Skip to main content
Baseten Delivery Network (BDN) reduces cold start times by mirroring your model weights to Baseten’s infrastructure and caching them close to your replicas. Instead of downloading hundreds of gigabytes from sources like Hugging Face, Amazon S3, or Google Cloud Storage on every scale-up, BDN mirrors weights once and serves them from multi-tier caches. Configure BDN using the weights key in your config. This works with both Model class deployments and custom Docker images.

Get started

Add weights to a new model

Custom servers

Use with vLLM, SGLang, and more

Migrate

Move from model_cache
BDN mirrors any supported source the same way. If your weights are only on local disk, bundle them with your Truss for small models, or push them to a private Hugging Face repository for large ones.

Quick start

Add a weights section to your config.yaml. The example highlights it inside a complete config; expand to see the full file:
config.yaml
BDN authenticates private or gated repos through this per-source auth block, which is separate from the top-level secrets config. A secrets entry alone does not authenticate weight mirroring. Create the secret (here, hf_access_token with your Hugging Face token) in your workspace settings, then reference it by name. Public sources need no auth.

Access weights in your model

When your model starts, weights are already downloaded and available at your mount_location. The directory structure from the source is preserved:
Load weights directly from this path in your load() method. No download code needed:
model.py
The mount is read-only. Weights are fetched during truss push and cached, so cold starts only read from local or nearby caches.

Custom servers

Custom Docker servers like vLLM and SGLang work directly with BDN. BDN pre-mounts files at mount_location before the container starts, so the start_command reads weights without a separate download step.
config.yaml
For complete worked examples, see Deploy LLMs with SGLang or Deploy LLMs with vLLM.

Configuration reference

weights

A list of weight sources to mount into your model container.
config.yaml
source
string
required
URI specifying where to fetch weights from. Supported schemes:
  • hf://: Hugging Face Hub.
  • bt://: Baseten Training.
  • s3://: AWS S3.
  • gs://: Google Cloud Storage.
  • r2://: Cloudflare R2.
  • cw://: CoreWeave AI Object Storage.
  • azure://: Azure Blob Storage.
For Hugging Face sources, specify a revision using @revision suffix (branch, tag, or commit SHA).
mount_location
string
required
Absolute path where weights will be mounted in your container. Must start with /.
auth
object
Authentication configuration for accessing private weight sources. See Source types and authentication for the expected format for each source type.
  • auth_method: The authentication method. Use CUSTOM_SECRET for secret-based auth, AWS_OIDC for AWS OIDC, or GCP_OIDC for GCP OIDC.
  • auth_secret_name: Name of a Baseten secret holding the credentials. Required when auth_method is CUSTOM_SECRET.
allow_patterns
string[]
File patterns to include. Uses Unix shell-style wildcards. Only matching files will be downloaded.
Patterns like *.safetensors only match files at the top level. Use **/*.safetensors to match files in subdirectories.
ignore_patterns
string[]
File patterns to exclude. Uses Unix shell-style wildcards. Matching files will be skipped.

Source types and authentication

For private weight sources, create a Baseten secret with the appropriate credentials. Manage secrets in your Baseten settings.

Hugging Face

Download weights from Hugging Face Hub repositories.
config.yaml
Format: hf://owner/repo@revision
  • owner/repo: The Hugging Face repository.
  • @revision: Branch, tag, or commit SHA.
Revision pinning: When you use a branch name like @main, Baseten resolves it to the specific commit SHA at deploy time and mirrors those exact files. Your deployment stays pinned to that version. Subsequent scale-ups won’t pick up new commits. To update to newer weights, push a new deployment.
Authentication: Hugging Face API token (plain text) Get your token from Hugging Face settings.

Baseten Training

Load weights from a Baseten Training checkpoint.
config.yaml
Format: bt://project[@revision][/checkpoint]
  • project: The name of your Baseten Training project.
  • @revision: Optional. A training job ID or latest. Defaults to latest.
  • /checkpoint: Optional. The checkpoint name within the training job. If omitted, uses the latest checkpoint.
Baseten automatically authenticates with your training project.

AWS S3

Download weights from a private S3 bucket.
If your model is small (a few GB or less), you can also bundle weights directly with your Truss instead of fetching them from a remote source.

Pick an auth method

AWS S3 supports two authentication paths, both first-class:
  • IAM credentials: Use this if you have an AWS access key pair and want the simplest setup. Skip ahead to the quick start.
  • AWS OIDC: Use this if you want short-lived, narrowly scoped tokens and are comfortable configuring an IAM trust policy in your AWS account. See AWS OIDC.

