Forgot your password?
typodupeerror
The Internet

Solutions to Ease the DDOS Trickle-Down Effect? 15

Posted by Cliff
from the snowballing-traffic dept.
dealsites asks: "Recently, The Electorial Vote website run by Andrew Tanenbaum was hit with a triple-threat. Not only was it Slashdotted, it was hit with a DDOS attack in conjunction with the busiest normal traffic day, due to the election. Netcraft has an article detailing the steps taken to mitigate the traffic. Andrew's host provider is also the provider of my site. I'm sure were are on separate servers, him a dedicated server and semi-dedicated hardware for myself, but I noticed dramatic slowdowns of my site during this triple-threat traffic onslaught to Andrew's site. Are there any techniques other than throwing more CPUs and bandwidth at the problem to remedy this type of situation? I'm sure I can't be the only one that has noticed this. Any comments on other similar stories?"
This discussion has been archived. No new comments can be posted.

Solutions to Ease the DDOS Trickle-Down Effect?

Comments Filter:
  • My favorite solution to this problem : Don't get your site posted on slashdot!

    Which, of course, I realize is a ridiculous statement, since it's usually both desirable, and out of your control. But still, its funny.
  • Nice. (Score:4, Funny)

    by Dibblah (645750) on Tuesday November 02, 2004 @09:38PM (#10706793)
    "Not only was it Slashdotted"... Twice. You evil, evil submitter.
  • Not to advertise (Score:5, Informative)

    by ebrandsberg (75344) on Tuesday November 02, 2004 @09:42PM (#10706813)
    But the company I work for provides products that help in situations like this, although pre-planning for such events is critical for surges like this to be handled cleanly. For anybody interested, check out http://www.netscaler.com/ [netscaler.com] for information. Some key things to look for:

    1) That your upstream provider has sufficient capacity to handle large surges in traffic to one part of their infrastructure
    2) If you expect to receive a large surge, to overprovision your upstream links
    3) Make sure to have a front-end device that can determine "legitimate" traffic from bad traffic such as syn floods, and deal with the capacity of the upstream links.
    4) Make sure you have the ability to cache hot content in case you max out your servers if you need too. You don't need to regenerate a page of voting information with every request if it only changes ever few minutes, cache it to reduce the server load.

    In many cases, people fail to insure they have enough bandwidth on their upstream connections, and then put firewalls on the other side of the connection. Firewalls will tend to die under a heavy syn flood, and if they don't if you don't have enough capacity, it won't help anyway.
    • Heh, I use to work for a web server admin shop, and about six months ago, we were considering going with a NetScaler product. We ended up going with something from F5 instead for entirely non-technical reasons.

      I have since moved on to smaller and less-important things (but in Germany, and with higher pay), so I'm not sure how well it worked out.
  • by stienman (51024) <adavis@ubasi c s .com> on Tuesday November 02, 2004 @09:43PM (#10706817) Homepage Journal
    From the main page of electoralvote2.com:

    All the servers appear to be under attack now, also DNS. I added another large multiprocessor but it doesn't seem to help much. I don't this is going to work. Sorry.

    The remainder have older messages on them - not sure how or if they are being automatically synced.

    Bummer, but kindof expected. Seems that he's using only one provider...

    -Adam
  • coral (Score:4, Insightful)

    by comwiz56 (447651) <comwiz@gmai[ ]om ['l.c' in gap]> on Tuesday November 02, 2004 @09:46PM (#10706833) Homepage
    auto redirect all hits to a coral cache

    and maybe slashdot could post coralized links the in the articles
  • File size (Score:5, Informative)

    by jm92956n (758515) on Tuesday November 02, 2004 @09:51PM (#10706851) Journal
    If you know you're about to get hit, minimize the graphics and streamline the code; this guy's got a page that's just over 30 kb (including graphics). Provided the page isn't generated dynamically, it shouldn't be too tough for a decent server to handle.

    Throw in some flash and a bunch of fancy images and you've got a recipe for disaster.
    • Re:File size (Score:4, Insightful)

      by Kris_J (10111) * on Tuesday November 02, 2004 @10:49PM (#10707172) Journal
      That PNG map is two thirds larger than it needs to be. Less than a minute with pngout [advsys.net] reduces it from 14,632 to 8,839. Also, it doesn't look like the page is being served gzipped. This can be done by creating a .gz copy and having the web server software hand out whatever the browser can handle, little or no cost to the CPU. All up, the site is probably serving 50% more traffic than it need serve.

One possible reason that things aren't going according to plan is that there never was a plan in the first place.

Working...