Edge computing and latency control

1) Why edge and what is latency control

Edge is the execution of logic closer to the user (PoP, CDN, local operator PoP, 5G MEC). The goal is to reduce RTT and tails (p95/p99), unload the core, and ensure geo-compliance.
Latency control - a set of architectural and protocol techniques that hold the delay in given SLOs during peaks, packet loss and dependency degradation.

Key ideas: locality, asynchrony, degradation with a priority of value.

2) Perimeter map

Static/Assets CDN: caching, image/HTML transform, Brotli, WebP/AVIF, HTTP/3.
Edge compute: functions/workers (Cloudflare Workers, Fastly Compute @ Edge, Vercel Edge, Fly. io).
Edge data: KV/SQLite-on-edge/Durable Objects/Global Tables (with consistency reservations).
Edge security: WAF/Rate limit/Bot mgmt/Geo-rules/HMAC checks.
Edge networking: Anycast, smart-routing, TCP/QUIC optimization.

3) Logic placement patterns

Shielding & warmup: origin-shield layer, warming/pinning popular keys.
Compute-on-read: banner personalization, A/B branching, geo redirects.
Pre-auth at edge: JWT/HMAC validation, dropping garbage to the kernel.
Write-through queue - Writes custom events to the edge queue with asynchronous delivery to the kernel (idempotency!).
Feature flags @ edge: quick degradation switches (lightweight page/directory mode).

4) Protocols and transport

HTTP/3 (QUIC): smaller handshake overhead, resistant to packet loss. Enable 0-RTT only for idempotent GET/HEAD.
TCP tuning (for HTTP/1. 1/2): BBR/CUBIC, `tcp_fastopen`, `keepalive`, connection pooling.
TLS: OCSP stapling, ECDSA-серты, session resumption; HSTS on the perimeter.
DNS: short TTL (30-120s) for dynamics, split-horizon, anycast resolvers.

5) Tail control: p95/p99

Hedged requests: duplicate the request for the second backend after the "starting deadline" (for example, p90 latency) and cancel the loser.
Deadline propagation: Pass' x-deadline-ms '/' grpc-timeout'to keep the chain from exceeding the SLA.
Adaptive concurrency: Restrict rota/tenant concurrency by observed-latency (AIMD).
Bulkhead & priority: critical paths (login/deposit) receive a quota and queue above class.

6) Timeouts, retreats and idempotence

Total deadline < per-hop timeout × N; retreats for idempotent surgery only.
Backoff + jitter (half-chance delays), hedging instead of blind retrays.
Idempotency-Key for POSTs (wallets/payments/bonuses).
Retry-After and client prompts (429/503) with exponential windows.

Envoy (route fragment)

yaml route:
timeout: 300ms retry_policy:
retry_on: "reset,5xx,connect-failure"
num_retries: 1 per_try_timeout: 150ms retry_host_predicate:
- name: envoy. retry_host_predicates. previous_hosts host_selection_retry_max_attempts: 3 hedge_policy:
initial_requests: 1 additional_request_chance: { default_value: 0. 5} # enable after per-timeout

7) Caching and consistency

Cache key discipline: normalization of headers/queries, Vary by the required fields.
Stale-while-revalidate: instant return of the "slightly outdated" + background updating.
Soft TTL/Hard TTL: soft obsolescence for read paths, hard TTL for critical configurations.
Signed exchanges/Signed URLs: protection of hot resources, including regional restrictions.

NGINX (SWR example)

nginx proxy_cache_valid 200 10m;
proxy_cache_use_stale updating error timeout http_500 http_502 http_504;
add_header Age $upstream_cache_status;

8) Edge-workers: examples

Cloudflare Workers (JWT + Geo)

js export default {
async fetch(req, env, ctx) {
const url = new URL(req. url);
const { country } = req. cf          {};
//Simple geo-policy if (country & &! ["DE, ""PL, ""SE,"" UA"] .includes (country)) {
return new Response("Region not served", { status: 451 });
}
//Easy JWT validation const token = req. headers. get("Authorization")?.replace("Bearer ","");
if (!token! isValid(token, env. JWTPUB)) return new Response("",{status:401});
//Prefetch critical data const resp = await fetch ("https ://origin. internal/api/v1/catalog", { cf:{ cacheTtl: 60, cacheEverything: true }});
return new Response(resp. body, resp);
}
}

Fastly Compute @ Edge (Canaries by weight)

In living rooms/pages - 5% for the new version, quick rollback via edge config.

