SlideShare a Scribd company logo

Scaling asp.net websites to millions of users

Download as PPTX, PDF
O
oazabir

Scaling ASP.NET websites from thousands of users to millio

Technology
1 of 35
Scaling ASP.NET websites from thousands to millions of users Lessons learnt from scaling Web 2.0 apps to millions of users Omar AL Zabir Chief Architect, SaaS Platform, BT omaralzabir.com omaralzabir@gmail.com Twitter.com/omaralzabir Book “Building Web 2.0 portal using ASP.NET 3.5” from O‟Reilly
How to blow up a website  Get some super fast fiber broadband connection.  Run this on couple of quad core desktops: for (int j = 0; j < 100; j ++) { for (int i = 0; i < 100; i ++) { var client = new WebClient(); client.DownloadStringAsync( new Uri("http://www.microsoft.com/MISReport.aspx"); } Thread.Sleep(500); }
Prevent App Level DOS attack  Application Level DOS attacks are attempts to hit your expensive pages too frequently so that you have 100% CPU and your site goes down. For ex, hitting some expensive Report page continuously.  You can run out of ASP.NET Threads and stop responding completely to any request.  I‟m not talking about Network level DOS attacks like TCP SYN flood or DDOS attacks that hardware firewalls can prevent.  Firewalls don‟t block legitimate requests.
Prevent App level DOS attacks  Protect only expensive pages. Pages that are unlikely to get hit too many times within a short duration.  Build a HttpModule and hook on OnInit event.  Store which IP is making how many number of hits in last 10 minutes. Store the table in some in-memory cache.  If the threshold has exceeded, stop responding to that IP. Call Response.End()  Solution is here: http://tinyurl.com/omarDOS IP Hits in last 10 mins 128.0.0.1 500 128.0.0.2 345
ASP.NET ProcessModel Optimization  ASP.NET ProcessModel Defaults  maxWorkerThreads = 20  maxIOThreads = 20  memoryLimit = 60  Nowadays, servers are way too powerful. You don‟t need to be conservative.  Change default process model setting in machine.config to make best use of CPU power.
ASP.NET Pipeline Optimization  Default ASP.NET Pipeline has several components that intercept each and every request. Thus they add extra processing overhead on every request.  Multiply the overhead by hundreds of requests per second – you get a significant overhead.
ASP.NET Pipeline Optimization  Remove what you don‟t need.  If you are using Forms Authentication, SQL Server storage, no web.config based role based permission then you can remove most of them:
Prevent large ASP.NET cookies on static content  Each and every request, even static files, get the ASP.NET cookies sent.  517 bytes of worthless data per request.  Avg pages have 40 resources. 40 x 517 = 20 KB.  1M page view = 20 GB of data upload to server. Cookie: .DBANON=w3kYczsH8Wvzs6MgryS4JYEF0N-8ZR6aLRSTU9KwVaGa ydD6WwUHD7X9tN8vBgjgzKf3r3SJHusTYFjU85yYfnunyCeuExcZs8 95JK9Fk1HS68ksGwm3QpxnRZvpDBAfJKEUKee2OTlND0gi43qwwtI PLeY1; ASP.NET_SessionId=bmnbp155wilotk45gjhitoqg; .DBAUTH 12=2A848A8C200CB0E8E05C6EBA8059A0DBA228FC5F6EDD2940 1C249D237812344C15B3C5C57D6B776037FAA8F14017880E57B DC14A7963C58B0A0B30229AF0123A6DF56601D814E75525E7DC A9AD4A0EF200832B39A1F35A5111092F0805B0A8CD3D2FD5E3A B6176893D86AFBEB68F7EA42BE61E89537DEAA3279F3B576D0C 44BA00B9FA1D9DD3EE985F37B0A5A134ADC0EA9C548D
