High Traffic Firewall??
Feb 22, 2008What are your recommendations for a high quality, high traffic firewall. Something for a colo center for a webserver, that is not too expensive.
View 8 RepliesWhat are your recommendations for a high quality, high traffic firewall. Something for a colo center for a webserver, that is not too expensive.
View 8 RepliesWhat traffic monitor would everyone recommend for sites that have as many as 5,000 to 10,000 hits an hour?
View 8 Replies View Relatedas per apf firewall issue
Jul 17 02:03:02 duck kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:01:02:c9:94:20:00:90:69:8a:f3:f0:08:00 SRC=192.168.1.43 DST=192.168.1.220 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=40428 DF PROTO=TCP SPT=37079 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0 
i already added 192.168.1.43 ip in allow list.
tcp:in : d=3306 : s=192.168.1.43
d=3306 : s =192.168.1.43
tcp: out : d=3306 : s =192.168.1.43
# added 192.168.1.43 on 07/19/07 01:15:21
192.168.1.43
But ip is still blocking traffic while monitor mysql....
I just want to ask. my ISP told me my server is generating high traffic from outside and paste me their traffic log with 1 IP address (xx.xx.xx.xx)
They rebooted my server and the problem disappear but I need to check what has been going on and where do I start? The only information I have is the IP xx.xx.xx.xx
good switch to support 1Gbps in 3 servers and more in a future.
Maybe a Procurve 3400CL? I need a very stable switch.
It is important to a physical firewall too? If so what?
We currently have a website for our client developed on ASP.net with SQL
Its a straight forward web application with 2000 visitors per day
The traffic is going too heavy and its now at 130 GB per month
Our Queries :
Can we still have this site on a shared environment ?
If yes, suggest few providers offering high bandwidth
What other alternatives are there?
I own an anime linking site which you guessed it links to anime. I have around 10000 hits a day and would like a vps with litespeed since it's so much faster.
View 7 Replies View RelatedWhy did my inbound traffic jump? Any ideas what could be happening here? I have this server and do not upload anything on the server?
View 12 Replies View Relatedif anyone had any recommendations for what kind of specs I would need for my website which currently recieves approx 150,000 u/v a day. I don't use any databases and all files are basically simple html files. I use approximately 15,000 GB a month (it is a flash games website).
I currently use GoDaddy's dedicated server but I fear it may not be enough; here are my current specs:
Operating System: Red Hat Fedora Core 8
Processor: Intel Core 2 Quad - 2.83 GHz
RAM: 4 GB
RAID: None 
Bandwidth: 15000 GB
We're expecting a large spike in traffic (40k visits in one day) soon. We’re running on a very powerful server with CentOS & cPanel.
Is there any specific configuration we can setup to prepare for the large visitor spike? The website is very database and PHP intensive. We want to avoid any downtime.
which processor for an high traffic server?
DELL Xeon 3065 or Intel Dual Core E 2140 
We expect a site on one of our boxes to receive a significantly high level of traffic tomorrow as it is an event that will be covered and has already been covered by the press. The site operator expects > 100,000 hits a second.
It's a PHP page that pulls records from a database and lets people submit a form to insert a record. We have already put a caching script in place so that refreshing the page does not result in doing another database query.
The site was overloading a shared server, and we've moved it to one of our VPS boxes - it's the only VPS on the system at the moment. The box is a Quad Xeon 5410 with 4GB RAM with a 4 10K RPM drives in a RAID5 setup.
My dedicated server has only one site hosted in it, and we have a forum (SMF), but it seems that it cant handle the traffic on peek hours.
Dual Processor Dual Core Intel Woodcrest 5140
4 Total 2.33 GHz Cores
Dual 1333 MHz Front-side Bus (FSB)
4 MB Shared L2 Cache
8 GB 667 MHz FB-DIMM Memory (Fully Buffered)
2 x 250 GB SATA HD in Hardware RAID 1
I've talked with several people and all said that this server is enough to handle such traffic. So the problem might be on the forum software.
I've already installed eAccelerator and tweaked everything, but it still hangs when spikes occur.
