Skip to content(if available)orjump to list(if available)

Akamai to shut down its CDN operations in China

Akamai to shut down its CDN operations in China

151 comments

·January 5, 2025
Visit

052c7028e

I worked on the censorship and government reporting (sending all logs) infrastructure for Akamai China CDN. I'm glad to see it get shut down. Happy to answer questions.

Previous discussion about it: https://news.ycombinator.com/item?id=33678019

jimmydoe

Thanks for the disclosure. Don’t feel too bad, those stuff you helped built may not cause much damage as you feared.

CDN used to be at the front line of blocking content and surveillance citizens, nowadays that happens mostly thru social networks.

Unlike other countries, Chinese citizens are ultra online, and mostly concentrated on two platforms Webo and Wechat. Most other online services all require authentication via either of these two, plus cellphone number. So for govt it’s very simple to block anything or see any identity, CDN hardly play any major role anymore.

thedevilslawyer

Thanks for the offer - would like to understand:

1. How was working with China requests and logging, differing from working with other nation states?

2. Was there full services brought up only for China specific needs? What would they take care or?

3. How would any blocks work? allowlist or denylist? Was takedown immediate, or was it working with the customer/client and getting them to take it down within SLA?

052c7028e

1. At the time it was the only nation state that had specialty infrastructure except for maybe the US.

2. There were specific infrastructure changes made for blocking and sending logs inside mainland china.

3. The CDN node would deny access to specific urls uploaded by the Chinese partner company. I don't remember the SLA. The SLA for reporting visited URLs was 15m IIRC

CheyiLin

A friend mentioned this a few weeks ago during a conversation with someone in the industry. Apparently, it’s because the China government directly mandated it, so Akamai had no choice but to transfer their business to domestic China providers. For example, PSN is now being handled by Tencent.

eh_why_not

> All current China CDN customers must complete the transition to our Partners’ solution by June 30, 2026...

Can anyone here who works in the field shed some light on why it takes a whole 1.5 years for such a change to take effect?

What's involved in a CDN transition that can't be done in, say, 6 months?

wafflerewire

My enterprise sized day job is an Akamai customer. Nothing in China directly so we won't be directly impacted.

As a hypothetical, if we got told that we had to switch providers to stay in a region, we'd need to rebuild pipelines, EdgeWorkers, edge caching rules, origin routing configurations and probably more I'm not aware of. Plus testing all of those changes in a non-breaking way across the entire enterprise. Along with all the normal business delivery priorities.

It'd probably take a solid year for us to fully execute it.

biesnecker

This. People tend not to realize how sprawling enterprise software stacks tend to be, how many implicit dependencies have to be untangled, etc. Even simple things can take years and complicated things often just don’t get done at all.

colechristensen

Yes, dealing with the mess that is your software stack, the mess that is your corporate structure, and the mess that is your change management process means that things a couple dudes in your startup could accomplish in a week would take a year at a crusty enterprise.

viraptor

There's also a finance process. Akamai deals mostly with enterprise customers, which means step 1 may be technical validation, but step 2 is negotiating an appropriate contract with another provider, which may take weeks on its own without a clear go/no-go answer in the meantime.

null

[deleted]

mihaaly

Sounds fragile and pretty exposed.

(Also a complete layman here)

freedomben

It's actually the opposite. I thought the same thing before working in big enterprise though so I definitely understand how you could think that.

In reality everything takes 10x longer because things are done in a very thorough way and typically with significant redundancy (high availability). The code bases are typically shite and personally I'd rather eat nails than work on them, but they are reasonably well tested and changes are typically done very conservatively. Big enterprise devs are also really good at not breaking production. As much as I detest that environment, I do think startups in general could learn a great deal about not breaking production from the big enterprise people.

n144q

No, quite the opposite. Big companies likely also have other big(ger) companies as partners/customers, all of which want stableness and see things keep working. Therefore companies need careful planning, execution and testing to ensure there is minimal disruption.

Startups and a certain company can move fast and break things. But not everyone can do this.

remus

I don't think it's particularly fragile. Big systems have big dependencies, and moving those dependencies takes time if you want to minimise risk.

dogma1138

It’s the difference between all hands on deck for 6 months and a reasonable pace over 18 months.

If you are just running a single website with DNS fronting that’s not an issue.

But large customers tend to have more advanced connectivity on L3/4 and asymmetric routing.

Then there is the CDN part itself are you only using the basic auto caching? That’s not a problem but if you manually manage it then all that needs to be converted as well and there is no guarantee that the partner API would be compatible or even have the same functionality as your current CDN.

jpollock

Vendor validation alone can take months, and that's before you start the technical process of migrating.

This is a company who is in front of your business, do you trust them?

I expect a lot of businesses will take the opportunity to send the contract out for tender.

Aissen

It's specifically because Akamai wants to preserve its reputation amongst enterprise customers paying $$$ that it's giving such a big delay. And I can predict it won't be enough for many.

freedomben

No doubt there be a lot of companies who don't finish until nearly the end. Barring legal reasons, I'm guessing there will actually be an extension because enough corps won't be ready at that point. Also would expect Akamai to offer extended support beyond that date (for a significant cost) on a customer by customer basis.

donavanm

CDNs are much more than dumb http1.1 compliant content caches these days. And every CDN has a huge number of integrations and functionality. All of which have a different impleme tation and behavior for different providers. Its probably a good analog to an infrastructure (“cloud”) migration. And even harder to test, validate, and switch the actual service provider as they _are_ “the front end.”

pfraze

Also consider that every company has their existing roadmap. Getting the work scheduled can be difficult.

pyb

Anything less would be throwing your customers under the bus.

