Curated topic

sre

Posts tagged with sre

GitHub EngineeringApr 9, 2026

GitHub availability report: March 2026

Why it matters: This report highlights how minor configuration errors, cache stampedes, and credential management issues can cause massive service disruptions. It provides a blueprint for improving resilience through killswitches, infrastructure isolation, and automated monitoring of dependencies.

A bug in a cache-reduction deployment triggered a global cache recalculation, causing replication delays and high failure rates for API and Git operations.
Misconfigured Redis load balancers during infrastructure updates led to significant delays and failures in GitHub Actions workflow runs.
Authentication failures between the Copilot Coding Agent and its datastore caused near-total service outages, requiring manual credential rotation.
An upstream dependency failure disrupted GitHub event notifications for Microsoft Teams integrations.
GitHub is implementing architectural changes, including moving caching to dedicated hosts and adding killswitches to prevent cascading failures.
Improved automation and alerting are being developed to catch load balancer misconfigurations and credential lifecycle events before user impact.

#sre #dist

Read original

Engineering at MetaApr 8, 2026

Trust But Canary: Configuration Safety at Scale

Why it matters: Configuration errors are a leading cause of large-scale outages. This article highlights how Meta uses automated canarying, ML-driven alerting, and a blameless culture to maintain system stability while scaling deployment speed in an AI-accelerated environment.

Meta utilizes canarying and progressive rollouts to ensure configuration changes are safely deployed across massive infrastructure.
Automated health checks and monitoring signals are integrated to detect regressions early in the rollout process.
The engineering culture prioritizes blameless incident reviews to focus on systemic improvements rather than individual errors.
AI and machine learning models are leveraged to reduce alert noise and accelerate the bisection of root causes during failures.
Robust configuration safeguards are increasingly critical as AI-driven development tools accelerate the pace of code and config changes.

#sre #culture #mlp

Read original

Airbnb EngineeringApr 7, 2026

Building a high-volume metrics pipeline with OpenTelemetry and vmagent

Why it matters: Migrating high-volume metrics requires balancing protocol modernization with performance. This approach shows how OTLP and vmagent can reduce CPU overhead and storage costs while maintaining data fidelity at scale, offering a blueprint for efficient observability infrastructure.

Migrated from StatsD to OpenTelemetry Protocol (OTLP), reducing metrics-related CPU overhead from 10% to under 1% in production services.
Implemented a dual-write strategy to OTLP and StatsD during the transition to ensure data validation without disrupting legacy dashboards.
Resolved memory pressure in high-cardinality services by switching to delta temporality, reducing the in-process state required for metric exports.
Adopted vmagent for streaming aggregation to drop instance-level labels, significantly reducing storage costs compared to raw data ingestion.
Selected vmagent over the OTel Collector's transform processor due to its superior resource efficiency and performance at high volumes.
Standardized on a vendor-neutral pipeline using OTel Collector and Grafana Mimir to future-proof observability infrastructure.

#sre #dist #finops

Read original

Netflix Tech BlogApr 6, 2026

Stop Answering the Same Question Twice: Interval-Aware Caching for Druid at Netflix Scale

Why it matters: Standard caches fail for rolling-window queries because time intervals shift constantly. This interval-aware approach drastically reduces redundant database load and hardware costs by reusing stable historical data and only querying the newest increments.

Netflix built an external caching layer for Apache Druid to handle high-volume, rolling-window dashboard queries that frequently bypass standard caches.
The system utilizes a map-of-maps bucketing strategy, storing query results by timestamp buckets to allow the reuse of overlapping time ranges.
It implements exponential TTLs, where fresh data has a 5-second TTL to handle late-arriving events, while older, stable data is cached for up to an hour.
When a partial cache miss occurs, the service dynamically shrinks the query's time interval to fetch only the missing data from Druid before merging results.
The cache operates as a transparent proxy at the Druid Router level, enabling seamless deployment without requiring changes to client applications.

#data #dist #sre

Read original

Cloudflare BlogApr 6, 2026

How we built Organizations to help enterprises manage Cloudflare at scale

Why it matters: Managing large-scale infrastructure across fragmented accounts creates security risks and operational overhead. This update simplifies governance by centralizing identity, policy enforcement, and observability, allowing engineers to maintain the principle of least privilege at scale.

Cloudflare Organizations provides a centralized management layer for enterprises to oversee multiple accounts, users, and configurations.
Introduces the Org Super Administrator role, which grants global permissions across all accounts without requiring individual account memberships.
Enables shared configurations, allowing security teams to centrally manage and deploy WAF and Gateway policies across the entire organization.
Provides a unified analytics dashboard that aggregates HTTP traffic data from all accounts and zones for better visibility.
The backend refactor consolidated authorization checks into a domain-scoped roles system, resulting in a 27% performance improvement for permission enumeration.
Future roadmap items include organization-level audit logs, centralized billing reports, and additional granular user roles.

