<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Concentration-Risk on Azarudeen.com</title><link>http://azarudeen.com/tags/concentration-risk/</link><description>Recent content in Concentration-Risk on Azarudeen.com</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Tue, 01 Jul 2025 10:00:00 +0530</lastBuildDate><atom:link href="http://azarudeen.com/tags/concentration-risk/index.xml" rel="self" type="application/rss+xml"/><item><title>Agents On Call: DNS Races, Feature Files, and the AI-Assisted Postmortem</title><link>http://azarudeen.com/posts/11-jul-2025-to-present-agents-on-call/</link><pubDate>Tue, 01 Jul 2025 10:00:00 +0530</pubDate><guid>http://azarudeen.com/posts/11-jul-2025-to-present-agents-on-call/</guid><description>&lt;h1 id="agents-on-call-jul-2025--jul-2026"&gt;Agents On Call (Jul 2025 – Jul 2026)&lt;/h1&gt;
&lt;p&gt;This window opened with a brutal autumn: within a month, AWS, Azure, and
Cloudflare each suffered a headline global outage, making &amp;ldquo;the internet is three
companies in a trench coat&amp;rdquo; a mainstream news take. Meanwhile the biggest
&lt;em&gt;practice&lt;/em&gt; shift since the SRE book has been underway — AI agents moving from
summarizing incidents to responding to them.&lt;/p&gt;
&lt;h2 id="the-incidents-defining-the-period-so-far"&gt;The incidents defining the period (so far)&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;AWS us-east-1, October 20, 2025&lt;/strong&gt; — A &lt;strong&gt;latent race condition in DynamoDB&amp;rsquo;s
automated DNS management&lt;/strong&gt; produced an empty DNS record for the regional
endpoint; the automation couldn&amp;rsquo;t self-repair, and failures cascaded through
the many AWS services (and thousands of customer apps) that depend on DynamoDB
in us-east-1. Roughly 14–15 hours of disruption; Snapchat alone drew ~3 million
outage reports. The most consequential us-east-1 event since December 2021 —
and an &amp;ldquo;automation deadlock&amp;rdquo; case study: the fix required humans to disable
the automation that was supposed to prevent exactly this.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Azure Front Door, October 29, 2025&lt;/strong&gt; — An inadvertent configuration change
broke Microsoft&amp;rsquo;s global edge/CDN layer for ~8 hours, taking down the Azure
portal, M365 entry points, and customer sites — days before earnings, a week
after AWS&amp;rsquo;s turn. A separate &lt;strong&gt;East US2 networking config outage lasting
roughly 50 hours&lt;/strong&gt; underlined that regional incidents can now outlast news
cycles.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cloudflare, November 18, 2025&lt;/strong&gt; — A database permissions change caused the
Bot Management &lt;strong&gt;feature file to double in size&lt;/strong&gt;, exceeding a hard-coded
limit in the core proxy; processes crash-looped globally. X, ChatGPT, and
Canva threw 5xx errors for hours. Cloudflare&amp;rsquo;s same-week postmortem
(&lt;a href="https://blog.cloudflare.com/18-november-2025-outage/"&gt;blog.cloudflare.com&lt;/a&gt;)
echoed their 2019 regex writeup: an internally-generated &amp;ldquo;content&amp;rdquo; artifact,
globally propagated, hitting an untested limit.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cloudflare, December 5, 2025 and February 20, 2026&lt;/strong&gt; — A ~25-minute traffic
outage, then a BGP withdrawal affecting Bring-Your-Own-IP customers — smaller
events, but notable for the now-routine speed and detail of disclosure.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;em&gt;(This is a living post, updated through July 2026.)&lt;/em&gt;&lt;/p&gt;</description></item><item><title>The us-east-1 Problem: Control Planes, Quotas, and a 49-Second CDN Outage</title><link>http://azarudeen.com/posts/07-jul-2020-to-sep-2021-the-us-east-1-problem/</link><pubDate>Wed, 01 Jul 2020 10:00:00 +0530</pubDate><guid>http://azarudeen.com/posts/07-jul-2020-to-sep-2021-the-us-east-1-problem/</guid><description>&lt;h1 id="the-us-east-1-problem-jul-2020--sep-2021"&gt;The us-east-1 Problem (Jul 2020 – Sep 2021)&lt;/h1&gt;
&lt;p&gt;The incidents of this window share a shape: a small, deep dependency — a thread
limit, a quota system, one customer&amp;rsquo;s config — radiating outward until half the
internet notices. Postmortem readers learned to ask a new first question: &lt;em&gt;what
does everything else depend on?&lt;/em&gt;&lt;/p&gt;
&lt;h2 id="the-incidents-that-defined-the-period"&gt;The incidents that defined the period&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;AWS Kinesis / us-east-1, November 25, 2020&lt;/strong&gt; — Adding capacity to Kinesis&amp;rsquo;s
front-end fleet pushed servers past an &lt;strong&gt;OS thread limit&lt;/strong&gt;; the fleet needed a
slow full restart, and dependent services (Cognito, CloudWatch — and vendors'
status pages) failed with it
(&lt;a href="https://aws.amazon.com/message/11201/"&gt;aws.amazon.com/message/11201&lt;/a&gt;).
The postmortem taught thousands of engineers what a cell-based architecture is
— by describing its absence.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Google, December 14, 2020&lt;/strong&gt; — The identity/quota system took down Gmail,
YouTube, and Google Cloud auth for ~47 minutes: an automated quota migration
reported usage as zero and rationed the auth service to death. Safety systems
that can&amp;rsquo;t distinguish &amp;ldquo;no usage&amp;rdquo; from &amp;ldquo;no data&amp;rdquo; became a postmortem archetype.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Slack, January 4, 2021&lt;/strong&gt; — First workday of the year; provisioning couldn&amp;rsquo;t
scale up in AWS fast enough, and Slack&amp;rsquo;s own dashboards were degraded during
the response (&lt;a href="https://slack.engineering/slacks-outage-on-january-4th-2021/"&gt;slack.engineering&lt;/a&gt;).&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;OVHcloud fire, March 2021&lt;/strong&gt; — A Strasbourg datacenter burned; some customers
learned their &amp;ldquo;backups&amp;rdquo; lived in the building that was on fire. Physical DR
returned to the conversation.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Fastly, June 8, 2021&lt;/strong&gt; — A dormant bug shipped in May was triggered by &lt;strong&gt;one
customer&amp;rsquo;s valid configuration change&lt;/strong&gt;, dropping ~85% of Fastly&amp;rsquo;s network.
Global outage in seconds; identified in minutes; largely restored in under an
hour (&lt;a href="https://www.fastly.com/blog/summary-of-june-8-outage"&gt;fastly.com&lt;/a&gt;).
Reuters, gov.uk, and Amazon went dark together — 49 minutes that made
&amp;ldquo;CDN concentration&amp;rdquo; a mainstream news topic.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Akamai Edge DNS, July 2021&lt;/strong&gt; — A bug triggered by a configuration update took
down banks and airlines for about an hour. Same lesson, different CDN.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="what-the-postmortems-reveal"&gt;What the postmortems reveal&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;1. Control plane vs data plane became the sharpest lens.&lt;/strong&gt; Google&amp;rsquo;s quota
system, AWS&amp;rsquo;s front-end metadata fleet, Fastly&amp;rsquo;s config distribution — in each
case the &lt;em&gt;management&lt;/em&gt; machinery failed while the underlying capacity was fine.
&amp;ldquo;Static stability&amp;rdquo; (the data plane keeps working when the control plane is
down) became the design goal to cite.&lt;/p&gt;</description></item></channel></rss>