What happened to Deals.Woot today?
Let's say your servers are humming along quite nicely.
Then let's say an enthusiastic community member joins the Woot Minions program over at http://www.woot.com/minions. And then let's say this enthusiastic member writes a little piece of software that uses the Deals.Woot RSS feeds to find the latest Moofi.Woot sale. And then let's say this enthusiastic members wants to be really, really sure their application has up to the millisecond accurate data so they start making data requests 10 times per second.
Then, let's say at 2am they send their software out to several thousands of their friends who start running this code... all at once. Your CPU graph would probably look something like this:
by
shawnmiller
asked a year ago
DOS by RSS - LOL.
Once I gave wrote and gave some end users some reporting tools.
They thought, "If a 30 second dashboard refresh is good then 1 second is better!"
Needless to say I now limit both refresh and connections. I thought you'd already done this to some degree in past woot-offs but I don't bother with them any more so I wouldn't know for sure.
Better to find it now in a non-malicious "attack" than later...
Ouch. So that's what happened. Sorry you had to get up so early.
Soooooo can I have that guy's spot in the program? I promise to only break your servers when someone else is on call ;-)
@zontor: I wish RSS was the only issue we had today. We have quite a bit of experience scaling out this type of traffic. To put it in perspective our http://api.woot.com/1/sales/current.rss feed is hit over a billion times on Woot-off days.
On Deals.Woot we cache RSS feeds for 30 seconds. In this case the RSS request was actually only a quarter of it. After the client downloaded the RSS feed it followed a link to the deal's detail page on Deals.Woot where it scraped the HTML for the "I want one" button and followed that link over to Moofi.Woot.
All that, 10 times per second, times several thousand of these clients distributed throughout the country... you get the idea.
@tygerdave: No, but if you've built a reponsible app that you've hooked into Woot Minions you should plug it here for reference.
Nice. I wish I could play with that kind of volume - it would be a great learning experience.
The volumes I worry about are on a much smaller scale and impact an Avaya switch...
@shawnmiller: "your CPU graph would probably look something like this:"
Is that your CPU graph or your EKG? I have to say, that app does a fair impersonation of tachycardia...
@shawnmiller: Now that things have calmed down, and you've had a chance to kick back and have a beer (or soda, or whatever your drink of choice is), I'm curious about a couple of things.
How long did it take you (or the team) to identify the problem, and then to identify the specific minion causing it? Do we know the minion (no, I don't expect you to tell us who, I'm asking if it's someone who was active here on Deals already)? I expect you've now got things in place to prevent this. Is it more like traffic shaping, or something else?
Boy, I'm glad this didn't happen on a weekend (and I'm sure you are too).
@dosquatch: You're right, that does look like an EKG. Where's the defibrillator when you need one?
Beep..... Beep..... Beep..... Beep..... Beep..... Beep.... Beep.... Beep....
Beep.... Beep... Beep... Beep... Beep... Beep... Beep.. Beep.. Beep.. Beep.. Beep.. Beep. Beep. Beep. Beep. Beep. Beep. Beep. Beep. Beep Beep Beep Beep Beep Beep Beep Beep Beep Beeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeep.
-
I want to know what sort of retribution was made against the mindless minion.
Tortured by Screaming Monkeys perhaps? Or maybe you sent the Roombas after him?
@lavikinga: And the kitties that ride on the Roombas!
@lavikinga: Hmmm, that would explain why they haven't been showing up as deals recently... and the recent string of inane, angry questioners on AtC... OMG, D.W IS BUILDING THE DALEK ARMY!!!!
Where's the Doctor?!?
@dosquatch: I wonder if they'd be...what was the word? Ungry?
@lavikinga: haha nice
@dosquatch: I have a doctor! Tom Baker! (You never forget your first doctor, you know.)
@shawnmiller: Forgive me if I sound overly suspicious, but is there any likelihood this was actually an intentional attack? I'm pretty ignorant on tech stuff, but it seems as if someone bright enough to write his original little RSS software should have been bright enough to foresee potential problems. And who has several thousand friends? Or was it just a case of "bright but clueless" instead?
@magic cave: We are confident that it was not malicious or intentional.
@zontor: Hahaha awesome. I surplussed an Avaya switch last week. My boss scoffed at me when I brought it into the office.
The older switches can be had for next to nothing. Between VOIP and Astrix it's killing them off. Telephony is still worth knowing -- to many it's a black art.
I earn extra cash working on offices small Avaya/Nortel/NEC PBX systems on the side. Even an old PBX is still a pretty cool piece of equipment because they just work. Period. The licensing is what kills you -- many of the older systems are running stuff from the mid/late 90's. Still works for their needs though. Just have to work around the 'issues...'
@josefresno: Thank you for your prompt reply (and forgive me for losing the entire note-stream for several hours).
I used to have a job in which it was useful for survival to be on a first-name basis with the "hazardous-device disposal technicians," aka bomb-squad guys; suspicion occasionally rises up in me when it needn't.
@zontor: Thats awesome. Good to know. I'm really just getting my foot in the door in the Networking world. I've been working under some Network Analysts as a Tech assistant for 7 months part time while doing college full time. But I love my job and I'm learning a lot. They use Cisco and Extreme though.
Stats
- Asked
- a year ago
- Asked By
- shawnmiller
- Answered
- 21 times
- Viewed
- 2822 times
- Voted Against
- 0 times
- Voted For
- 45 times
21 Answers answer
Sort By: