←back to thread

Details of the Cloudflare outage on July 2, 2019

(blog.cloudflare.com)
698 points jgrahamc | 1 comments | 12 Jul 19 15:46 UTC | HN request time: 0s | source
Show context
blr246 ◴[12 Jul 19 17:10 UTC] No.20422316[source]
Appreciate the detail here. It's a great writeup. Wondering what folks think about one of the changes:

  5. Changing the SOP to do staged rollouts of rules in
     the same manner used for other software at Cloudflare
     while retaining the ability to do emergency global
     deployment for active attacks.
One concern I'd have is whether or not I'm exercising the global rollout procedure often enough to be confident it works when it's needed. Of the hundreds of WAF rule changes rolled out every month, how many are global emergencies?

It's a fact of managing process that branches are liability and the hot path is the thing that will have the highest level of reliability. I wonder if anyone there has concerns about diluting the rapid response path (the one having the highest associated risk) by making this process change.

edit: fix verbatim formatting

replies(4): >>20422597 #>>20422684 #>>20425628 #>>20425800 #
1. closeparen ◴[13 Jul 19 00:46 UTC] No.20425800[source]
One way of dealing with this is regular drills. My employer has a cross-cutting rotation that exercises stuff like this weekly.