Do you think that phpBB will handle such traffic better?
We've found out a abnormal usage of one of our servers, our RTG graphs shows:
Last 24h
IfInOctets: 30.5GB
MAX: 6.9MBits/s
AVG: 3.4Mbits/s
Cur: 4.7Mbits/s
And a strage traffic:
IfOutOctets: 42.5GB
MAX: 76.6MBits/s
AVG: 4.7Mbits/s
Cur: 600Kbits/s
We are running two websites on this server, and we looked at raw log apache, we've compilers disabled, we block most of outgoing / incoming packets on firewall, we ran chkrootkit, rkhunter and nothing was found. We checked for cronjobs, suspect files, netstat, but we can't see anything strange. We use the latest server software (apache 2.2.x), PHP 5.2.x, MySQL 4.1.x, we have most of the server optimized.
We are running iptraf now, and it seems normal:
„  Incoming rates:      85.8 kbytes/sec                                                                                                                                                                
„  Outgoing rates:     636.4 kbytes/sec                                                                                                                                           
Anyone have an idea? And some way to properly monitor incoming traffic? I'm looking to find how/where is the source of this traffic.
Is there any shared host which can easily drive a wordpress blog with 100,000-150,000 unique visitors every month? 
   
The blog in question has wp-supercache and is quite a bit tweaked and consumes roughly 30-50GB of bandwidth every month (with mod deflate enabled on server). My priorities are good uptime, fast servers and network (especially to India) and good customer support.
do you suggest verio for high traffic video site?
View 3 Replies View RelatedI have a blog that gets about 50,000 unique users a month and I'm looking for a host that would fit the bill. I'm using wordpress so that's obviously a requirement, but also I would like RoR support. Other than that I'm pretty open. My fear is just that I'll get relegated to a slow server or have my account suspended. My budget is really whatever I need to pay. I'd like to find something at $15 a month or under but I'm willing to pay up to $50 or more if need be.
I'm planning on growing the traffic more in the future so I'm not sure if I should just go for dedicated hosting now or wait. I've checked out hostgator and they seem to have good reviews and fit the bill well, I'm just not sure if they are suited for high traffic sites or not.
I am writing a financial statement for my business plan and like to know what numbers should I expect from the the host. If the potential traffic will reach 405,000 visitors a month what my requirements for the hosting company should be?
View 9 Replies View RelatedI have a client with a site (wordpress blog) that gets 10,000 + hits a day. I need to find him a dedicated managed server so that his site runs smoothly and also has no outages. I just received a quote from another host for his Managed Dedicated Servers. 
CPU1: Intel Xeon 5310 Clovertown (Quad Core)
CPU2: Intel Xeon 5310 Clovertown (Quad Core)
Total CPU Cores: Eight (8)
System RAM: 6144MB (6GB) DDR2 ECC Registered System RAM
Primary Hard Disk: 73GB Serial Attached SCSI (SAS) 15,000 RPM High-Performance Hard Disk
Second Hard Disk: 250GB SATA-II 7,200 RPM Hard Disk (nightly backup disk)
Data Transfer: 2000GB Premium Monthly Bandwidth (100Mbps uplinked port)
Operating System: CentOS Enterprise Linux 5 64-Bit (x86_64)
Control Panel License: cPanel / WHM + Fantastico Auto Installer$695 a month
He posts about 5-10 blogs a day too, so it's definitely a growing community website. He also has a forum with 6500 posts and 389 members.
Is this a reasonable price for a dedicated server? Would you recommend a different configuration of hardware that might make it cheaper? I would also like some examples of other sites on similar configurations if you have any, so that I can show my client what they use.
The server gets around 25k unique visitors per day, but one website in particular allows hotlinking and uses a lot of bandwidth.  Last time I checked...according to whm apache status page, I was getting 180 requests per second.  Not sure what time it was though.  So it might be higher at a different time of the day.
Recently got mod_evasive installed, but I didn't want it to block out legitimate users.  Currently it's set to this...
