Curated topic

sre

Posts tagged with sre

Cloudflare BlogMar 23, 2026

Launching Cloudflare’s Gen 13 servers: trading cache for cores for 2x edge compute performance

Why it matters: This shift demonstrates how software architecture must evolve to match hardware trends. By rewriting core layers in Rust, Cloudflare decoupled performance from cache locality, enabling the use of high-density CPUs to double edge throughput and improve power efficiency.

Cloudflare's Gen 13 servers adopt AMD EPYC 5th Gen (Turin) processors, doubling core counts to 192 per socket.
The new hardware trades per-core L3 cache (2MB vs 12MB in Gen 12) for massive throughput and 32% better power efficiency.
Legacy NGINX/LuaJIT software (FL1) faced 50% latency regressions on the new chips due to increased DRAM fetch cycles.
The transition to FL2, a Rust-based rewrite of the request handling layer, successfully decoupled performance from cache locality.
FL2 allows Gen 13 to achieve 2x edge compute performance gains while maintaining strict latency SLAs.
Engineers utilized AMD Platform Quality of Service (PQOS) to optimize shared resource allocation across Core Complex Dies (CCDs).

#sre #dist #finops

Read original

PlanetScale Tech BlogMar 23, 2026

Introducing Database Traffic Control

Why it matters: Postgres lacks native granular traffic management. This tool prevents database outages caused by runaway queries by allowing real-time resource budgeting and throttling, ensuring stability for critical workloads without requiring immediate code changes.

PlanetScale introduced Database Traffic Control to manage Postgres query traffic and prevent server degradation during spikes.
Engineers can define resource budgets based on query fingerprints, application names, database users, or custom SQL comment tags.
Resource limits can be applied to CPU usage, burst limits, backend process concurrency, and per-query execution timing.
The system supports a 'warn' mode for observation and an 'enforce' mode to actively block queries exceeding defined limits.
Integration with PlanetScale Insights allows for rapid identification of problematic queries and immediate budget application.
Use cases include prioritizing high-value user traffic over background jobs and isolating human traffic from AI agent workloads.

#data #sre

Read original

Airbnb EngineeringMar 17, 2026

From vendors to vanguard: Airbnb’s hard-won lessons in observability ownership

Why it matters: Managing observability at scale requires balancing cost and utility. Airbnb's shift to an in-house, automated platform demonstrates how to regain control over data, standardize metrics across thousands of services, and reduce operational overhead through self-service migration tools.

Airbnb transitioned from vendor-managed observability to an in-house platform built on Prometheus to reduce costs and improve developer workflows.
The migration involved moving 300 million timeseries, 3,100 dashboards, and 300,000 alerts across 1,000 services.
The team shifted from a 'hardest-first' approach to starting with achievable targets to validate the platform and build momentum.
Rather than 1:1 query translation, they migrated the 'intent' of queries to standardize metrics and correct legacy inaccuracies.
A 'One-Click Migration' tool was developed to automate the conversion of dashboards and alerts, significantly reducing manual effort.
A centralized Migration Hub provided service owners with self-service tools and visibility into their migration status.

#sre #finops #dist

Read original

Salesforce EngineeringMar 16, 2026

Building AWS Bedrock Model Availability: Slashing AI Routing Discovery From Days to Minutes

Why it matters: Scaling AI globally requires automated infrastructure to manage model availability. This approach ensures high reliability and compliance with data residency laws while slashing operational overhead, allowing teams to adopt new LLMs rapidly without manual configuration risks.

Salesforce automated Amazon Bedrock model discovery across 30+ AWS accounts to support Agentforce's global expansion.
Regional AWS Lambda functions query AWS APIs to collect real-time endpoint availability, publishing data as CloudWatch metrics.
Discovery time for new model endpoints was reduced from several days of manual effort to just minutes.
Implemented a deterministic baseline fallback mechanism to verified regions to ensure service continuity during outages.
Integrated layered routing controls to balance capacity, latency, and strict data residency requirements across global jurisdictions.

#mlp #sre #dist

Read original

GitHub EngineeringMar 16, 2026

GitHub for Beginners: Getting started with GitHub Actions

Why it matters: GitHub Actions enables engineers to automate development workflows directly within their repositories. Understanding these fundamentals allows teams to implement CI/CD, improve code quality through automated testing, and reduce manual overhead for project management tasks.

GitHub Actions is a built-in CI/CD and automation platform that uses YAML files to automate repetitive tasks and deployment processes.
Workflows are triggered by specific GitHub events such as code pushes, pull requests, or issue creation.
A workflow consists of one or more jobs that execute on a runner, which can be a GitHub-hosted or self-hosted virtual machine.
Each job contains a series of steps, which are either shell commands or prebuilt actions from the GitHub Marketplace.
Workflow files are stored in the .github/workflows directory and require specific permissions to interact with repository resources.

