Sunday, February 5, 2012

Handling a million requests is challenging

I recently watch a video on youtube from Omar Al Zabir, where he present lot of interesting fact and preventive step that can be taken
http://www.youtube.com/watch?v=wHdvL4irsiQ&

I gonna bring the summary here and more finding from my experience

  • Preventing DOS attacks.
We all know that DOS is famous attack and it is very easy to implement and which can be achieved sending 1000 of requests in constantly and webserv

er that handles the request goes out of threads and CPU usage hits max and webserver goes down.
So the way we can prevent this by implement a HttpModule and on OnInit event track the IP address of the requestor and terminate the connection as early as possible after reaching certain limit. (Response.End())

  • ASP.NET ProcessModel optimization.
Microsoft set the default values to


1. maxWorkerThreads = 20
2. maxIOThreads = 20
3. memoryLimit = 60

These values old and are give when CPU's Single Processors, so increasing these values will make webserver to handle more request will less CPU overhead.
so maxWorkerThreads and maxIOThreads can be increased to 100 and memoryLimit can also be increased.


  • ASP.NET pipeline optimization
There are set default httpModules in machineConfig that every request go through all these httpModules, which is unnecessary overhead.
so assuming some default these can be removed from our applica
tion web.config

1. windowsAuthentication
2. PasspostAuthentication
3. AnonymousIdentification
3. FileAuthorization
4. UrlAuthorization


eg: Preventing ASP.NET Large cookies on Static Pages


  • System.Net optimization
If there are any HttpWebRequest or WebClient (WCF) calls incr
ease the maxConnections limit which present in connectionmanagment configuration. By Default one IP can send only 2 concurrent requests.


  • Optimize the ASP.NET Profile and Membership provider.
When making request to the Profile or Membership tables could be expensive. We might need to reduce the isolation levels on the some dbo. stored procedures and all the columns not indexed. (Need more writing here.)

  • HTTP Compression
With IIS 7 provides the build-in compression available from the web.config. Add this to the web.config

<urlCompression doDynamicCompression="true" doStaticCompression="true" dynamicCompressionBeforeCache="true" />

  • Cache Static files
Browser will cache files such as images, stylesheets and script files. By letting the browser cache all these files means it doesn’t need to request them again for the duration of the cache period.


<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00"/>
</staticContent>
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)