, Single Truth

When both Internet and private transport are available, the system effectively has two underlays.

The overlay routing plane remains unchanged.

• Service truth is still advertised the same way
• Withdrawal semantics are unchanged
• Safety boundaries remain intact

The only difference is that traffic between edge nodes may take a faster or more reliable path.

Correctness does not depend on which underlay is used.

Failure Scenarios Remain Simple

Because private transport is optional:

• Loss of MPLS degrades performance, not correctness
• Internet paths automatically resume carrying traffic
• No re‑convergence logic is required

This is a deliberate inversion of traditional designs, where private WANs are primary and the Internet is fallback.

Here, the Internet is the common denominator.

Keeping Trust Boundaries Intact

Perhaps most importantly, private transport never bypasses the controls established earlier in the series.

• Routes remain narrowly scoped
• Prefix filters still apply
• Overlay adjacencies are unchanged

Private WANs do not become a side door around authentication or policy.

They simply provide a better road between places that already trust each other.

In the next section, we will look at the final safety boundary: how strict routing policy — down to a single allowed prefix block — enables automation without fear.