#sre #culture

Read original

Cloudflare BlogMar 13, 2026

From legacy architecture to Cloudflare One

Why it matters: Migrating legacy infrastructure to Zero Trust is notoriously risky. This approach allows engineers to modernize security for old applications without rewriting code, reducing the attack surface via outbound-only tunnels while maintaining session persistence and operational stability.

Adopts a tiered, risk-aware methodology to move applications based on complexity rather than using a risky 'big bang' migration approach.
Utilizes Cloudflare Access to wrap legacy applications in a Zero Trust layer, enabling MFA and SSO without requiring any code changes.
Employs Cloudflare Tunnel to create outbound-only connections, effectively hiding internal services from the public internet by removing public IP addresses.
Conducts pre-migration audits to map backend dependencies and identity providers, ensuring service continuity during the transition.
Leverages Dynamic Path MTU Discovery (PMTUD) to maintain persistent sessions at the edge even when client IP addresses change.

#security #sre

Read original

Cloudflare BlogMar 13, 2026

From legacy architecture to Cloudflare One

Why it matters: Moving from legacy VPNs to Zero Trust is high-risk. This methodology de-risks the process by treating migration as application modernization, allowing engineers to secure legacy systems with MFA and identity-based access without downtime or code changes.

Cloudflare and CDW advocate for a tiered, risk-aware migration strategy to Zero Trust rather than high-risk 'big bang' VPN replacements.
Legacy applications are modernized by 'wrapping' them in Cloudflare Access, adding MFA and SSO capabilities without requiring code rewrites.
Cloudflare Tunnel establishes outbound-only connections, effectively hiding internal applications from the public internet and preventing lateral movement.
Comprehensive pre-migration audits map backend dependencies and identity providers to ensure service continuity during the transition.
Dynamic Path MTU Discovery (PMTUD) is utilized to maintain persistent sessions for legacy architectures even as client IP addresses change.

#security #sre

Read original

PlanetScale Tech BlogMar 13, 2026

Scaling Postgres connections with PgBouncer

Why it matters: Postgres's process-per-connection model limits scalability for modern apps needing thousands of concurrent connections. PgBouncer is the industry-standard solution to prevent resource exhaustion and context-switching overhead, ensuring database stability under high load.

PgBouncer addresses the resource overhead of Postgres's process-per-connection architecture by multiplexing many client connections onto a smaller pool of server connections.
Transaction pooling is the recommended mode for most applications, as it releases server connections back to the pool immediately after a COMMIT or ROLLBACK.
The configuration hierarchy includes max_client_conn for incoming traffic and default_pool_size for outgoing connections to the database.
Total potential connections to Postgres are calculated as the number of pools multiplied by the pool size, which must remain below Postgres's max_connections.
PlanetScale offers local, dedicated primary, and dedicated replica PgBouncer configurations to optimize for high availability and read-heavy workloads.
Using PgBouncer allows for thousands of simultaneous client connections while keeping the database's forked process count low and manageable.

#data #sre

Read original

GitHub EngineeringMar 12, 2026

GitHub availability report: February 2026

Why it matters: This report highlights how complex dependencies—like telemetry, caching, and security policies—can trigger cascading failures. It provides valuable lessons on the importance of robust monitoring, automated rollbacks, and the need for resilient proxy layers in large-scale distributed systems.

GitHub experienced six major incidents in February 2026, impacting Actions, Codespaces, Dependabot, and Git operations.
A significant outage was caused by telemetry loss that triggered incorrect security policies, blocking access to critical VM metadata.
Cache write amplification and simultaneous rewrites led to cascading failures and connection exhaustion in the Git HTTPS proxy.
Database failovers to read-only instances and authorization claim changes in networking dependencies caused service degradations.
Incorrect network configurations in the LFS service resulted in repository archive download errors for objects using Git LFS.
GitHub is implementing improved monitoring, automated rollbacks, and self-throttling mechanisms to increase system resilience.

#sre #dist #security

Read original

GitHub EngineeringMar 11, 2026

Addressing GitHub’s recent availability issues

Why it matters: This post highlights how rapid scaling and architectural coupling can turn localized issues into platform-wide outages. It provides lessons on managing cache TTLs, the risks of latent configuration errors in failover systems, and the necessity of robust load-shedding mechanisms.

Rapid usage growth and architectural coupling caused localized issues to cascade across GitHub's critical services.
A 10x increase in API traffic from client apps combined with a cache TTL reduction overwhelmed core authentication database clusters.
A telemetry gap triggered security policies that blocked VM metadata access, leading to a global GitHub Actions outage.
Latent configuration issues in Redis failover mechanisms left clusters without writable primaries, requiring manual mitigation.
GitHub is redesigning its user cache system and segmenting database clusters to accommodate significantly higher traffic volumes.
Engineering teams are prioritizing the isolation of critical dependencies to prevent shared infrastructure failures from impacting Git and Actions.

#sre #dist

Read original

Page 6 of 23

Prev 1...4 5 6 7 8...23 Next