Of course there are well known companies out there closing services with a only couple months notice ; but that's not an example to follow.

inkyoto

Because Akamai is substantially more than a CDN (arguably, CDN is now a smaller – albeit not small – part of their business): it is also certificate management, WAF, web app/API protection, IAM, edge DNS, edge workers, complex CDN rules, analytics and a whole bunch of other stuff.

Enterprise customers also typically and mostly use Akamai in non-CDN scenarios so they will have a hard time migrating off it if a need be, especially if they have invested heavily in Akamai.

GabensIntern

Akamai is also a CDN that [works for domain fronting][1], which is an amazingly reliable way to get around the Chinese Firewall via [Collateral Freedom][2].

Tor's meek used Azure for domain fronting.

Akamai likely faced some pressure from the govt because of this.

[1]: https://github.com/vysecurity/DomainFrontingLists/blob/maste...

[2]: https://en.wikipedia.org/wiki/Collateral_freedom

dilyevsky

With fastly stopping df last year and cloudflare a while before that it seems like tor/snowflake options are dwindling fast

cyp0633

I remember the days when jsDelivr suddenly lost its ICP licence, and therefore got an immediate ban in China Mainland. It used to be a really reliable CDN service for both China and abroad. Then it suddenly failed. PS: China now allows foreign entities to run CDNs, ISPs and IDCs in specific cities, starting from Apr 2024. This could be because something else.

Havoc

Was there a regulatory change?

Gitlab also recently pulled out

ghaff

I see a lot of US organizations decoupling stuff from China, especially if it's fairly peripheral, such as pulling back from running events there. But there's also a lot of more fundamental second-sourcing and the like.

tokioyoyo

Well depends on the organizations. Some of the organizations aren't actually pulling away from China, as they're just getting outcompeted in terms of price/quality by local companies. To my understanding, government is trying to convince people that "Chinese products can also be luxury", and some people are switching.

mayama

Or it could be part of general trend of splitting off internet and creating a firewalled chinese internet. PRC is explicitly favoring this outcome for decades now with explicit incentives via legal, financial and social routes.

tokioyoyo

They already did that ages ago. Any web tech company that wants access to Chinese market needs to play ball with PRC (just like what Apple and Microsoft does). Average Chinese person really doesn't care about global web, and the ones that really do, figure a way out through VPNs. I'm not Chinese, so I might be totally wrong, but that is my perception of talking to expats or people who still in the country.

ghaff

Organizations dealt with certain "weirdnesses" (the great Firewall) for a long time. But my sense is that over the past few years there's been an increasing sense of pulling back from all this.

csomar

It is going both ways. This is less about censorship and more about having a full local and independent supply chain. The two are going to war unless one of them collapses first or the US cedes Asia to China.

supercurry

[dead]

talldayo

The writing has been on the wall for over a decade, at this point. The only companies that "risk it" with China are the ones that rely on borderline (or in some cases, literal) slave labor to maintain their margins. If you don't have an outstanding manufacturing investment to honor, it's a net-negative reliance in many cases.

soared

This is not remotely accurate. Plenty of large tech companies still play in China. The difficulties are very high but if you are big enough the huge market size it’s still very profitable. I don’t think google/etc are in China for its slave labor.

ghaff

Certainly, depends on the company/organization. If working in China is a big win then many companies will decide to continue doing so while preparing other options. If it's more marginal, then starting to carefully pull out probably makes sense. Which is more or less what I'm seeing. I'm not sure about ten years but the situation over the last five has started to become pretty clear.

flaminHotSpeedo

It's not just tech companies, many entertainment companies (e.g. video games, media) do the same, even at the risk of alienating or angering Western customers

alephnerd

> Plenty of large tech companies still play in China

Depending on the segment you are in within the tech industry, the Chinese subsidiary of the foreign company might be a white-labelled Chinese offering (eg. AWS China, Azure China) or entirely unique IP developed in-house by the Chinese subsidiary.

ghaff

For many things, it was never a particular net positive. At this point, it makes sense to cleanly and quietly withdraw. This particular release isn't especially quiet but many companies are just stopping doing activities at convenient points.

robinjhuang

Canva has a great presence in China.

alephnerd

Canva is Australian though.

usr1106

Edited submission title to get more clicks?

The original title is "Entering strategic partnerships in China".

RandyOrion

Interestingly, gitlab.com is pulling out from China, too.

almaight

gitlab.cn

DrWhax

Curious if Cloudflare will follow

DenseComet

Cloudflare’s China presence is already operated by a local company, like what Akamai is switching to.

https://blog.cloudflare.com/cloudflare-partners-with-jd-clou...

l1n

https://www.akamai.com/newsroom/press-release/akamai-announc... related

bdcravens

Is it? I'm not familiar enough with those certifications to know if that requires them to divest of their offerings in China.

hlieberman

It’s not. They’ve held FedRAMP certifications for more than a decade.

Source: ex-Akamai InfoSec employee

thaumasiotes

The requirements of the certification might change for political reasons.

ksec

Fortunately Akamai is still operating in Hong Kong and not pulling out. Unlike Gitlab which pulls out of whole Hong Kong and China.