Network visibility
for the Pacific edge.
A public observability portal for CDN edge health, transit quality, cache performance, and operational transparency in the New Zealand access region.
How the edge works
Traffic flow from client to origin through the New Zealand edge cluster
βββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ ββββββββββββββββ β Client ββββββΆβ Edge Proxy ββββββΆβ Nginx Cache ββββββΆβ Origin β β Browser/App β β TLS Termination β β HIT / MISS β β AR (US) β β β β HTTP/2, QUIC β β Compression β β 129.146.x.x β βββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ ββββββββββββββββ NZ / AU / ASIA Auckland POP Edge Storage US-West
Edge Nodes
Active PoPs in the New Zealand and Oceania region
Auckland β NZ-AKL-01
Main edge PoP. Handles 62% of NZ-region traffic. 40Gbps uplink to Telstra Transit.
Wellington β NZ-WLG-01
Secondary edge. 10Gbps uplink. Failover for AKL when latency exceeds 30ms.
Sydney β AU-SYD-01
Oceania transit hub. Routes AU and APAC fallback traffic. 20Gbps uplink.
Tokyo β JP-TYO-01
Asia-Pacific peering point. Direct peering with IIJ and KDDI. 10Gbps uplink.
Los Angeles β US-LAX-01
Trans-Pacific origin shield. Reduces origin fetches by 40%. 40Gbps uplink.
Singapore β SG-SIN-01
Southeast Asia relay. Currently undergoing capacity upgrade from 10G to 20G.
Real-time Traffic
Aggregate bandwidth across all edge nodes (24h window)
Key Metrics
Cache Performance
HIT ratio averaged 92.4% over the last 7 days. Immutable assets (JS/CSS/fonts) achieve 99.8% HIT rate. HTML pages are cached for 1 hour with stale-while-revalidate.
Connection Quality
Average RTT to NZ clients: 18ms. P99 RTT: 42ms. TCP Fast Open reduces handshake latency by ~30ms on repeat connections.
Security Posture
All edges terminate TLS 1.2+ with HTTP/2 ALPN. HSTS enabled. OCSP stapling active. Certificate rotation automated via Let's Encrypt with 90-day ECDSA certs.
Origin Protection
Origin shield at LAX reduces direct origin hits by 40%. Stale-if-error policy serves cached content for up to 72h during origin outages. Rate limiting at 10k req/s per edge.
Supported Protocols
HTTP/2
Default protocol for all TLS connections. Server push enabled for critical assets. HPACK compression for header efficiency.
QUIC / HTTP/3
Experimental QUIC support on selected edges. 0-RTT connection resumption. UDP-based transport reduces head-of-line blocking.
WebSocket
Full WebSocket proxy support with connection keep-alive. Used for real-time monitoring dashboards and live data feeds.
gRPC
gRPC passthrough with automatic content-type detection. HTTP/2 transport multiplexing for high-throughput service meshes.
Service Health
All monitored systems. Updated every 60 seconds.
Per-Region Latency (ms)
Network Map
Edge PoPs, transit paths, and peering relationships
Transit Paths
NZ β AU
Telstra Transit, 40Gbps. RTT ~28ms. Primary path for APAC fallback.
NZ β US
Southern Cross Cable, 100Gbps. RTT ~130ms. Origin shield path.
NZ β JP
IIJ peering, 10Gbps. RTT ~95ms. Direct peering, no transit.
AU β SG
StarHub Transit, 20Gbps. RTT ~72ms. SEA relay path.
Peering
Incident History
Chronological list of all operational events
Cache warm-up completed
After edge config refresh, immutable assets repopulated across all PoPs. Cache HIT ratio returned to 92% within 4 hours.
TLS policy update
Updated ALPN and cipher suite configuration across all edges. HTTP/2 negotiated successfully. No client impact observed.
Origin shield tuning
Adjusted stale-if-error and stale-while-revalidate policies for HTML and static asset classes. 2-minute increase in P95 latency during deployment.
Certificate rotation
All edge certificates renewed via automated Let's Encrypt flow. ECDSA P-256 keys. Zero-downtime rotation.
Singapore PoP capacity upgrade
SG-SIN-01 uplink upgraded from 10G to 20G. No service interruption. Traffic rerouted to SYD during maintenance.
Scheduled maintenance β firmware update
Edge network stack updated. 3-minute rolling restart across PoPs. QUIC experimental support re-enabled.
DDoS mitigation test
Successfully mitigated 12Gbps volumetric attack targeting NZ-AKL-01. Cleaned within 90 seconds. No customer impact.
New PoP: Tokyo
JP-TYO-01 online. Direct peering with IIJ and KDDI. 10Gbps uplink. Asia-Pacific latency improved by 15%.
