• Main
  • News
  • Resource Overselling: How Providers Sell One Server Ten Times

Resource Overselling: How Providers Sell One Server Ten Times

Monday morning. Your e-commerce site reaches top search rankings, traffic grows, sales increase — and suddenly the site starts lagging. The team checks the code — everything's fine. Database — optimized. Server shows strange numbers: out of promised 4 GB RAM, only 2 GB available, CPU runs at 30%, but "steal" shows 40%. What's happening?

Welcome to the world of overselling — a practice where hosting providers sell more resources than physically exist on the server. A server with 64 GB RAM easily becomes 100 "virtual" gigabytes, sold to dozens of clients. While everyone's sleeping — everything works. As soon as several VPS load simultaneously — chaos begins.

This isn't conspiracy theory or rarity. It's standard industry business practice that few discuss openly. Let's break down how it works, why providers do it, and most importantly — how not to become a victim of aggressive overselling.

What is overselling and why does it even exist

Overselling is when a provider sells more resources (CPU, RAM, disk space, bandwidth) than physically available on the server, betting that not all clients will use their resources fully simultaneously.

Airline analogy: airlines sell more tickets than seats on the plane, knowing some passengers won't show up. While statistics work — everyone's happy and prices are lower. When everyone shows up — problems begin.

Provider's economic logic

Imagine a physical server:

  • 128 CPU cores (64 physical cores with hyperthreading)
  • 256 GB RAM
  • 4 TB NVMe SSD
  • 10 Gbps network port

Such server rental costs about $500-800/month. Add electricity, cooling, engineer salaries, 24/7 support — real provider costs around $1,000-1,500/month per server.

Selling VPS "honestly" without overselling:

  • 16 VPS with 8 cores and 16 GB RAM = 16 x $40 = $640/month

Provider is in the red. Even raising prices to $100 per VPS — that's $1,600/month, giving only 30-40% margin after all expenses.

Now with overselling:

  • 64 VPS with 4 cores and 4 GB RAM = 64 x $15 = $960/month
  • Or 32 VPS with 8 cores and 8 GB RAM = 32 x $25 = $800/month

Sounds like provider still loses? But here's the key: 85% of clients use only 20% of their CPU resources 99% of the time. RAM similarly — most sites and applications run with minimal load.

The provider knows these statistics and sells not physical resources, but probability of their usage.

Types of overselling: what exactly gets sold twice

1. RAM (memory) — most expensive resource

RAM is the main overselling target because it's the most expensive component in VPS pricing.

How it technically works:

On OpenVZ/Virtuozzo: can manipulate VIRT, RES, SHM parameters. Provider allocates VPS "12 GB RAM" but actually reserves only 8 GB, betting client won't use full amount.

On KVM: uses RAM overcommitment. Hypervisor allows allocating virtual machines more RAM than physically exists. When RAM runs out, system starts using swap (disk paging), catastrophically reducing performance.

Typical RAM overselling ratios:

  • Conservative: 1.5x (96 GB physical RAM → 144 GB sold)
  • Average: 2-3x (96 GB → 192-288 GB)
  • Aggressive: 4-5x (96 GB → 384-480 GB)
  • Extreme: 10x+ (found at budget providers)

2. CPU (processor) — harder but possible

CPU is harder to physically oversell, but methods exist:

CPU units/shares: On OpenVZ, each VPS gets certain "CPU units." Provider can set low priority for some VPS, giving them CPU time only when free.

CPU steal time: Metric shows how much CPU time VPS was "stolen" by other virtual machines. If CPU steal > 10% regularly — it's overselling sign.

Hyperthreading as illusion: 64-core processor with hyperthreading shows 128 "cores," but only 64 physical. Provider may sell all 128 as full cores.

3. Disk I/O — hidden problem

Disk I/O (read/write operations) — resource hardest to measure but easiest to oversell.

Server has 4 TB NVMe SSD. Provider creates 50 VPS with 80 GB each = 4 TB. While all VPS do minimal read/write operations — everything's great.

But NVMe SSD has physical IOPS limit (Input/Output Operations Per Second). For example, 500,000 IOPS. If 10 VPS simultaneously start intensive database work, each trying 100,000 IOPS — server can't handle it.

Result: database queries slow down 10-20 times. Site starts "freezing," though CPU and RAM seem free.

4. Bandwidth (network throughput)

"Unlimited bandwidth" — classic marketing trick.

Server has 10 Gbps port. Provider creates 100 VPS and promises everyone "unlimited traffic." While clients use 100-500 Mbps each — no problems. But when 5-10 VPS start actively downloading/uploading at full speed — port gets clogged.