Quick start with IAM credentials

Use this path when you already have an AWS access key pair for an IAM user or role with read access to your bucket. To authenticate to S3 with IAM credentials:
  1. Create the secret in Baseten: in your secrets settings, add a secret named aws_credentials with this JSON value:
    Use these exact key names. Common variations like access_key_id (without the aws_ prefix) cause authentication failures.
  2. Reference the secret from your config.yaml:
    config.yaml
  3. Grant the IAM user the minimum required permissions on the bucket:
    The mirror lists objects under your prefix and downloads each file once. No write permissions are needed.
  4. Push the model. The first deploy mirrors weights to Baseten’s blob storage; subsequent deploys reuse the mirror unless the source or filters change.
For the full IAM credentials field reference, including optional fields, see IAM credentials. OIDC provides short-lived, narrowly scoped tokens for secure authentication without managing long-lived credentials. To authenticate to S3 with AWS OIDC:
  1. Configure AWS to trust the Baseten OIDC provider and create an IAM role with S3 permissions.
  2. Add the OIDC configuration to your config.yaml:
    config.yaml
No secrets needed. The aws_oidc_role_arn and aws_oidc_region are not sensitive and can be committed to your repository.
See the OIDC authentication guide for detailed setup instructions and best practices.

IAM credentials

config.yaml
Format: s3://bucket/path Authentication: JSON with AWS credentials Example secret value with all fields:
The required fields must use the exact names aws_access_key_id and aws_secret_access_key. Using access_key_id or secret_access_key (without the aws_ prefix) causes authentication failures.
For the minimum required IAM policy, see the quick start.

Google Cloud Storage

Download weights from a GCS bucket. GCP supports using either service accounts or OIDC for GCS authentication. OIDC provides short-lived, narrowly scoped tokens for secure authentication without managing long-lived credentials. To authenticate to GCS with GCP OIDC:
  1. Configure GCP Workload Identity to trust the Baseten OIDC provider and grant GCS permissions.
  2. Add the OIDC configuration to your config.yaml:
    config.yaml
No secrets needed. The service account and workload identity provider are not sensitive and can be committed to your repository.
See the OIDC authentication guide for detailed setup instructions and best practices.

Service account

config.yaml
Format: gs://bucket/path Authentication: GCP service account JSON key Download from GCP Console under IAM & Admin > Service Accounts.

Cloudflare R2

Download weights from a Cloudflare R2 bucket.
config.yaml
Format: r2://account_id.bucket/path
  • account_id: Your Cloudflare account ID.
  • bucket: R2 bucket name, separated from account_id by a period.
  • path: Path prefix within the bucket.
Authentication: JSON with R2 API credentials Get your R2 API tokens from the Cloudflare dashboard under R2 > Manage R2 API Tokens.

CoreWeave AI Object Storage

Download weights from CoreWeave AI Object Storage (CAIOS), an S3-compatible object store.
config.yaml
Format: cw://bucket/path
  • bucket: Your CoreWeave AI Object Storage bucket name.
  • path: Path prefix within the bucket.
Unlike R2, the CoreWeave URI has no account ID. Authentication: JSON with S3-style credentials aws_region is required. CoreWeave uses availability-zone-style regions such as US-EAST-04A. OIDC is not supported for CoreWeave sources; use a secret.

Azure Blob Storage

Download weights from Azure Blob Storage.
config.yaml
Format: azure://account/container/path
  • account: Your Azure storage account name.
  • container: Blob container name within the storage account.
  • path: Path prefix within the container. Optional.
Authentication: JSON with account key The account name comes from the URI, so the secret needs only account_key. Azure sources don’t support OIDC, and the secret is required even for public containers. Get your account key from the Azure portal under Security + networking > Access keys.

Best practices

Pin to specific commits

Avoid using branch names like @main in production. While Baseten pins to the commit SHA at deploy time, using @main means each new deployment may get different weights, making debugging and rollbacks difficult.
Always pin to a specific commit SHA for reproducible deployments:
config.yaml
To find the current commit SHA for a Hugging Face repo:
Terminal

Filter files with patterns

Only download what you need to minimize cold start time:
config.yaml
Patterns like *.safetensors only match files at the top level of the source. To match files in subdirectories, use **/*.safetensors.

