Posted by Chris Martin 24 July 2014
Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular
Like me you were probably frustrated at the BBC iPlayer outage at the weekend. Although aunty beeb has explained the technical issues behind the escapade, I still think that a DDoS attack cause the whole thing in the first place.
The iPlayer is now one of the UK's main ways to watch TV, let alone on a catch-up basis. It's available on TVs, smartphones, tablets and many more devices. The BBC saw a record three billion programme requests in 2013, up 33 per cent on 2012. And January of this year was the busiest ever month for the service with 300 million requests.
So, when the iPlayer goes down it's a big deal and even more so when it lasts longer than an entire weekend – I couldn't watch the Formula 1 qualifying which I'd stupidly missed by heading out to the supermarket.
At the time of the outage, the BBC took to a few of its many Twitter accounts to apologies for the problems and reassure users it was being fixed as quickly as possible. The issue affect the BBC homepage as well as iPlayer.
We're fixing a problem that means some people can't access parts of @BBC Online. As soon as it's fixed we'll let you know.— BBC iPlayer (@BBCiPlayer) July 19, 2014
It eventually said in a news article that "engineers noticed that there was a 'severe load' on the servers underlying the video-on-demand system" which made me think the problem was initially caused by a DDoS (distributed denial-of-service) attack but a full explanation may squish this thought, I reasoned.
Since then, and after a number of hours more of the iPlayer service being unavailable, the BBC has explained what happened in a blog post. However, the information – detailed though is it – still leaves me believing that the BBC was the victim of a DDoS attack.
In a nutshell, the BBC's 58 application servers and 10 database servers which provide programme and clip metadata failed, despite being split across two separate data centres. The firm also has a second problem at the same time with a caching layer which resulting in a switch to the 'emergency mode' homepage.
You can read more technical details on the BBC blog but what struck me was the 'severe load' which was cited previously was said to take place at 9:30am on the Saturday morning.
"At 9.30 on Saturday morning (19th July 2014) the load on the database went through the roof, meaning that many requests for metadata to the application servers started to fail." states the blog post.
And it's this snippet of information that leads me to believe those requests weren't from human beings. I don't know about you but I was having a lie in. It's perfectly understandable for systems like this collapse under high demand but they are usually due to big events. ITV even pre-warned users about streaming the World Cup and Sky's Now TV service couldn't cope with most of the UK wanting to watch the season four episodes of Game of Thrones each week.
Correct me if I'm wrong but nothing special was happening at 9:30am on Saturday morning so it seems a DDoS attack took out the iPlayer and other areas of the BBC's online service but it doesn't want to admit it.