Video delivery guide
Video Streaming at the Edge: HLS/DASH Caching, Shielding and QoE
Streaming reliability is an end-to-end control problem: manifests direct playback, segments carry media, cache policy protects origin, and player QoE verifies the outcome.
On this page
An edge configuration cannot guarantee playback. HLS playlists and DASH MPDs direct a player to representations and segments; entitlement, DRM, origin packaging, CDN delivery, and player adaptation each contribute to the viewer outcome. Design each object type deliberately.
Overview
Outcome
Create cache, entitlement, shield, observability, and rollout contracts for VOD and live delivery that are tested against real player behaviour rather than only HTTP availability.
Separate mutable control objects from reusable media
Live manifests change frequently and must match player reload behaviour. Versioned VOD segments are usually stronger shared-cache candidates. Treat cache keys carefully: per-viewer tokens, high-cardinality headers, telemetry fields, and unnecessary query parameters can fragment segment reuse or expose an entitlement mistake.
- Player
Requests manifest and records startup, buffering, rendition, and error telemetry.
- Edge
Caches eligible manifests and segments, validates delivery access, and serves range requests.
- Shield
Consolidates eligible regional misses before the origin.
- Origin and licence
Packaging, media, and entitlement systems retain their authority.
The player obtains a manifest, selects a representation, requests segments, and may obtain a separate entitlement or DRM licence.
| Object | Policy question | Validation |
|---|---|---|
| Live manifest | How fresh must the next segment reference be? | Player sees timely, valid sequence and rendition list |
| VOD segment | Is URL versioned and public-equivalent? | Reuse reduces origin fetches without wrong rendition |
| Byte range | Does edge and origin agree on 206 behaviour? | Range, fallback, and malformed-range tests pass |
| Token or licence | Is it customer-specific or policy-bearing? | Never shared-cache the entitlement decision |
event=live-final manifest=freshness-approved segment=cacheable
shield=validated origin_headroom=confirmed token_path=private
QoE=startup-and-rebuffer baseline established
rollback=disable candidate route or restore known-good edge configUse shielding and ABR for their real jobs
A shield can consolidate compatible cache misses and reduce duplicate origin work; it can also add an internal hop, charges, and provider-specific edge-execution consequences. Measure it by object class. Adaptive bitrate logic belongs primarily to the player; edge responsibilities are consistent rendition availability, timely manifest delivery, safe caching, and a healthy origin path.
Keep entitlement and DRM boundaries explicit
Authentication identifies a requester. Entitlement decides whether that requester may access an event, title, geography, device, or concurrency allowance. DRM licence policy controls content keys and playback. Encrypted media does not itself decide business authorisation. Keep bearer tokens and subscriber identifiers out of cache keys, examples, and normal logs unless their exposure and fragmentation consequences are intentionally addressed.
Measure QoE beside edge evidence
Track edge and shield hit/miss, origin fetches, status by object type, segment timing, and range behaviour. Join that with player startup failures, startup time, rebuffering, bitrate switches, live latency, and licence failures by content, device, player version, ASN, geography, and event time. CMCD can improve request-to-player context where supported, but it is optional client-provided telemetry rather than ground truth.
Troubleshooting
Streaming delivery traps
- Applying one TTL to live manifests and versioned VOD segments.
- Assuming shielding removes all origin traffic or cures last-mile congestion.
- Treating DRM as entitlement or caching a personalised authorisation response.
- Promoting an edge change without player, device, geography, token, and range-request tests.
Related guides
Authoritative references
- RFC 8216: HTTP Live Streaming
- RFC 9110: HTTP Range Requests
- RFC 9111: HTTP Caching
- CTA WAVE Common Media Client Data
- W3C Encrypted Media Extensions
Test streaming delivery where viewers experience it
Optimi can help connect CDN, shield, origin, and player evidence before a live event or video delivery change reaches every viewer.
Review streaming delivery