Google blames Gfail on 'availability' upgrade
100-minute outage. Won't happen again. Really
Calling Tuesday's one-hour-and-forty-minute Gmail outage a "Big Deal," Google has pinned the breakdown on some recent changes to the request routers that direct queries to the service's web servers.
Ironically, at least some of the changes were meant to improve Gmail's ability to stay online. But Google underestimated the load these changes would place on the routers when it took a relatively small number of servers offline for upgrades.
The company says it will spend the next few weeks correcting the problem, and it continues to boast that despite several conspicuous outages in recent months, Gmail "remains more than 99.9% available to all users."
In a blog post that surfaced on Tuesday night, Google said Tuesday's outage lasted for about 100 minutes. And though it didn't say what percentage of users were affected, it call the breakdown "a Big Deal, and we're treating it as such." Judging from reports from Reg and the Tweetbook set, the outage was worldwide, and Google indicated in an earlier post to its Google Apps Status dashboard that a "majority" of users were affected.
This morning Pacific time, Google took "a small fraction" of its Gmail servers offline for routine upgrades, and this put an unexpected load on its request routers. "We had slightly underestimated the load which some recent changes (ironically, some designed to improve service availability) placed on the request routers — servers which direct web queries to the appropriate Gmail server for response," reads the post form Ben Treynor, the Google vp of engineering who calls himself Site Reliability Czar.
"At about 12:30 pm Pacific a few of the request routers became overloaded and in effect told the rest of the system 'stop sending us traffic, we're too slow!' This transferred the load onto the remaining request routers, causing a few more of them to also become overloaded, and within minutes nearly all of the request routers were overloaded."
This meant that who knows how many people were unable to access Gmail via the web - though the service was still available via POP and IMAP. Boasting that the Gmail engineering team was alerted to the problem within seconds - "we take monitoring very seriously" - the company solved the issue by bringing more request routers online. Service was restored at about 2:10pm Pacific.
Google says it will now increase its request router capacity well beyond peak demand - and make some additional tweaks to its infrastructure. "For example," Treynor says, "we have concluded that request routers don't have sufficient failure isolation (i.e. if there's a problem in one datacenter, it shouldn't affect servers in another datacenter) and do not degrade gracefully (e.g. if many request routers are overloaded simultaneously, they all should just get slower instead of refusing to accept traffic and shifting their load).
"We'll be hard at work over the next few weeks implementing these and other Gmail reliability improvements."
According to Treynor, Google has turned its "full attention to helping ensure this kind of event doesn't happen again." ®