Forum Discussion

Alan_Evans_1020's avatar
Icon for Nimbostratus rankNimbostratus
Jun 21, 2011

Protect many websites on one VS from one recieving lots of traffic

We will have a HTTP VS that will service approximately 1100 websites which are all subdomains of one site. There will be 4 webservers in the pool and ordinarily traffic will be reasonable and well within the capabilities of the servers behind the VS. Occasionally one subdomain will end up being slammed and could potentially drag down the performance of all 1100 sites. We are a looking for a way to automatically or manually protect the 1099 sites from the 1. Ideally we'd end up pushing 1099 sites off to 1 or 2 nodes and then the site under heavy traffic off to 2 or 3 of the four.



While the obvious solution is to "add more servers" because of how infrequently this happens its not an option. The site maintainers are content with the fact that during periods of high traffic on one site that all clients will suffer. They just want to protect the experience of the 1099 other sites that are not experiencing high traffic.



Any thoughts? I can't imagine we're the first to face this kind of problem.



In a perfect world the highly loaded site would be segregated automatically but the other option would be some way for the server admins (who do not have access to the F5s) to alter the servers in some way that protects the low risk sites. We do this a lot for things like server admin needs to drop a node from LB. We just have them change the page that the F5 monitors so that it no longer appears up. We could do something similar here.



Thanks in advance,




2 Replies

  • Hi Alan,



    You could do some kind of iRule rate limiting on requests or sessions by hostname using subtables. Spark wrote a great set of articles on using the table command to do counting in iRules. And Hamish added an example of this to the Codeshare.







    This would provide an automated way to throttle requests to one hostname and prevent it from affecting the other users.



  • Thanks for the Tip aaron. I forgot about the table command since we've only just upgraded these LBs to 10.x.



    Which begs some details that I left out:


    Hardware: BIG-IP 1600


    OS: 10.2.1 HF3 (LTM only entitlement only)