Prevent ASP.NET cookies on static content  Setup a new website in IIS, map to the same code folder.  Map static.yoursite.com host header to that website.  Prefix all css, js, image links with http://static.yoursite.com/  Add a Global.asax‟s EndResponse event on the new website. HttpContext context = HttpContext.Current; if (context.Request.Url.Host == “static.yoursite.com”) { List<string> cookiesToClear = new List<string>(); foreach (string cookieName in context.Request.Cookies) { HttpCookie cookie = context.Request.Cookies[cookieName]; cookiesToClear.Add(cookie.Name); } foreach (string name in cookiesToClear) { HttpCookie cookie = new HttpCookie(name, string.Empty); cookie.Expires = DateTime.Today.AddYears(-1); context.Response.Cookies.Set(cookie);
System.net optimization  If you are using HttpWebRequest or WebClient or any other TCP/IP operation, increase the max connection limit.  Default is 2 per IP.  WCF service calls are limited by this setting.  Unless you suspect rogue clients, set some reasonably high number on webservers, but moderate number on desktop clients.
System.net default setting is suboptimal Bottleneck Max 2 concurrent calls
ASP.NET Profile Provider  Anonymous Provider creates one anonymous user in database on every first hit to Profile object‟s Custom properties:  The SP aspnet_Profile_GetProperties gets called when you access Profile object for first time in a request. And this SP is slooooooooow!
ASP.NET Profile Provider  The slow SP that gets fired when you access custom Profile properties: CREATE PROCEDURE [dbo].[ aspnet_Profile_GetProperties] @ApplicationName nvarchar(256), @UserId … AS BEGIN DECLARE @ApplicationId uniqueidentifier SELECT @ApplicationId = NULL SELECT @ApplicationId = ApplicationId FROM dbo.aspnet_Applications WHERE LOWER(@ApplicationName) = LoweredApplicationName … … … IF (@@ROWCOUNT > 0) BEGIN UPDATE dbo.aspnet_Users SET LastActivityDate=@CurrentTimeUtc WHERE UserId = @UserId END END
ASP.NET Profile Provider  The slow SP‟s execution plan
ASP.NET Profile Provider  Don‟t update LastActivityDate when Profile object is loaded. Do it only when Profile object is updated.  Update once every hour or so. If LastActivityDate < DateTime.Now.AddHours(-1) then update. No need to do per request or too frequently.  Hard code the Application ID to avoid one lookup inside the SP.  tinyurl.com/omarGetProp
ASP.NET Membership  ASP.NET Membership Provider Stored Procs use default transaction isolation level, which is Serializable. Transaction (Process ID ##) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. Timeout Expired. The Timeout Period Elapsed Prior To Completion Of The Operation Or The Server Is Not Responding. ALTER PROCEDURE [dbo].[aspnet_Profile_GetProperties] @ApplicationName nvarchar(256), @UserName nvarchar(256), @CurrentTimeUtc datetime AS BEGIN SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;
ASP.NET Membership Query  Common queries that brings down hell:  Select * from aspnet_users where UserName = „blabla‟  Select * from aspnet_membership where Email = “someone@somewhere.com”  What‟s wrong with these queries?
ASP.NET Membership Queries  Let's look at the indexes:  Table: aspnet_users  Clustered Index = ApplicationID, LoweredUserName  NonClustered Index = ApplicationID, LastActivityDate  Primary Key = UserID  Table: aspnet_membership  Clustered Index = ApplicationID, LoweredEmail  NonClustered = UserID  Table: aspnet_Profile  Clustered Index = UserID  DO NOT use Email or UserName fields in WHERE clause. They are not part of the index instead LoweredUserName and LoweredEmail fields are in conjunction with ApplicationID field. All queries must have ApplicationID in the WHERE clause.
A love story  .NET 3.0 was released, woohoo! WCF! Lambda Expressions!! Linq to SQL!!!  Upgraded to .NET 3.0, top to bottom.  Major deployment over the weekend.  Monday 9 AM, peak traffic.  No response from site.
~100% on all web servers
