Key points:
- A routine change in database permissions at Cloudflare caused a massive outage, taking down services like ChatGPT, Canva, and parts of AWS.
- The outage was triggered by a change to Cloudflare’s Bot Management system, which inadvertently knocked offline a significant portion of the web.
- The incident highlights the trend of ordinary software updates becoming a leading trigger of large-scale internet outages, with Microsoft Azure and AWS also experiencing recent outages due to similar issues.
A massive outage at Cloudflare, a content delivery network, took down several popular services, including ChatGPT, Canva, and parts of AWS. The outage, which lasted for approximately six hours, was caused by a routine change in database permissions linked to Cloudflare’s Bot Management system. This change inadvertently knocked offline a significant portion of the web, highlighting the potential risks of ordinary software updates.
According to Matthew Prince, co-founder and CEO of Cloudflare, the issue was triggered by a change to one of Cloudflare’s database systems’ permissions, which caused the database to output multiple entries into a feature file used by the Bot Management system. This feature file propagated across Cloudflare’s global network, exceeding the limits it was designed to handle and causing the systems to fail.
The outage was initially suspected to be a hyper-scale DDoS attack, but it was later determined that the real cause was a problem with the Bot Management module, which uses a machine-learning model to assign bot scores to every request. A change in ClickHouse query behavior created large numbers of duplicate feature rows, increasing the size of the feature configuration file and causing the bots module to trigger an error.
Cloudflare has taken steps to prevent similar incidents in the future, including hardening the ingestion of Cloudflare-generated configuration files and enabling more global kill switches for features. However, experts warn that the broader challenge lies with enterprises, which must design systems that operate cleanly even when a major intermediary stumbles.
The incident highlights the trend of ordinary software updates becoming a leading trigger of large-scale internet outages. In recent years, Microsoft Azure and AWS have also experienced outages due to similar issues, including a global outage caused by an inadvertent tenant configuration change in Azure Front Door (AFD). Experts say that the real tension sits between the speed at which modern cloud platforms deploy changes and the maturity of the mechanisms that are meant to validate those changes.
Gartner’s Senior Principal Analyst Bhuvie Chhabra notes that operational errors arising from configuration changes in cloud services, not cyberattacks, represent the most significant systemic risk today. The Cloudflare outage underscores the importance of prioritizing pragmatic resilience and applying diversification sparingly and only for critical systems where downtime has a material business impact. As Sanchit Vir Gogia, chief analyst and CEO at Greyhound Research, says, "The broader challenge sits with enterprises. They must design systems that operate cleanly even when a major intermediary stumbles."
Read the rest: Source Link
Don’t forget to check our list of Cheap Windows VPS Hosting providers, How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and follow us on twitter @WindowsMode.
Discover more from Windows Mode
Subscribe to get the latest posts sent to your email.
