Slashdot Mirror
Web Server Stress Testing : Tutorial /Review
darthcamaro writes "I found an interesting article on builder.com that suggests laying 'Siege' to your server to help you setup up a site to withstand /.
"One of the great fears for many Web developers, and even more so for Web server admins, is watching their sites brought down by an avalanche of traffic. The traffic may be from a DoS attack, or maybe the site just got slash-dotted. Bottom line: It just isn't available.""
$ siege -c25 -t1M www.mydomain.com
** Siege 2.59
** Preparing 25 concurrent users for battle.
The server is now under siege...
In other news, domain/hosting company mydomain.com was under a heavy DDoS attack, it's believed that the attacks were done by members of a geek news website called Slashdot.
The IT section color scheme sucks.
I looked through the article, it doesn't look like much more than a slightly sophisticated wget for loop :). Seriously though, this seems similar to a few other basic stress testers out there. For the projects I've worked on you need session management, interactive processes, ... basically hitting 5 urls isn't gonna stress test anything of value.
The Grinder on the other hand, allows for distributed workers, following the same or different 'scripts' all controlled from a single console. It provides you with a slew of configuration options and all sorts of data at your fingertips. The scripts are jython which is easy to learn and very flexible. If you want to stress test a complex app, especially something interactive, or requiring sessions, check out the grinder, it's a god send.
http://monkeyserver.com --- weeeeee
Another great tool for stress testing your site is Jakarta JMeter. Gives you a nice GUI for watching your response times plummet as your site is pummeled.
From the article:
Siege now supports a new proxy tool called Sproxy, which harvests URLs for testing. The premise behind Sproxy doesn't make much sense to me... Personally, I prefer Scout for getting my URLs, since it just goes through a site's links and adds them that way.
The advantage of using a browser to set up your test plan is that it better simulates real traffic patterns on your site. Microsoft's Application Test Center does this, and JMeter has a proxy server similar to Sproxy.
When you're trying to replicate problems with a live site, however, it would seem more appropriate to me if you could base your test on real traffic to the site. I wrote a load testing tool once that used web logs to simulate the actual traffic patterns, but it was incomplete, mostly because web logs don't record POST data. A good stress tool could come with an Apache/IIS/Tomcat plugin that recorded traffic for use in stress testing.
reech bee-yond ur clip-0n
Why can't I load the article?
Yesterday was the time to do it right. Are we having a REVOLUTION yet?
stress testing based on concurrent users hitting script etc is fine,
but there are other things to make sure of, returnin information and the like
check out the perl module called webtest or something like that
back in the day we didnt have no old school
One item this article didn't explicitly look at was the network saturation percentage.
Most servers can handle a greater load than the network traffic can handle. To demonstrate a proper test you would need to test outside of your routers and firewall. This means that the test machines should be located outside of your local area network while testing or at least a certain quantitative percentage for statistical purposes.
Odds are most people are going to work within the LAN and lay Siege to their machines but forget that there is an outside world.
The best stress tester was a company called Envive, which was a distributed attack sort of focus, with server time and space all over the world. You write a script, and then can watch the attack from a web browser. Proof positive that Siege is more popular though - they went out of business.
/usr/bin/grep -i -E meaning life.txt
btw I doubt even the referer->GoogleCache mechanism would save most sites from the inadvertant DDOS that Google provided by that image link. Just more argument to Google and /. being better citizens.
/. could wait to publish a story until Google had it cached and then give the -option- in a user pref to allow links to be rewritten to the Google cache ...
/.
... I might not have a -job- without /. or Google since I use them for research and learning every day along with a host of other sites. I don't want them -gone- I just want them to be a bit more responsible for their actions. To paraphrase J. Depp, they're "something like big dumb pupp"ies ... in this case we like to pet them and they're usually sweet but sometimes they can bite the hand that pets them when they get overzealous.
Perhaps
Perhaps Google could add a new piece to the stale robots.txt standard like "cache-link-only" so that Google would know the author was only interested in being in the Google engine if Google directed all links to it's own cache for that particular site.
Both are opt-in programs that allow the rest of us to have good conscience when viewing tiny sites via links from beasts like Google and
BTW, I don't want people to get me wrong
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.