Linq to SQL is not suitable for high volume web applications  Linq to SQL is not optimized for web application.  No disconnected entity support.  Entities are not serializable.  Linq to sql expressions consume high CPU when compiled to SQL. var query = from widget in dc.Widgets where widget.ID == id && widget.PageID == pageId select widget; var widget = query.SingleOrDefault();
How bad Linq to SQL is? Source: JD Conley‟s blog
Fixing Linq to SQL  Convert all queries to Compiled Queries.  tinyurl.com/omarLINQ
Linq to SQL transaction deadlocks  Large table, high read and medium write, causes query timeouts, high locks, transaction deadlock because of SERIALIZATION isolation level. Transaction (Process ID ##) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. Timeout Expired. The Timeout Period Elapsed Prior To Completion Of The Operation Or The Server Is Not Responding. using (var db = new YourDataContext2()) { db.Connection.Open(); db.ExecuteCommand("SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;"); var user = db.aspnet_Users.First(); var pages = user.Pages.ToList(); }
Linq to SQL transaction deadlocks  Connection does not close!  Bug in Data Context code.  Solution is to override the Dispose. class YourDataContext2 : YourDataContext, IDisposable { public new void Dispose() { if (base.Connection != null) if (base.Connection.State != System.Data.ConnectionState.Closed) { base.Connection.Close(); base.Connection.Dispose(); } base.Dispose(); } }
Content Delivery Network (CDN)  CDN cache and deliver content from their servers that are closest to users‟ computers. The closer servers are to end user, the shorter roundtrip time for every request. For ex, Akamai has servers almost every city in the world.  Content from CDN nodes get served faster with lower latency than coming from your servers.  CDN Nodes have better caching and compression algorithms.  CDN nodes can offload your server and network from delivering static files. Thus better throughput for dynamic content.
Content Delivery Network 0.7 sec Washington, DC 2.2 sec Australia
Without CDN www.yoursite.com
How CDN works static.yoursite.com www.yoursite.com
Two types of CDN  Static – you upload the files to CDN and they give you an URL. E.g. yoursite.cachefly.net/logo.gif  Dynamic – Host your dynamic application behind the CDN. For ex, Edgecast and Panther Express.  Very cheap - $0.2/GB
How Dynamic CDN works www.yoursite.com
How Dynamic CDN works www.yoursite.com Static content cached, Compressed automatically
How Dynamic CDN works www.yoursite.com Static content cached, Compressed automatically
13 disasters for production websites 1. Faulty hard drive supplied by supplier, data corruption within weeks. 2. Controller malfunctions and corrupts all disks in the same controller. 3. RAID malfunction. 4. CPU overheated and burned out. 5. Firewall went down. 6. Remote Desktop stopped working after a patch installation. 7. Remote Desktop max connection exceeded. Cannot login anymore to servers. 8. Database got corrupted while we were moving the production database from one server to another over the network. 9. One developer deleted the production database accidentally while doing routine work. 10. Support crew at hosting service formatted our running production server instead of a corrupted server that we asked to format. 11. Windows got corrupted and was not working until we reinstalled. 12. DNS goes down. Don’t get domain from GoDaddy. 13. Internet backbone goes down in different part of the world. http://tinyurl.com/omar13
Conclusion  ASP.NET out of the box, does not scale for millions of hits.  Must make the hacks at code, database and configuration level to get it to scale.  That‟s reality for any technology, not ASP.NET specific.

