Amazon's weekend cloud outage highlights EBS problems

The red-headed stepchild of Bezos & Co's cloud just can't keep up


Problems in the Amazon cloud over the weekend crushed apps like Vine, websites like Airbnb, and numerous other services that depend on Bezos & Co's hulking cloud, and the problems were due to a familiar culprit – Elastic Block Store (EBS).

EBS is a network-attached block level storage service for Amazon EC2 instances. Amazon says it is "suited for applications that require a database, file system, or access to raw block level storage," – in other words, everything.

Sunday's failure marked the third significant outage in two years to come about from EBS failures, and brought to mind the characterization of EBS as "a barrel of laughs in terms of performance and reliability" by a former Reddit sysadmin after a major outage in April 2011.

The problems on Sunday were acknowledged by Amazon in a post to the company's status dashboard at 1:22pm Pacific Time, when the company said it was "investigating degraded performance for some volumes in a single [Availability Zone] in the US-EAST-1 Region."

Amazon found that the problem was a network issue that led to elevated EBS-related API error rates in a single region. "The networking device was removed from service and we are performing a forensic investigation to understand how it failed," the company wrote.

Besides the 2011 incident, EBS also went down in December 2012. In the wake of that outage, one EBS-reliant company named Awe.sm wrote that "to maintain high uptime, we have stopped trusting EBS." Awe.sm added that in its experience, input-output rates on EBS volumes were poor, that when it fails it tends to fail across an entire data center cluster, and that if it goes down when connected to an image when running Ubuntu it fails severely.

Given the outage during the weekend just gone, cloud-first businesses might want to start looking at EBS and working out how to design their systems around potential failures in Amazon's data center hubs. ®

Similar topics


Other stories you might like

  • Apple strays from the path of locking down parts with its Series 7 Watch

    Component swaps still a thing... for now

    Apple's seventh-gen Watch has managed to maintain its iFixit repairability rating on a par with the last model – unlike its smartphone sibling.

    The iFixit team found the slightly larger display of the latest Apple Watch a boon for removal via heat and a suction handle. Where the previous generation required a pair of flex folds in its display, the new version turned out to be simpler, with just the one flex.

    Things are also slightly different within the watch itself. Apple's diagnostic port has gone and the battery is larger. That equates to a slight increase in power (1.094Wh from 1.024Wh between 40mm S6 and 41mm S7) which, when paired with the slightly hungrier display, means battery life is pretty much unchanged.

    Continue reading
  • Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls

    Only for one-to-one voice and video, mind

    Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.

    It has been a while coming. The company made the promise of E2EE for some one-to-one Teams calls at its virtual Ignite shindig in March this year (https://www.theregister.com/2021/03/03/microsoft_ups_security/) and as 2021 nears its end appears to have delivered, in preview form at least.

    The company's rival in the conference calling space, Zoom, added E2EE for all a year ago, making Microsoft rather late to the privacy party. COO at Matrix-based communications and collaboration app Element, Amandine Le Pape, told The Register that the preview, although welcome, was "long overdue."

    Continue reading
  • Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

    Researcher spots RSA tell-tale lurking in plain sight on VirusTotal

    Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository.

    The discovery could make blue teams' lives easier by giving them a clue about whether or not Cobalt Strike traffic across their networks is a real threat or an action by an authorised red team carrying out a penetration test.

    Didier Stevens, the researcher with Belgian infosec firm NVISO who discovered that private Cobalt Strike keys are being widely reused by criminals, told The Register: "While fingerprinting Cobalt Strike servers on the internet, we noticed that some public keys appeared often. The fact that there is a reuse of public keys means that there is a reuse of private keys too: a public key and a private key are linked to each other."

    Continue reading

Biting the hand that feeds IT © 1998–2021