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600
</IfModule>
what a better configuration would be?  When I run the log I already see it block out a bunch of IP's.  I don't want to lose any visitors to this program, but I do get ddos a lot.
creating a setup that will host a site which is expected to receive 50-60K visitors in the first few hours after its launch. The site is membership based and the backend (member system) runs on PHP5-MySQL5. 
Here is what I have thought of until now.
Site's sales page (which also happens to be the first page that visitors hit) hosted with Amazon S3 service. All public media files are off loaded to amazon S3 service to keep the number of requests on the hosted setup to minimum.
At the front we can have a high performance firewall like Cisco ASA 5520 followed by two dedicated load balancers in Active/Active state.
Behind the load balancers we have 3 front end servers acting as web-servers. These have SAS disks, 4GB RAM, RAID 1 setup, Dual Xeon Quad core processors each.
Behind the front end servers - we have a dedicated load balancer for the database cluster.
The database cluster consists of 3 Storage/API nodes and one of the front end servers acts as the management node. Each storage node has 8GB RAM, Dual Xeon Quad core processors, 4x RAID 10, SAS setup.
The private network is on a GigaLan.
Do you see any possible/obvious flaw in this design or anything that should be added/subtracted from the setup?
We are considering a new dedicated server host for a set of 25 domains, about 5 of which are very high traffic (80 million clicks a day each). 
I am told that the biggest speed boost and performance comes from memory and fast hard disk. So I'm looking for at least a 16GB RAM and SCSI 10k 300GB hard disks. 
I am also told that PHP etc is okay, but MySQL is the one that hogs resources after a while. So for the database server I need a high end server. 
I like WHM/Cpanel so that should be alright. 
A lot of email alerts may be sent through our system (about 500,000 a day on a good day as there's user subscription to updates functionality) so we may need a separate mail server? 
My question: is the following config of 4 x quadcore Dunnington Intels be good enough for the above site? Can I run a database on this config for my kind of traffic or do I need a separate server too? 
Code:
   
Quad Processor Hex Core Intel 7450 - 2.40GHz (Dunnington) - 6 x 9MB (L2) 12MB (L3) cache 
Second Processor 
Hex Core Intel 7450 - 2.40GHz (Dunnington) - 6 x 9MB (L2) 12MB (L3) 
Third Processor 
Hex Core Intel 7450 - 2.40GHz (Dunnington) - 6 x 9MB (L2) 12MB (L3) cache 
Fourth Processor 
Hex Core Intel 7450 - 2.40GHz (Dunnington) - 6 x 9MB (L2) 12MB (L3) cache 
16 GB FB-DIMM Registered 533/667 
1000 Mbps public uplink 
1000 Mbps private uplink 
Disk Controller RAID 10 
HD1: 300GB SA-SCSI 10K RPM 
HD2: 300GB SA-SCSI 10K RPM 
HD3: 300GB SA-SCSI 10K RPM 
HD4: 300GB SA-SCSI 10K RPM 
CentOS 5 (32 bit)
My video sharing site has high traffic, alexa rate:3,000
My site has 2 servers to split the load. 2 servers share a mysql server. Using rrdns to load the balance.
Server A running mysql 5.0,lighttpd
Server B running lighttpd.
Server B connect to A's mysql database.
During peak time. B can not connect to A's mysql server. It says server not responding. But A still running fine.
When I check mysql log file.
/usr/libexec/mysqld: Forcing close of thread .....
And when run top, the load average is 20.
The spec of Server A
Intel(R) Xeon(TM) CPU 3.06GHz dual core.
2G Ram.
Here is the my.cnf
Quote:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
max_connections = 1000
wait_timeout=60
connect_timeout=10
interactive_timeout=120
join_buffer_size=1M
query_cache_size=128M
query_cache_limit=2M
max_allowed_packet=16M
table_cache=1024
sort_buffer_size=2M
read_buffer_size=2M
My question, do I need another maching C to run lighttpd, and just keep mysql on A.
Or I can do some mysql optimization on A.
Also, if my site keeps going, can I have 1 mysql server and 5 http servers?
hosting solution for 3 very high traffic blogs, all running on WordPress.