Recommended

JavaScript JQUERY AJAX
JavaScript JQUERY AJAXJavaScript JQUERY AJAX
JavaScript JQUERY AJAXMakarand Bhatambarekar
 
Pentesting Modern Web Apps: A Primer
Pentesting Modern Web Apps: A PrimerPentesting Modern Web Apps: A Primer
Pentesting Modern Web Apps: A PrimerBrian Hysell
 
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Mario Heiderich
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
Introduction XSS
Introduction XSSIntroduction XSS
Introduction XSSAymeric Lagier
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code HardeningOdoo
 

Recommended

JavaScript JQUERY AJAX
JavaScript JQUERY AJAXJavaScript JQUERY AJAX
JavaScript JQUERY AJAXMakarand Bhatambarekar
 
Pentesting Modern Web Apps: A Primer
Pentesting Modern Web Apps: A PrimerPentesting Modern Web Apps: A Primer
Pentesting Modern Web Apps: A PrimerBrian Hysell
 
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Mario Heiderich
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
Introduction XSS
Introduction XSSIntroduction XSS
Introduction XSSAymeric Lagier
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code HardeningOdoo
 
Lecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementLecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementFahad Golra
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassCODE WHITE GmbH
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMongoDB
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da HoodMichel Schudel
 
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitPaula Januszkiewicz
 
Sphinx autodoc - automated api documentation - PyCon.KR 2015
Sphinx autodoc - automated api documentation - PyCon.KR 2015Sphinx autodoc - automated api documentation - PyCon.KR 2015
Sphinx autodoc - automated api documentation - PyCon.KR 2015Takayuki Shimizukawa
 
Json in Postgres - the Roadmap
Json in Postgres - the Roadmap Json in Postgres - the Roadmap
Json in Postgres - the RoadmapEDB
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0Mario Heiderich
 
Nodejs
NodejsNodejs
NodejsPrem Sanil
 
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스NAVER D2
 
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾Freddy Fan
 
MongoDB
MongoDBMongoDB
MongoDBnikhil2807
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
 
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...joaomatosf_
 
Django Framework and Application Structure
Django Framework and Application StructureDjango Framework and Application Structure
Django Framework and Application StructureSEONGTAEK OH
 
Building layers of defense for your application
Building layers of defense for your applicationBuilding layers of defense for your application
Building layers of defense for your applicationVMware Tanzu
 
Remote code-with-expression-language-injection
Remote code-with-expression-language-injectionRemote code-with-expression-language-injection
Remote code-with-expression-language-injectionMickey Jack
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance TuningPuneet Behl
 
10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websitesoazabir
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsSarvesh Kushwaha
 

More Related Content

What's hot

Lecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementLecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementFahad Golra
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassCODE WHITE GmbH
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMongoDB
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da HoodMichel Schudel
 
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitPaula Januszkiewicz
 
Sphinx autodoc - automated api documentation - PyCon.KR 2015
Sphinx autodoc - automated api documentation - PyCon.KR 2015Sphinx autodoc - automated api documentation - PyCon.KR 2015
Sphinx autodoc - automated api documentation - PyCon.KR 2015Takayuki Shimizukawa
 
Json in Postgres - the Roadmap
Json in Postgres - the Roadmap Json in Postgres - the Roadmap
Json in Postgres - the RoadmapEDB
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0Mario Heiderich
 
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스NAVER D2
 
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾Freddy Fan
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
 
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...joaomatosf_
 
Django Framework and Application Structure
Django Framework and Application StructureDjango Framework and Application Structure
Django Framework and Application StructureSEONGTAEK OH
 
Building layers of defense for your application
Building layers of defense for your applicationBuilding layers of defense for your application
Building layers of defense for your applicationVMware Tanzu
 
Remote code-with-expression-language-injection
Remote code-with-expression-language-injectionRemote code-with-expression-language-injection
Remote code-with-expression-language-injectionMickey Jack
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance TuningPuneet Behl
 

What's hot (20)

Lecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementLecture 3: Servlets - Session Management
Lecture 3: Servlets - Session Management
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da Hood
 
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
 
Sphinx autodoc - automated api documentation - PyCon.KR 2015
Sphinx autodoc - automated api documentation - PyCon.KR 2015Sphinx autodoc - automated api documentation - PyCon.KR 2015
Sphinx autodoc - automated api documentation - PyCon.KR 2015
 
Json in Postgres - the Roadmap
Json in Postgres - the Roadmap Json in Postgres - the Roadmap
Json in Postgres - the Roadmap
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT Exploitation
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0
 
Nodejs
NodejsNodejs
Nodejs
 
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
 
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
2019 Modernweb 使用 Pentaho Kettle ETL 做系統資料後盾
 
MongoDB
MongoDBMongoDB
MongoDB
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities
 
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine (J...
 