Reality: providers often limit speed at 100-500 Mbps per VPS, even promising "10 Gbps shared port."

Virtualization tech: where overselling is especially dangerous

OpenVZ / Virtuozzo — overselling paradise

OpenVZ — container virtualization where all VPS share one OS kernel.

Why easy to oversell here:

  • No hypervisor-level isolation
  • RAM and CPU can be flexibly redistributed via parameters: cpuunits, cpulimit, cpus for CPU; vswap, oomguarpages for RAM
  • Provider sees real resource usage of all containers and can dynamically "take from" inactive ones

Red flag: if you see OpenVZ VPS for $2-3/month with "8 GB RAM and 4 cores" — it's 99% aggressive overselling.

KVM — harder but doesn't fully protect

KVM — hardware virtualization. Each VPS has its own OS kernel and is isolated at hypervisor level.

Can KVM be oversold? Yes, but harder:

  • RAM overcommitment: KVM allows allocating virtual machines more RAM than physically exists
  • CPU oversubscription: can assign more vCPU than physical cores
  • Balloon drivers: technology allowing hypervisor to "take" unused RAM from one VPS and give to another

But: in KVM overselling is more noticeable to user through CPU steal and swap usage metrics.

Xen — middle isolation level

Xen — paravirtualization, golden mean between OpenVZ and KVM.

Overselling possible, but providers usually do it more conservatively than OpenVZ.

Overselling signs: how to know you're being cheated

1. Price too good to be true

Average market prices in 2025:

  • 1 vCPU, 1 GB RAM, 25 GB NVMe: $3-5/month
  • 2 vCPU, 4 GB RAM, 80 GB NVMe: $10-15/month
  • 4 vCPU, 8 GB RAM, 160 GB NVMe: $20-30/month

If you see 8 vCPU, 16 GB RAM for $10/month — it's either promo or heavy overselling.

WebHostingTalk providers discuss typical overselling ratio of 4-5x. So if price is 3-4 times below market — resources are really 3-4 times less.

2. High CPU steal time

CPU steal — percentage of time when your VPS wanted to use CPU but couldn't because physical cores were busy with other VPS.

How to check on Linux:

top # Look at %Cpu(s) line, "st" (steal) column

or

vmstat 1 10 # Look at "st" column

Normal values:

  • < 5% — excellent isolation
  • 5-10% — acceptable
  • 10-20% — moderate overselling
  • > 20% — aggressive overselling, performance suffers

3. Swap actively used with "available" RAM

free -h

If you see RAM seems free ("available" column) but swap is used — it's a sign RAM is overcommitted and system is forced to use paging.

4. Unpredictable performance

Site flies in the morning, lags in the evening. Great on weekends, terrible on weekdays.

Classic overselling pattern: when server neighbors are active — everyone suffers. When sleeping — resources available.

5. Disk I/O shows anomalies

Check write speed:

dd if=/dev/zero of=testfile bs=1G count=1 oflag=direct

Run several times at different times of day. If write speed varies 5-10 times — it's shared storage with I/O overselling sign.

For NVMe SSD expect:

  • Write: 500+ MB/s
  • Read: 1000+ MB/s

If seeing 50-100 MB/s — either not NVMe or I/O heavily oversubscribed.

Overselling vs Overloading: where's the line

Overselling isn't evil itself

Moderate overselling (1.5-2x) is normal practice that:

  • Lowers prices for clients
  • Utilizes idle resources
  • Makes hosting economically viable

Analogy: office has 100 workspaces, but not all employees there simultaneously. Would be silly to rent building for 100 seats if really using 60-70.

All providers oversell. Period. Provider saying "we don't oversell" is either lying or charging premium prices ($50-100/month for basic VPS).

Overloading — where problems start

Overloading is when overselling crosses reasonable limits and server physically can't handle load.

Overloading signs:

  • Sites regularly crash or lag
  • Load average > number of CPU cores
  • OOM killer terminates processes due to RAM shortage
  • Disk works at 100% I/O wait

Providers like Stablehost maintain rule: no more than 600 customers per server, minimum 50% CPU idle, minimum 50% RAM free. This is responsible overselling.

Budget providers pack servers to 90-95% utilization — that's overloading.