#security #sre

Read original

Netflix Tech BlogApr 2, 2026

Smarter Live Streaming at Scale: Rolling Out VBR for All Netflix Live Events

Why it matters: Moving to VBR for live streaming balances video quality and bandwidth efficiency but introduces traffic volatility. Engineers must adapt capacity planning and steering logic to account for sudden bitrate spikes, ensuring CDN stability during high-concurrency global events.

Netflix transitioned its Live event encoding from Constant Bitrate (CBR) to Variable Bitrate (VBR) to optimize for scene complexity.
VBR implementation resulted in a 15% reduction in average bandwidth usage and a 10% reduction in peak minute traffic.
User experience improved with a 5% decrease in rebuffers and reduced startup delays due to more efficient data transfer.
The shift introduced capacity planning challenges, as low-bitrate scenes could lead to server over-utilization during sudden complexity spikes.
Netflix updated its traffic-steering logic to reserve server capacity based on nominal bitrates rather than real-time consumption to ensure stability.

#dist #sre

Read original

PlanetScale Tech BlogApr 2, 2026

Patterns for Postgres Traffic Control

Why it matters: This approach moves database resource management from reactive monitoring to proactive enforcement. By tagging queries at the application layer, teams can isolate noisy neighbors, protect critical paths, and limit the blast radius of new features without manual intervention.

Database Traffic Control enables resource budgeting for specific Postgres traffic slices to prevent runaway queries from impacting critical flows.
Implementation relies on the SQLCommenter format, appending URL-encoded key-value pairs as comments to SQL queries.
Go applications can use context-based helpers to propagate tags through the call stack and automatically inject them into database queries.
Isolation patterns include per-service roles, route-level tagging via middleware, and deployment-specific tags for canary releases.
Multi-tenant applications can enforce tier-based resource limits, such as Free vs. Enterprise, directly at the database level.

#data #sre

Read original

Slack EngineeringMar 31, 2026

From Custom to Open: Scalable Network Probing and HTTP/3 Readiness with Prometheus

Why it matters: As HTTP/3 and QUIC become standard, legacy monitoring tools often fail to provide visibility into UDP-based traffic. Open-sourcing these capabilities into Prometheus BBE enables engineers to monitor modern network protocols without relying on fragmented or proprietary solutions.

Slack faced a critical observability gap when rolling out HTTP/3 because existing SaaS and internal tools lacked support for UDP-based QUIC probing.
An engineering intern developed and open-sourced QUIC support for the Prometheus Blackbox Exporter (BBE) using the quic-go library.
The implementation integrated a new HTTP/3 transport into BBE's client while maintaining existing configuration patterns and composability.
The new probing system enables a unified view of HTTP/1.1, HTTP/2, and HTTP/3 metrics within Grafana for easier correlation and debugging.
Open-sourcing the contribution future-proofs Slack's infrastructure and provides the wider Prometheus community with native HTTP/3 monitoring capabilities.
Future roadmap items include Server Name Indication (SNI) routing validation and hop-by-hop end-to-end network path visualization.

#sre #dist

Read original

Cloudflare BlogMar 31, 2026

Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers

Why it matters: Engineers can now extend Cloudflare's DDoS protection with custom eBPF logic. This is crucial for proprietary UDP-based applications like gaming or VoIP, where generic rate limiting causes collateral damage. It provides granular, stateful control over traffic filtering at the network edge.

Cloudflare launched Programmable Flow Protection, allowing Magic Transit customers to deploy custom DDoS mitigation logic via eBPF.
The system addresses the limitations of generic DDoS protection for proprietary or custom UDP protocols used in gaming, VoIP, and streaming.
Customers can write eBPF programs to define precise 'good' versus 'bad' packet logic, which Cloudflare executes across its global edge network.
To ensure security and flexibility, these programs run in a userspace environment rather than the Linux kernel, using a specialized API for stateful mitigation.
The platform includes helper functions for storing client state, performing cryptographic validation, and issuing challenge packets to mitigate attacks without impacting legitimate users.

#security #dist #sre

Read original

PlanetScale Tech BlogMar 31, 2026

Graceful degradation in Postgres

Why it matters: Resource exhaustion often leads to total outages. Implementing graceful degradation at the database level ensures core services remain functional during traffic spikes, preventing a complete system failure by shedding non-critical load dynamically.

PlanetScale's Traffic Control introduces resource budgets to protect high-priority database queries during load spikes.
Engineers can categorize traffic into tiers like Critical, Important, and Best-effort to define degradation strategies.
The sqlcommenter standard enables tagging SQL statements with metadata for granular traffic identification.
Budgets support limits on server share, concurrency, and query duration to prevent resource starvation.
A warn mode allows for safe testing and tuning of limits against real-world traffic patterns before enforcement.
Dynamic budget adjustments enable live load shedding of non-essential features during viral events or DDoS attacks.

#data #sre

Read original

Page 4 of 23

Prev 1 2 3 4 5 6...23 Next