Django Framework and Application Structure
Django Framework and Application StructureDjango Framework and Application Structure
Django Framework and Application Structure
 
Building layers of defense for your application
Building layers of defense for your applicationBuilding layers of defense for your application
Building layers of defense for your application
 
Remote code-with-expression-language-injection
Remote code-with-expression-language-injectionRemote code-with-expression-language-injection
Remote code-with-expression-language-injection
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance Tuning
 

Similar to Scaling asp.net websites to millions of users

10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websitesoazabir
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsSarvesh Kushwaha
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaYevgeniy Brikman
 
ASP.NET MVC Performance
ASP.NET MVC PerformanceASP.NET MVC Performance
ASP.NET MVC Performancerudib
 
How to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWSHow to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWSDenis Gundarev
 
Clug 2011 March web server optimisation
Clug 2011 March web server optimisationClug 2011 March web server optimisation
Clug 2011 March web server optimisationgrooverdan
 
Introduce about Nodejs - duyetdev.com
Introduce about Nodejs - duyetdev.comIntroduce about Nodejs - duyetdev.com
Introduce about Nodejs - duyetdev.comVan-Duyet Le
 
Apache Samza 1.0 - What's New, What's Next
Apache Samza 1.0 - What's New, What's NextApache Samza 1.0 - What's New, What's Next
Apache Samza 1.0 - What's New, What's NextPrateek Maheshwari
 
Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)Visug
 
Sherlock Homepage - A detective story about running large web services (VISUG...
Sherlock Homepage - A detective story about running large web services (VISUG...Sherlock Homepage - A detective story about running large web services (VISUG...
Sherlock Homepage - A detective story about running large web services (VISUG...Maarten Balliauw
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Maarten Balliauw
 
Bt0083 server side programing
Bt0083 server side programing Bt0083 server side programing
Bt0083 server side programing Techglyphs
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performanceEngine Yard
 
Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Maarten Balliauw
 
C sharp and asp.net interview questions
C sharp and asp.net interview questionsC sharp and asp.net interview questions
C sharp and asp.net interview questionsAkhil Mittal
 

Similar to Scaling asp.net websites to millions of users (20)

10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC Applications
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and Scala
 
PPT
PPTPPT
PPT
 
ASP.NET MVC Performance
ASP.NET MVC PerformanceASP.NET MVC Performance
ASP.NET MVC Performance
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
How to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWSHow to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWS
 
Practical OData
Practical ODataPractical OData
Practical OData
 
Clug 2011 March web server optimisation
Clug 2011 March web server optimisationClug 2011 March web server optimisation
Clug 2011 March web server optimisation
 
Web Security
Web SecurityWeb Security
Web Security
 
Introduce about Nodejs - duyetdev.com
Introduce about Nodejs - duyetdev.comIntroduce about Nodejs - duyetdev.com
Introduce about Nodejs - duyetdev.com
 
Apache Samza 1.0 - What's New, What's Next
Apache Samza 1.0 - What's New, What's NextApache Samza 1.0 - What's New, What's Next
Apache Samza 1.0 - What's New, What's Next
 
Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)Sherlock Homepage (Maarten Balliauw)
Sherlock Homepage (Maarten Balliauw)
 
Sherlock Homepage - A detective story about running large web services (VISUG...
Sherlock Homepage - A detective story about running large web services (VISUG...Sherlock Homepage - A detective story about running large web services (VISUG...
Sherlock Homepage - A detective story about running large web services (VISUG...
 
AD102 - Break out of the Box
AD102 - Break out of the BoxAD102 - Break out of the Box
AD102 - Break out of the Box
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...
 
