Protect many websites on one VS from one recieving lots of traffic

Question

We will have a HTTP VS that will service approximately 1100 websites which are all subdomains of one site.  There will be 4 webservers in the pool and ordinarily traffic will be reasonable and well within the capabilities of the servers behind the VS.  Occasionally one subdomain will end up being slammed and could potentially drag down the performance of all 1100 sites.  We are a looking for a way to automatically or manually protect the 1099 sites from the 1.  Ideally we'd end up pushing 1099 sites off to 1 or 2 nodes and then the site under heavy traffic off to 2 or 3 of the four.&nbsp;
&nbsp;While the obvious solution is to "add more servers" because of how infrequently this happens its not an option.  The site maintainers are content with the fact that during periods of high traffic on one site that all clients will suffer.  They just want to protect the experience of the 1099 other sites that are not experiencing high traffic.&nbsp;
&nbsp;Any thoughts?  I can't imagine we're the first to face this kind of problem.&nbsp;
&nbsp;In a perfect world the highly loaded site would be segregated automatically but the other option would be some way for the server admins (who do not have access to the F5s) to alter the servers in some way that protects the low risk sites.  We do this a lot for things like server admin needs to drop a node from LB.  We just have them change the page that the F5 monitors so that it no longer appears up.  We could do something similar here.&nbsp;
&nbsp;Thanks in advance,
&nbsp;-Alan&nbsp;

hooleylist · Answer

Hi Alan, 
&nbsp;  
&nbsp; You could do some kind of iRule rate limiting on requests or sessions by hostname using subtables.  Spark wrote a great set of articles on using the table command to do counting in iRules.  And Hamish added an example of this to the Codeshare. 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/table 
&nbsp; http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/2375/v101--The-table-Command--The-Basics.aspx 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP_Session_Limit.html 
&nbsp;  
&nbsp; This would provide an automated way to throttle requests to one hostname and prevent it from affecting the other users. 
&nbsp;  
&nbsp; Aaron

alan_evans_1020 · Answer

Thanks for the Tip aaron.  I forgot about the table command since we've only just upgraded these LBs to 10.x. 
&nbsp;  
&nbsp; Which begs some details that I left out: 
&nbsp; Hardware: BIG-IP 1600 
&nbsp; OS: 10.2.1 HF3 (LTM only entitlement only) 
&nbsp;  
&nbsp; -Alan

Forum Discussion

Protect many websites on one VS from one recieving lots of traffic

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

L7 DoS Protection with NGINX App Protect DoS

Troubeshooting website connection

Beyond REST: Protecting GraphQL

Managing NGINX App Protect WAF for Beginners

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS