> I'm not sure we can right now. (The architecture is there so that we > could handle it if we wanted to, but we'd better mitigate it if > possible.)
That's my thinking -- the architecture is already there. sa-update's DNS polling is incredibly lightweight and can handle millions of clients updating simultaneously. It then picks up a URL from DNS to find the list of mirrors, then picks a mirror and downloads from that. Right now we only have one mirror listed, but it's trivial to add more to the MIRRORED_BY list. Also, a failed download will not affect anything for users, apart from maybe that they may miss a pending update for N hours -- there'd be no serious error condition for them to have to deal with. Accordingly I think we could leave it as-is, see what happens, and deal with scaling the backend farm entirely reactively. PS: it's not a matter of DDOS-proofing btw -- or at least, that's not what the OP was talking about. If we're worried about DDOS-proofing, that's a different issue (and again one that's fixed entirely at the backend). (current question is about too many "friendly" users using sa-update; DDOS-proofing is to deal with hostile botnets hitting our backend servers en masse, at which stage we'd probably need something like Prolexic's help on the backend.) --j. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]