Bt0083 server side programing
Bt0083 server side programing Bt0083 server side programing
Bt0083 server side programing
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performance
 
Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...
 
C sharp and asp.net interview questions
C sharp and asp.net interview questionsC sharp and asp.net interview questions
C sharp and asp.net interview questions
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Scaling asp.net websites to millions of users

  • 1. Scaling ASP.NET websites from thousands to millions of users Lessons learnt from scaling Web 2.0 apps to millions of users Omar AL Zabir Chief Architect, SaaS Platform, BT omaralzabir.com omaralzabir@gmail.com Twitter.com/omaralzabir Book “Building Web 2.0 portal using ASP.NET 3.5” from O‟Reilly
  • 2. How to blow up a website  Get some super fast fiber broadband connection.  Run this on couple of quad core desktops: for (int j = 0; j < 100; j ++) { for (int i = 0; i < 100; i ++) { var client = new WebClient(); client.DownloadStringAsync( new Uri("http://www.microsoft.com/MISReport.aspx"); } Thread.Sleep(500); }
  • 3. Prevent App Level DOS attack  Application Level DOS attacks are attempts to hit your expensive pages too frequently so that you have 100% CPU and your site goes down. For ex, hitting some expensive Report page continuously.  You can run out of ASP.NET Threads and stop responding completely to any request.  I‟m not talking about Network level DOS attacks like TCP SYN flood or DDOS attacks that hardware firewalls can prevent.  Firewalls don‟t block legitimate requests.
  • 4. Prevent App level DOS attacks  Protect only expensive pages. Pages that are unlikely to get hit too many times within a short duration.  Build a HttpModule and hook on OnInit event.  Store which IP is making how many number of hits in last 10 minutes. Store the table in some in-memory cache.  If the threshold has exceeded, stop responding to that IP. Call Response.End()  Solution is here: http://tinyurl.com/omarDOS IP Hits in last 10 mins 128.0.0.1 500 128.0.0.2 345
  • 5. ASP.NET ProcessModel Optimization  ASP.NET ProcessModel Defaults  maxWorkerThreads = 20  maxIOThreads = 20  memoryLimit = 60  Nowadays, servers are way too powerful. You don‟t need to be conservative.  Change default process model setting in machine.config to make best use of CPU power.
  • 6. ASP.NET Pipeline Optimization  Default ASP.NET Pipeline has several components that intercept each and every request. Thus they add extra processing overhead on every request.  Multiply the overhead by hundreds of requests per second – you get a significant overhead.
  • 7. ASP.NET Pipeline Optimization  Remove what you don‟t need.  If you are using Forms Authentication, SQL Server storage, no web.config based role based permission then you can remove most of them:
  • 8. Prevent large ASP.NET cookies on static content  Each and every request, even static files, get the ASP.NET cookies sent.  517 bytes of worthless data per request.  Avg pages have 40 resources. 40 x 517 = 20 KB.  1M page view = 20 GB of data upload to server. Cookie: .DBANON=w3kYczsH8Wvzs6MgryS4JYEF0N-8ZR6aLRSTU9KwVaGa ydD6WwUHD7X9tN8vBgjgzKf3r3SJHusTYFjU85yYfnunyCeuExcZs8 95JK9Fk1HS68ksGwm3QpxnRZvpDBAfJKEUKee2OTlND0gi43qwwtI PLeY1; ASP.NET_SessionId=bmnbp155wilotk45gjhitoqg; .DBAUTH 12=2A848A8C200CB0E8E05C6EBA8059A0DBA228FC5F6EDD2940 1C249D237812344C15B3C5C57D6B776037FAA8F14017880E57B DC14A7963C58B0A0B30229AF0123A6DF56601D814E75525E7DC A9AD4A0EF200832B39A1F35A5111092F0805B0A8CD3D2FD5E3A B6176893D86AFBEB68F7EA42BE61E89537DEAA3279F3B576D0C 44BA00B9FA1D9DD3EE985F37B0A5A134ADC0EA9C548D
