Cloud Shape Your Idea

Lab 2: Problems at Scale

Start a service which performs a computationally intensive operation and simulate its exhaustion

A. Bring up 2 hosts (one for the victim service, one for the aggressor) 0.5 points
• Go to the EC2 console (AWS console > Services > EC2)
• Start 2 t2.micro Amazon Linux AMI 2016.09.1 (HVM) instances with default settings
o In Step 6: Configure Security Group
▪ for the first instance choose Create a new security group: name pbs-at-scale-victim-sg
▪ for the second instance choose Create a new security group: name pbs-at-scale-aggressor-sg
▪ for both, in order for you to be able to log in using ssh, change the default rule to allow SSH on
port 22 from Anywhere (Hint: column Source)
o When prompted for the key pair, choose the existing one (qwikLABS…)
• To see your instances launching go to EC2 Dashboard > Instances.
• Wait for the victim & aggressor hosts’ Status Checks to complete (you should see: ✓ 2/2 checks passed)
o you can tell your hosts apart using their attached security groups (see rightmost column, Security Groups)
o you can also assign them names by editing the Name column (leftmost column)

B. Start and test your victim service 1 point

• ssh1 on the victim host using ec2-user@<EC2 victim host public IP>
• We want to create the victim web service with the following traits:
o listens on port 1025
o for each HTTP request, generates all the prime numbers in a range and returns them as a (bare-bone)
HTML document, one prime number per line
• ~/server/cgi-bin/service.py will be an executable script that gets invoked every time our server process
receives an HTTP request:
o create folder tree and cd into the folder that will hold our script
$ mkdir -p ~/service/cgi-bin; cd ~/service/cgi-bin
o use vim or nano to create the service.py script; paste the following code into it:

#!/usr/bin/env python
print('Content-type: text/html\n')
print('<title>Hello World</title>')

for num in range(2, 5000):

prime = True
for i in range(2, num):
if (num%i == 0):
prime = False
if prime:
print(num)

1 If you don’t remember how to SSH on the EC2 hosts, check:

• using the ssh client: steps 2. -> 7. @ [ Connecting to Your Linux Instance Using SSH > To connect to your instance using SSH ]
• or using Putty: steps 2. -> 7. @ [ Connecting to Your Linux Instance from Windows Using PuTTY > To start a PuTTY session ]

1
Cloud Shape Your Idea
o make the file executable by running
$ chmod +x service.py

• Start an HTTP server for your service on port 1025:

$ cd ~/server; python -m CGIHTTPServer 1025
• To test the service locally (on the victim host), you can use wget (but in another ssh session)
$ wget http://localhost:1025/cgi-bin/service.py -O response; cat response | head -n 5

C. Invoke your service from the aggressor host 1 point

• ssh on the second EC2 host (the aggressor host)
• Try calling the service that’s running on the victim host:
$ wget http://<EC2 victim host public IP>:1025/cgi-bin/service.py
o The call cannot connect to the victim host, because the host doesn’t allow incoming TCP traffic on port
1025
• Let’s change the victim host’s security group to accept HTTP traffic on port 1025 from the aggressor host
o EC2 Console > Network & Security > Security Groups > Actions and select pbs-at-scale-victim-sg
o add Inbound rule to allow TCP traffic on port 1025 from the aggressor’s public IP address
• Confirm that your requests made from the aggressor host now receive an answer
• Let’s access the victim service from the aggressor host in a loop:
$ while true; do (wget http://<EC2 victim host public IP>:1025/cgi-bin/service.py -O
response 2>&1 | grep -E "HTTP|saved"); sleep 2; done

D. Assessing the status of your server host 0.5 points

• When you have the aggressor loop running for around 5 minutes already, go to the EC2 Dashboard > Instances.
Select the victim host and click on the Monitoring tab. There you can find performance metrics for your host.
Click on the CPUUtilization metric and choose Statistic Average, Time range Last hour, Period 5 minutes.
• Identify two more relevant metrics that increased since you’ve been running your aggressor script.
[You might have to wait a bit for more recent data points to be available.]
• What’s the average CPU Utilization? What’s the max CPU Utilization?

E. Overloading the victim server through CPU exhaustion 1 point

• Can you change the aggressor client loop to spike the average CPUUtilization to 100% ?

F. Overload the victim server through other methods 1 point

• Find at least one more way in which to overload the server host.
o you can change the aggressor client loop, you can change the server service.py script, you can use the
aggressor host in any way you want.
o keep in mind you need to overload only the victim host, thus without also overloading the aggressor
host (the method doesn’t count if you also overload the aggressor).