Can An 8 Node Raspberry Pi Cluster Web Server Survive Hackaday?

Plenty of folks have used their Raspberry Pi as a web server. [Steve] however is the first 8 node load balanced pi cluster server we’ve run into.  While we have seen pi clusters before, they’ve never been pressed into service as a public facing web server. [Steve] has created a really nice informative website about the Raspberry Pi, and Linux in general. As his page views have increased, he’s had to add nodes to the server. Currently [Steve] sees about 45,000 page views per month.

At first glance it would seem that the load balance system would be the weak link in the chain. However, [Steve] did realize that he needed more than an Pi to handle this task. He built the load balancer using an old PC with 512MB of RAM and a 2.7GHz x86 CPU. The most important thing about the balancer is dual network interfaces, one side facing the internet, the other facing the Pi cluster. The balancer isn’t a router though. Only HTTP requests are forwarded. The Pi nodes themselves live on their own sub net. Steve has run some basic testing with siege, however nothing beats a real world test. We figured a couple of links in from Hackaday would be enough to acid test the system.

Slowloris HTTP Denial Of Service

[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Update: Reader [Motoma] sent in a python implementation of slowloris called pyloris

[photo: cutebreak]

Microsoft’s Data Centers Growing By The Truckload

The growing demands of Microsoft’s core customers necessitate dramatic alterations in the way Microsoft’s data centers are set up. Before their server racks were replaced one at a time, Microsoft’s new solution to server management is to truck in servers in sealed shipping containers and set them up without even taking them out. If a core number of servers start to fail within the shipping container it is removed, returned to the manufacturer, and replaced. This strategy helps Microsoft manage the desires of its consumer base for search, video, photo services and other services provided under the Microsoft Online umbrella. Although Microsoft’s method of server management makes the process of running data centers more efficient, thereby saving costs and power, Microsoft still has to contend with old networking protocols. It’s counting on the industry to innovate in these areas.

[via Boing Boing]