The origin is the authoritative source the CDN pulls content from when a requested segment is not already cached at the edge. It holds (or generates) the canonical copy of every manifest and segment; the CDN sits in front of it and absorbs the vast majority of requests, so on a healthy platform the origin sees only cache misses — the first request for each object in each region.
An origin can be plain storage (an object store like S3 serving pre-packaged VOD segments) or an active service — a just-in-time packager that builds segments and manifests on the fly, or a live origin fed by the encoder. Just-in-time packaging trades compute for storage flexibility, letting one set of stored segments be repackaged into HLS, DASH, and different DRM on demand.
Because every cache miss lands here, the origin must be highly available and protected from request floods — which is exactly what origin shielding is for.