  • 9. Prevent ASP.NET cookies on static content  Setup a new website in IIS, map to the same code folder.  Map static.yoursite.com host header to that website.  Prefix all css, js, image links with http://static.yoursite.com/  Add a Global.asax‟s EndResponse event on the new website. HttpContext context = HttpContext.Current; if (context.Request.Url.Host == “static.yoursite.com”) { List<string> cookiesToClear = new List<string>(); foreach (string cookieName in context.Request.Cookies) { HttpCookie cookie = context.Request.Cookies[cookieName]; cookiesToClear.Add(cookie.Name); } foreach (string name in cookiesToClear) { HttpCookie cookie = new HttpCookie(name, string.Empty); cookie.Expires = DateTime.Today.AddYears(-1); context.Response.Cookies.Set(cookie);
  • 10. System.net optimization  If you are using HttpWebRequest or WebClient or any other TCP/IP operation, increase the max connection limit.  Default is 2 per IP.  WCF service calls are limited by this setting.  Unless you suspect rogue clients, set some reasonably high number on webservers, but moderate number on desktop clients.
  • 11. System.net default setting is suboptimal Bottleneck Max 2 concurrent calls
  • 12. ASP.NET Profile Provider  Anonymous Provider creates one anonymous user in database on every first hit to Profile object‟s Custom properties:  The SP aspnet_Profile_GetProperties gets called when you access Profile object for first time in a request. And this SP is slooooooooow!
  • 13. ASP.NET Profile Provider  The slow SP that gets fired when you access custom Profile properties: CREATE PROCEDURE [dbo].[ aspnet_Profile_GetProperties] @ApplicationName nvarchar(256), @UserId … AS BEGIN DECLARE @ApplicationId uniqueidentifier SELECT @ApplicationId = NULL SELECT @ApplicationId = ApplicationId FROM dbo.aspnet_Applications WHERE LOWER(@ApplicationName) = LoweredApplicationName … … … IF (@@ROWCOUNT > 0) BEGIN UPDATE dbo.aspnet_Users SET LastActivityDate=@CurrentTimeUtc WHERE UserId = @UserId END END
  • 14. ASP.NET Profile Provider  The slow SP‟s execution plan
  • 15. ASP.NET Profile Provider  Don‟t update LastActivityDate when Profile object is loaded. Do it only when Profile object is updated.  Update once every hour or so. If LastActivityDate < DateTime.Now.AddHours(-1) then update. No need to do per request or too frequently.  Hard code the Application ID to avoid one lookup inside the SP.  tinyurl.com/omarGetProp
  • 16. ASP.NET Membership  ASP.NET Membership Provider Stored Procs use default transaction isolation level, which is Serializable. Transaction (Process ID ##) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. Timeout Expired. The Timeout Period Elapsed Prior To Completion Of The Operation Or The Server Is Not Responding. ALTER PROCEDURE [dbo].[aspnet_Profile_GetProperties] @ApplicationName nvarchar(256), @UserName nvarchar(256), @CurrentTimeUtc datetime AS BEGIN SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;
  • 17. ASP.NET Membership Query  Common queries that brings down hell:  Select * from aspnet_users where UserName = „blabla‟  Select * from aspnet_membership where Email = “someone@somewhere.com”  What‟s wrong with these queries?
  • 18. ASP.NET Membership Queries  Let's look at the indexes:  Table: aspnet_users  Clustered Index = ApplicationID, LoweredUserName  NonClustered Index = ApplicationID, LastActivityDate  Primary Key = UserID  Table: aspnet_membership  Clustered Index = ApplicationID, LoweredEmail  NonClustered = UserID  Table: aspnet_Profile  Clustered Index = UserID  DO NOT use Email or UserName fields in WHERE clause. They are not part of the index instead LoweredUserName and LoweredEmail fields are in conjunction with ApplicationID field. All queries must have ApplicationID in the WHERE clause.
  • 19. A love story  .NET 3.0 was released, woohoo! WCF! Lambda Expressions!! Linq to SQL!!!  Upgraded to .NET 3.0, top to bottom.  Major deployment over the weekend.  Monday 9 AM, peak traffic.  No response from site.
  • 20. ~100% on all web servers
