How to Cut Cross‑Cloud Data Transfer Costs with CDN and LoongCollector

Background

Enterprises adopting multi‑cloud architectures need to collect observability data from different cloud providers into a single analysis platform. Outbound traffic fees on the source cloud (e.g., $0.09 / GB on AWS) make large‑scale log collection expensive.

Existing Approaches & Pain Points

Pure public network : Directly sending logs to Alibaba Cloud SLS public endpoint incurs high egress fees and suffers from packet loss or latency spikes.

Public network + SLS acceleration domain : Adds DCDN charges, resulting in double cost.

Cross‑cloud dedicated line : Requires large upfront investment, complex operation, limited elasticity, and long provisioning cycles.

Proposed Solution – LoongCollector + CDN

Combine the next‑generation LoongCollector agent with a CDN (e.g., AWS CloudFront) that acts as a traffic “jump‑pad”. The CDN forwards HTTP/HTTPS POST requests to the SLS write endpoint, leveraging the CDN’s lower outbound pricing and global edge nodes.

Key Benefits

≈10× higher throughput than comparable open‑source collectors while using ~50 % less CPU/memory.

Cost reduction of up to 70 % for 10 TB of data compared with direct public‑network transfer (EC2 egress vs. CloudFront egress pricing).

No dedicated line required; configuration is limited to a CloudFront distribution and a few JSON fields in LoongCollector.

Architecture Overview

The data flow consists of two logical planes:

Control plane (lightweight): LoongCollector pulls configuration from the SLS ConfigServer over the public Internet.

Data plane (high‑throughput): Log data is sent to a CloudFront domain, which forwards the request to the SLS write endpoint. SLS stores the data in the target project/logstore.

CloudFront Configuration

Disable caching for POST requests.

Forward all request headers except Host to the SLS endpoint.

Domain verification can be tested with a curl command; a successful response contains

{"Error":{"Code":"OLSInvalidMethod","Message":"The script name is invalid : /"}}

.

LoongCollector Configuration

{
  "primary_region": "cn-shanghai",
  "config_servers": ["https://logtail.cn-shanghai.log.aliyuncs.com"],
  "data_servers": [{
    "region": "cn-shanghai",
    "disable_subdomain": true,
    "endpoint_list": ["http://xxx.cloudfront.net"]
  }],
  "enable_host_ip_replace": false
}

Important settings: config_servers must use the public SLS domain format logtail.${region}.log.aliyuncs.com. data_servers contains a single endpoint pointing to the CloudFront domain; disable_subdomain disables sub‑domain forwarding. enable_host_ip_replace set to false to keep internal DNS resolution disabled.

Performance Test Results

In‑region tests (Korea EC2 → Korea SLS) with ~800 KB compressed packets showed that CloudFront latency is comparable to direct public access, while the CDN path maintained stable throughput and low packet loss.

Cost Analysis Example

EC2 provides 100 GB of free outbound traffic per month, but CloudFront’s egress price is lower than EC2’s. Transferring 10 TB of logs to an SLS endpoint in the US region via CloudFront reduces cost by roughly 70 % compared with direct public‑network transfer.

Limitations

LoongCollector version must be ≥ 3.3.0.

Currently only log data is supported; time‑series and host‑monitoring data are not yet available through the CDN path.

The feature is rolled out gradually by region; activation may require contacting SLS technical support.

References

LoongCollector repository: https://github.com/alibaba/loongcollector

AWS CloudFront documentation: https://docs.aws.amazon.com/cloudfront/

Alibaba Cloud SLS documentation: https://help.aliyun.com/zh/sls/