Use absolute mount paths

The mount_location must be an absolute path (starting with /):
config.yaml

Keep mount locations unique

Each weight source must have a unique mount_location:
config.yaml

When weights are re-mirrored

Baseten caches weights based on a hash of their configuration and reuses cached weights when possible to avoid redundant downloads. Deduplication and mutation detection: Baseten deduplicates files based on their etag (a content hash), not just filename, and only re-mirrors files that have been mutated since the last pull. Unchanged files are reused from blob storage, even across deployments.

Weight access

A deployment reads only the weight sources it declares in its weights config. Caching and deduplication happen behind the scenes and never grant another deployment or organization access to your data. Private sources like S3, GCS, R2, CoreWeave, and Azure stay within your organization. Public sources like Hugging Face are already public, so Baseten can serve them from a shared cache across organizations. Changes that trigger re-mirroring: Changes that do NOT trigger re-mirroring:
To force a fresh download of weights that haven’t changed, modify the source to point to a specific commit SHA instead of a branch name, or add a trivial change to allow_patterns.

How it works

You own the source, and Baseten holds a mirror of it. On truss push, BDN reads your weights config, mirrors the files into Baseten’s secure blob storage, and writes a manifest of content hashes. Files are keyed by hash, so a file BDN already holds is never transferred again, and each deployment mounts only the files in its own manifest. Your truss push returns immediately. Mirroring runs in the background, and your model deploys to the workload plane only after mirroring completes, so weights are in place before your replica starts.

What happens on cold start

Baseten runs workload planes across regions and clusters, each with its own cache tiers. When a replica starts, weights flow from blob storage through the in-cluster cache and the node cache, then are mounted read-only. Each tier serves the one below it, so later replicas read from a warm cache instead of downloading again.

Key benefits

  • Non-blocking pushtruss push returns immediately; mirroring happens in the background.
  • One-time mirroring → Weights are mirrored to Baseten storage once, not on every cold start.
  • No upstream dependency at runtime → Once mirrored, scale-ups and inference never contact the original source.
  • Multi-tier caching → In-cluster cache prevents redundant downloads; node cache provides instant access for subsequent replicas.
  • Deduplication → Identical weight files are stored once and shared through hardlinks.
  • Parallel downloads → Large models download faster with concurrent chunk fetching.

BDN proxy

BDN proxy is available by request. Contact us to enable it for your organization.
If your model downloads weights in application code rather than using the weights config, BDN proxy can accelerate those downloads. When enabled, Baseten routes your model container’s outbound HTTP(S) requests through a distributed caching proxy that caches downloads across cluster nodes. Subsequent replicas and scale-ups serve from cache instead of re-downloading from the origin. BDN proxy is transparent. You don’t need to change your model code. Baseten sets the following environment variables on your container:
BDN proxy does not set HTTP_PROXY or HTTPS_PROXY. If your model code requires an explicit proxy, use the BDN_PROXY environment variable.

Troubleshooting

Migration from model_cache

model_cache is deprecated. Migrate to weights for faster cold starts through multi-tier caching.

Automated migration with truss migrate

The truss migrate CLI command automatically converts model_cache configurations:
Terminal
The command will:
  1. Show a colorized diff of the proposed changes.
  2. Prompt for confirmation before applying.
  3. Create a backup of your original config.yaml.
  4. Warn about any model.py path changes needed.

Manual migration reference

From model_cache to weights: Example migration:
config.yaml

Chains migration

For Truss Chains, update Assets.cached to Assets.weights in your Python code:
Key changes:
  • ModelRepoWeightsSource.
  • repo_id + revisionsource URI with @revision suffix.
  • volume_foldermount_location (must be absolute path).
  • runtime_secret_nameauth.auth_secret_name (inside an auth block with auth_method: CUSTOM_SECRET).
  • Remove use_volume and kind (inferred from URI scheme).

Custom server migration

When migrating an existing custom server deployment from model_cache to weights:
  1. Remove truss-transfer-cli from your start_command. Files are pre-mounted before the container starts.
  2. Update file paths from /app/model_cache/{volume_folder} to your new mount_location.
config.yaml
The Custom servers section shows the pattern for new deployments.

Automatic use with engine builders

Engine-builder deployments use BDN automatically. No weights block is required, and no configuration changes are needed when migrating an existing engine-builder deployment. Build artifacts are mirrored once and served from the same multi-tier caches described in How it works.

Next steps