CDN Documentation
Cache rules, TLS policy, API reference, and header conventions
Cache Rules
Static assets are cached based on file extension and path patterns. Immutable assets use a 30-day window. Dynamic paths bypass cache entirely.
# Immutable assets (hashed filenames) Cache-Control: public, max-age=2592000, immutable Path: ~* \.[a-f0-9]{8,}\.(js|css|woff2|woff|ttf)$ # Generic static assets Cache-Control: public, max-age=604800 Path: ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|webp|avif|mp4|mp3|pdf)$ # HTML pages Cache-Control: public, max-age=3600, stale-while-revalidate=300 Path: /, *.html # API / management Cache-Control: no-store Path: /api/*, /admin/*
TLS Policy
# Supported protocols TLS 1.2, TLS 1.3 # Cipher suites (TLS 1.3) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 # ALPN protocols h2, http/1.1 # Certificate ECDSA P-256 (Let's Encrypt, 90-day auto-renewal) OCSP Stapling: enabled HSTS: max-age=31536000; includeSubDomains
Status API
Public JSON endpoint for programmatic status checks.
# GET GET /status.json # Response { "region": "nz-edge", "status": "operational", "updated_at": "2026-05-04T14:30:00Z", "components": [ { "name": "edge-cache", "status": "operational" }, { "name": "tls-termination", "status": "operational" }, { "name": "origin-shield", "status": "operational" }, { "name": "routing", "status": "operational" } ] }
Response Headers
# Standard edge headers X-Cache-Status: HIT | MISS | STALE | BYPASS | EXPIRED X-Cache-Age: 3420 X-Edge-Location: NZ-AKL-01 X-Served-By: nginx/1.24.0 X-Request-ID: req_a1b2c3d4e5f6 # Security headers Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: DENY
Rate Limiting
Default rate limits per client IP:
# Default limits Global: 10,000 req/s per IP HTML pages: 500 req/s per IP API endpoints: 100 req/s per IP Static assets: 10,000 req/s per IP # Response when limited HTTP 429 Too Many Requests Retry-After: 5 X-RateLimit-Limit: 10000 X-RateLimit-Remaining: 0 X-RateLimit-Reset: 1683201600
Changelog
Version history and release notes for the edge platform
2026-05-04 β Cache policy refresh
Updated immutable asset cache windows. Added stale-while-revalidate for HTML. Reduced origin shield buffer by 20%.
2026-04-28 β TLS cipher update
Removed TLS_RSA_WITH_AES_128_CBC_SHA from cipher list. Enabled ECDHE-ECDSA-CHACHA20-POLY1305 for mobile clients.
2026-04-17 β Origin shield tuning
Adjusted stale-if-error from 24h to 72h. Added fallback to LAX shield when NZ shield returns 5xx.
2026-03-28 β SG PoP upgrade
Singapore uplink 10Gβ20G. Added BGP community tags for traffic engineering.
2026-02-10 β Tokyo PoP launch
New edge in Tokyo. Direct peering with IIJ (AS24115). QUIC experimental support enabled on JP edges.
2026-01-15 β Major platform upgrade
Migrated to nginx 1.24. Added HTTP/2 server push. Implemented origin shield architecture. 40% reduction in origin fetches.
2025-11-20 β DDoS mitigation
Deployed volumetric attack mitigation pipeline. 12Gbps capacity. Automatic blackhole routing for flagged prefixes.
2025-09-01 β Status API v2
Redesigned /status.json with component-level granularity. Added /status/history endpoint for 90-day data.
NZ Edge Observatory
Transparency and operational information for our network
Mission
NZ Edge Observatory provides public operational transparency for the New Zealand and Oceania CDN edge network. We publish real-time status, maintenance schedules, cache policies, and diagnostic tools to help our partners and users understand and verify the health of our infrastructure.
Infrastructure
Our edge cluster operates across 5 active PoPs in Auckland, Wellington, Sydney, Tokyo, and Los Angeles. Total aggregate capacity: 120 Gbps. Transit providers include Telstra, NTT, PCCW, and Vocus. Direct peering with IIJ and SingTel.
Security
All edges terminate TLS 1.2+ with automated certificate rotation. HSTS and OCSP stapling enabled. Rate limiting active. Volumetric DDoS mitigation pipeline at 12Gbps capacity. Origin shield architecture reduces direct origin exposure.
Contact
For operational inquiries: noc@nz.88665577.xyz
For security disclosures: security@nz.88665577.xyz
Status Page
This portal is itself hosted on the edge network. A 90-day uptime history is available via the Status API.
Looking Glass
Browser-based network diagnostic tools
DNS Lookup
Enter a hostname to resolve.
ready
HTTP Headers
Check response headers for a URL.
ready
Quick Ping
Measures round-trip time to this server.
ready