This is interesting. What I’m hearing is they didn’t have proper anti-affinity rules I’m place, or backups for mission-critical equipment.
The data center did some dumb stuff, but that shouldn’t matter if you set up your application failover properly. Architecture and not testing failovers are the real issue here
Also sounded like they had apps centered/only there that had to be online for everything else to work.
But the 4-minutes-instead-of-10 batteries certainly didn’t help.
That’s exactly it.
https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage/Here is a quick summary, but the actual postmortem is worth reading.
Classic example of cascade failure or domino effect. Luckily their resilience wasn’t a full outageBasically, new features get developed fast and are iterated quickly. When they mature, they get integrated into the high availability cluster.
There are also some services that are deliberately not clustered. One of which is logging, which should cause logs to pile up “at the edge” when the logging core service is down.
Unfortunately, some services were too tightly coupled to the logging core. So they should’ve been HA clustered, but were unable to cope with the core logging service being down.
Whilst HA failover had been tested, the core services has never been taken offline, so all this was missed.Which all ended up with inconsistent high-availability amongst different services and products. A lot of new features would have failed as expected, and some mature features that shouldn’t have failed did.
When they brought their disaster recovery site up, there were some things that needed manual configuration, and some newer features that hadn’t been tested in a disaster recovery scenario.
They are now focusing significant resources on:
- Remove dependencies on our core data centers for control plane configuration of all services and move them wherever possible to be powered first by our distributed network.
- Ensure that the control plane running on the network continues to function even if all our core data centers are offline.
- Require that all products and features that are designated Generally Available must rely on the high availability cluster (if they rely on any of our core data centers), without having any software dependencies on specific facilities.
- Require all products and features that are designated Generally Available have a reliable disaster recovery plan that is tested.
- Test the blast radius of system failures and minimize the number of services that are impacted by a failure.
- Implement more rigorous chaos testing of all data center functions including the full removal of each of our core data center facilities.
- Thorough auditing of all core data centers and a plan to reaudit to ensure they comply with our standards.
- Logging and analytics disaster recovery plan that ensures no logs are dropped even in the case of a failure of all our core facilities.
deleted by creator
Surprised a company of their scale and with such a reliance on stability isn’t running their own data centres. I guess they were trusting their failover process enough not to care
They probably need to be in so many different locations, and so many different network nodes, that they don’t want to consolidate like that. Their whole point of being is to be everywhere, on every backbone node, to have minimum latency to as many users as possible.
This sounds like a core datacetre though?
This reminds me of how AWS lost critical infra when us-east-1 went down. That’s including the status dashboard that was only hosted there.
the overnight shift consisted of security and an unaccompanied technician who had only been on the job for a week.
That poor bastard.
I’ll be curious to learn if the battery issue was due to being under-dimensioned, or just aged and at reduced capacity.
Or not properly maintained and at reduced capacity.
It isn’t Flexentials year.
They got burned by DediPath.
They got burned by NextArray.
They just got ousted by Cloudflare.
If it keeps up it’s going to someone is going to be making 3 envelopes….
What does she do on the notebook?
I think she is reading the matrix code
Onlyfans
Mr magoo it’s the CEO