How to check provider before purchase

1. Study reviews on independent platforms

Where to find honest reviews:

  • WebHostingTalk (WHT) — professional forum
  • LowEndTalk (LET) — budget VPS community
  • Reddit r/webhosting
  • Trustpilot (with caution — much manipulation)

What to look for in reviews:

  • Complaints about "noisy neighbors"
  • "CPU steal" mentions
  • Performance problems at certain times
  • Phrases "used to be better" (sign provider increased density)

2. Request trial period or money-back guarantee

Good providers offer:

  • 7-30 days money-back guarantee
  • Trial period for testing

What to test:

  • Run benchmarks at different times of day
  • Check CPU steal via vmstat
  • Disk I/O test with fio or dd
  • Stress test with stress-ng

3. Check virtualization type

Request from provider or check yourself:

Detect virtualization type:

systemd-detect-virt

Or

virt-what # Or dmidecode | grep -i product

Preferable: KVM or Xen With caution: OpenVZ/Virtuozzo (high aggressive overselling risk)

4. Look at uptime guarantee and SLA

99.9% uptime sounds good, but that's:

  • 43 minutes downtime per month
  • 8.7 hours per year

Providers with aggressive overselling often can't guarantee even 99.9% because servers are overloaded and crash more often.

Look for:

  • SLA with compensation for downtime
  • Public status page with incident history
  • Communication transparency during problems

Providers that don't oversell (or do it reasonably)

Tier 1: No overselling (premium pricing)

THE.Hosting — major, global provider.

  • Prices: $6/month for 1GB RAM
  • Guaranteed resources
  • Documentation transparency
  • But: no managed services, DevOps skills needed

Tier 2: Conservative overselling (balance)

HostEONSpublicly state no overselling of critical resources (CPU, RAM).

  • Prices: $15-30/month for average VPS
  • Strict resource allocation
  • 20+ years team experience

Stablehostopenly share numbers:

  • No more than 600 customers per server
  • Minimum 50% CPU and RAM idle
  • Move "noisy neighbors" to separate servers

Tier 3: Moderate overselling (budget-friendly)

Most mid-tier: Hetzner, OVH, Contabo

  • Overselling exists but reasonable (2-3x)
  • Prices: $5-15/month
  • Acceptable performance for most tasks

Tier 4: Aggressive overselling (avoid)

EIG brands (Bluehost, HostGator, iPage) — known for aggressive shared hosting overselling.

Ultra-budget VPS ($2-3/month on OpenVZ) — often 10x+ overselling.

How to protect against overselling

1. Monitor metrics constantly

Install monitoring:

  • Netdata (free, real-time)
  • Grafana + Prometheus
  • CloudWatch (for AWS/cloud providers)

Key metrics:

  • CPU steal time
  • RAM usage and swap
  • Disk I/O wait
  • Network latency

2. Use dedicated CPU instances where possible

Many cloud providers offer "dedicated CPU" instances — vCPU pinned to physical cores, no steal time.

30-50% more expensive, but performance is predictable.

3. Plan vertical scaling

If project grows, don't try to "squeeze maximum" from budget VPS. Move to more powerful configurations or dedicated servers.

Rule: use no more than 70-80% of resources. Margin needed for load spikes.

4. Diversify — don't put all eggs in one basket

Place critical services with different providers or in different regions. If one provider overloads servers — second picks up load.

Legal and ethical side

Is it legal?

Yes, overselling is legal. Providers usually write in Terms of Service (ToS):

  • "Resources are shared"
  • "Best effort basis"
  • "Fair usage policy"

You rent right to use resources, not guarantee of their 100% availability 24/7.

Is it ethical?

Depends on degree:

  • Moderate (1.5-2x) — ethical, economically justified
  • Average (3-4x) — debatable but common
  • Aggressive (5x+) — unethical, essentially fraud

Problem is lack of transparency. Providers rarely say: "We oversell 3x." They write "4 vCPU, 8 GB RAM," creating illusion of dedicated resources.

Conclusion: live with overselling or fight it

Overselling is hosting industry reality. Can't completely avoid it unless ready to pay premium prices for dedicated resources.

Key takeaways:

All providers oversell — question is degree. Reasonable overselling (1.5-2x) is norm that makes hosting affordable.

Check before buying: price, virtualization type, reviews, trial period. Test performance at different times.

Monitor metrics: CPU steal, swap usage, I/O wait. If regularly see problems — change provider.

Budget VPS is compromise. $3/month for VPS = guaranteed overselling. If need stability — pay more or go dedicated.

Read ToS and SLA. Understand what you're buying: shared resources or guaranteed allocation.

In hosting, like in life, free cheese only in mousetrap. Suspiciously low price — sign corners were cut somewhere. And usually those corners are your resources, sold to nine other clients on same server.