  • 21. Linq to SQL is not suitable for high volume web applications  Linq to SQL is not optimized for web application.  No disconnected entity support.  Entities are not serializable.  Linq to sql expressions consume high CPU when compiled to SQL. var query = from widget in dc.Widgets where widget.ID == id && widget.PageID == pageId select widget; var widget = query.SingleOrDefault();
  • 22. How bad Linq to SQL is? Source: JD Conley‟s blog
  • 23. Fixing Linq to SQL  Convert all queries to Compiled Queries.  tinyurl.com/omarLINQ
  • 24. Linq to SQL transaction deadlocks  Large table, high read and medium write, causes query timeouts, high locks, transaction deadlock because of SERIALIZATION isolation level. Transaction (Process ID ##) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. Timeout Expired. The Timeout Period Elapsed Prior To Completion Of The Operation Or The Server Is Not Responding. using (var db = new YourDataContext2()) { db.Connection.Open(); db.ExecuteCommand("SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;"); var user = db.aspnet_Users.First(); var pages = user.Pages.ToList(); }
  • 25. Linq to SQL transaction deadlocks  Connection does not close!  Bug in Data Context code.  Solution is to override the Dispose. class YourDataContext2 : YourDataContext, IDisposable { public new void Dispose() { if (base.Connection != null) if (base.Connection.State != System.Data.ConnectionState.Closed) { base.Connection.Close(); base.Connection.Dispose(); } base.Dispose(); } }
  • 26. Content Delivery Network (CDN)  CDN cache and deliver content from their servers that are closest to users‟ computers. The closer servers are to end user, the shorter roundtrip time for every request. For ex, Akamai has servers almost every city in the world.  Content from CDN nodes get served faster with lower latency than coming from your servers.  CDN Nodes have better caching and compression algorithms.  CDN nodes can offload your server and network from delivering static files. Thus better throughput for dynamic content.
  • 27. Content Delivery Network 0.7 sec Washington, DC 2.2 sec Australia
  • 28. Without CDN www.yoursite.com
  • 29. How CDN works static.yoursite.com www.yoursite.com
  • 30. Two types of CDN  Static – you upload the files to CDN and they give you an URL. E.g. yoursite.cachefly.net/logo.gif  Dynamic – Host your dynamic application behind the CDN. For ex, Edgecast and Panther Express.  Very cheap - $0.2/GB
  • 31. How Dynamic CDN works www.yoursite.com
  • 32. How Dynamic CDN works www.yoursite.com Static content cached, Compressed automatically
  • 33. How Dynamic CDN works www.yoursite.com Static content cached, Compressed automatically
  • 34. 13 disasters for production websites 1. Faulty hard drive supplied by supplier, data corruption within weeks. 2. Controller malfunctions and corrupts all disks in the same controller. 3. RAID malfunction. 4. CPU overheated and burned out. 5. Firewall went down. 6. Remote Desktop stopped working after a patch installation. 7. Remote Desktop max connection exceeded. Cannot login anymore to servers. 8. Database got corrupted while we were moving the production database from one server to another over the network. 9. One developer deleted the production database accidentally while doing routine work. 10. Support crew at hosting service formatted our running production server instead of a corrupted server that we asked to format. 11. Windows got corrupted and was not working until we reinstalled. 12. DNS goes down. Don’t get domain from GoDaddy. 13. Internet backbone goes down in different part of the world. http://tinyurl.com/omar13
  • 35. Conclusion  ASP.NET out of the box, does not scale for millions of hits.  Must make the hacks at code, database and configuration level to get it to scale.  That‟s reality for any technology, not ASP.NET specific.