9) Prioritization and degradation

Priority hints: HTTP/2 priorities/HTTP Early Hints (103) → early push of critical resources.
Degrade path: simplified UI template, disabling heavy widgets, lowering image quality.
Traffic shaping: limitation of animations, widgets of third-party providers in case of bad network (RUM signals).

10) Observability at the perimeter

RUM + Synthetic: Web-Vitals (LCP/CLS/INP), TTFB, RTT, потери QUIC.
Exemplars: Associate p99 spikes with specific trace_id and PoP.

SLO per region/ASN/provider: "p95 TTFB ≤ 200 ms," "p99 API ≤ 400 ms."

Tail-sampling: save errors/p99, segments' edge _ pop ',' region ',' tenant '.
Edge logs: WAF hits, bot-score, cache-status, geo-solutions.

11) Third-party script management

CSP and Subresource Integrity policy.
Download by defer/async, isolated domains, critical paths - without blocking third-party JS.
Personalization and tracking - perform on edge asynchronously, without affecting TTFB.

12) Antibot/antifraud on edge

Device fingerprint and velocity limits to the core.
Token binding (one-time tokens per form/operation), HMAC signature of the request.
Challenge-step (Turnstile/hCaptcha) only at increased risk; cache "trust" by IP/ASN/session.

13) Specifics of iGaming/Finance

Geo-compliance: blocking/redirecting by jurisdiction to edge (rules pages, Responsible Gaming).
PSP/KYC prioritization: edge routing to a "healthy" provider (smart-routing), individual TTL/weights to DNS for PSP domains.
Anti-abuse: limits on deposits/registrations/bonuses, taking into account velocity signals on the edge; all write operations are idempotent.
Data residency: personal data is not cached on the edge; PII headers are edited/deleted, TLS pinning to PSP is enabled.
CLO for "money" paths: stricter p95/p99, allocated quotas, individual alerts.

14) Architectural recipes

14. 1 "Fast Front"

HTML template and critical CSS on edge, data via 'stale-while-revalidate', heavy widgets are lazy.

14. 2 "The Way of Money"

Pre-auth + HMAC on edge, quick rule/limit checks, queuing, 202/OK response, subsequent webhook/polling; deadlines and hedging to PSP.

14. 3 "Catalogs/Games"

Directories/configs - global KV/edge cache; for regional price/age - compute-on-edge with local rules.

15) Performance and cost

Cache hit ≥ 95% for static and ≥ 70% for semi-dynamics (HTML fragments) - the target.
Reduce "cross-regional egress" through local PoPs and stale responses.
Tail-rules of tracing limit the volume of × 10- × 100 while maintaining valuable cases.
The QUIC protocol saves RTT, but keep the fallback on H2.

16) Prod Readiness Checklist

• HTTP/3/QUIC enabled; 0-RTT only for idempotent.
• Edge-workers: JWT/HMAC validation, geo-rules, feature-flags degradation.
• Cache strategy: keys, SWR, soft/hard TTL; origin-shield + warm-up.
• Hedging, deadline-propagation, adaptive concurrency, bulkheads.
• Timeouts/Retrays: backoff + jitter, idempotent repetitions only.
• RUM+synthetic; SLO by region/ASN; tail-sampling p99/errors.
• CSP/SRI and third-party script control; WAF/bot scoring on edge.
• For iGaming: geo-compliance, smart-routing PSP, write idempotency, no PII in cache.
• Runbooks: how to enable degradation/switch weight/roll back canary.
• Tests: latency under a loss of 1-3%, chaos-delays, rehearse-DNS failover.

17) TL; DR

Deliver logic as close as possible to the user (edge-workers + cache), talk on HTTP/3/QUIC, tightly control timeouts/deadlines, "cut tails" p99 hedging and bulkhead/priority. Critical paths - separate quotas and SLOs, all records - are idempotent. Observability - RUM + synthetic + tail-tracing. For iGaming - geo-compliance, smart-routing PSP/KYC, zero PII leakage on the perimeter and fast degradation modes.