I have been researching dedicated and I came across a couple posts where people recommended Clustered hosting over Dedicated for better handling high traffic DB driven sites in the times of Digg or Slashdot frontpage exposure.
I would like your feedback, and your opinion on what to choose from the following options:
1. Netfirms Enterprise III (Clustered)
2. ResellerZoom Failover (Clustered)
3. LiquidWeb Dedicated Webmaster Series (Dedi w/ 2GB DDR and a 3Ghz Intel Hyperthreaded)
4. HiVelocity Dedicated (Dedi w/ Quad-Core Xeon 2.4GHz and 2GB DDR)
We just ordered a new Dell server and trying to decide which flavor of Linux to use. The server is going to be used exclusively for a MySQL 5 database.
The MySQL database is very large about 9 gigs, (GIS data), and will be hit quite hard.
I was looking at CentOS and Fedora.
Here is the server specs:
2 Intel Quad Core Xeon 5410 2.33GHZ
8 Gigs Ram
2 146GB 15000RPM SAS Drives In Raid 1
I'm working on launching this online store for a poster designer, and we're becoming more and more aware that we need a really robust and fast server.  This site is looking at extremely high levels of activity whenever this designer posts a new poster.  We're talking 1700 people surfing the store (downloading med-high resolution poster images) and 300 posters sold in 16 seconds kind of thing.
So, we need a really robust hosting, to work with PHP5 and MYSQL.
My previous go-to hosting provider was Lunarpages, but their customer service has gone down the crapper, and I've just about had it with them.  My main questions are:
Should I be looking into getting a dedicated server, or are there hosting companies that can handle this kind of traffic on a shared server?  I don't have experience administrating a server, so if we got a dedicated one we would have to pay the host to do at least some of the setup/administration, I would assume?
Dedicated server or not, what's a hosting company that has really good customer service, where we can be assured of getting somebody knowledgeable without having to wait on hold for 20 (or even 10) minutes?
When I deny all other traffic for the "System policy for incoming traffic" to secure the server by only allowing the explicit ports I've requested to open, my server stops operating correctly.
It appears when I set the "System policy for incoming traffic" to deny, it appears to be disrupting various functions such as web traffic over ports 80/443, FTP, SSH, they either work extremely slow or don't work at all.
I brought this up with my Plesk license provider and they stated that the Plesk firewall doesn't add any tracking for ephemeral ports, therefore if you set the policy to drop for incoming/outgoing, it's not going to allow proper TCP communication since the return socket can't be opened. Also that the firewall is an explicit deny system rather than explicit allow based system.
Am I doing something wrong? All I want to do is to block all ports other than the ones I've set to allow. Is this how it is supposed to work?
I don't know where to start. I need advice about how to setup a high performance firewall for data center. What big companies use? I suppose that they use Cisco or Juniper firewalls. But I have specific needs. I want to control that firewall with php program - to pass IPs witch can pass the firewall. I think that I have to store them in .txt file. So the firewall must read that file.
In my case I think that I need iptables + IPset or maybe nf-HiPAC? Or transparent proxy like squid or Haproxy?
I'm very confused about the software? The firewall must forward 10GBit of traffic and 60 000+ connections
I know someone is using the wget -r command on my server to recursively grab all files in a directory, I know their IP but I do not want to ban it completely, instead I was wondering is there a way to kill a connection if the bandwidth used by that connection gets too high?
I'm running CentOS 4
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With  hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking. 
I have a cPanel server with 4GB RAM
My server hangs time to time, once or twice a day. This is the last status when it happens.
Server Load    75.90 (2 cpus)
Memory Used    92 %
Swap Used    65.78 %
When I was still inside SSH when it happens, the processes I can see inside "top" are a lot of httpd processes.
So I "killall -9 httpd", I had to do it 30~40 times
#killall -9 httpd
#killall -9 httpd
#killall -9 httpd
x 30~40 times until no pid process found & the server load is back to normal.
Before that, I check httpd fullstatus, they look very normal, same goes to what I see inside WHM Apache status & cpu usage status.
At first I thought it was a memory problem after consulting with a server admin, so I replaced all 4GB new ram stick (such a waste)