Multi-tenant vs single tenant

Are there plans to introduce a tier of Render that would allow infra to not be affected by other customers or services? I’m not sure how feasible this is for Render as a business, but when reading through the post mortem Render Status - Intermittent 503 errors for services it seems like the times when we experience downtime are when other services receive malicious traffic and it ends up taking everything down. That means the larger Render gets and the larger the clients that Render signs on are…the more likely our own apps and services are to be affected by other traffic.

Am I reading this correctly? Are there mitigations put into place already to make sure this doesn’t happen?

The most recent DDoS attack which caused the outage on August 12 didn’t result in customer services themselves going down. The issue was related to our load balancing layer which autoscales to meet demand spikes caused by regular traffic patterns.

However, the volume of the attack spiked to 650x our usual peak volume nearly instantly, and unfortunately our work to add a DDoS protection layer in front of our load balancers wasn’t deployed until after the attack.

If we offered single-tenant load balancers (which is likely at some stage) attackers could still target all Render-managed IP ranges and cause the same issue. The proper solution is to block these attacks effectively, which is exactly what we rolled out this week.

2 Likes