"One of our core principles at Google is ‘defense in depth’, and Google’s networking systems have a number of safeguards to prevent them from propagating incorrect or invalid configurations in the event of an upstream failure or bug. These safeguards include a canary step where the configuration is deployed at a single site and that site is verified to still be working correctly, and a progressive rollout which makes changes to only a fraction of sites at a time, so that a novel failure can be caught at an early stage before it becomes widespread. In this event, the canary step correctly identified that the new configuration was unsafe. Crucially however, a second software bug in the management software did not propagate the canary step’s conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout."Google Cloud Status
Thursday, April 14, 2016
Google Cloud Status: Google Compute Engine Incident #16007 Connectivity issues in all regions
For more context-setting, see Site Reliability Engineering: How Google Runs Production Systems (Google Books)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment