TOPICS
Virtualization
As VMware itself warns of critical flaw in its load balancer
Google Cloud has admitted it made a configuration change that means some customers of its VMware Engine (GCVE) can’t use stretched cluster.
A G-Cloud incident report time-stamped 13:24 PDT on July 14 (21:24 UTC) reports some customers “are experiencing zonal outages impacting network connectivity across multiple regions” and that the trouble started at 10:00 PDT.
Google first attributed the problem to “an underlying network connectivity issue affecting the infrastructure that links the zones within a stretch cluster,” and warned “This disruption is causing synchronization issues between the affected zones.”
Storage and compute services weren’t impacted, and VMs kept running. Users just couldn’t reach their virtual servers.
That’s bad because the whole point of stretched clusters is to enhance resilience by creating a virtual pool of resources that spans two physical sites, while keeping the two rigs in synch to enable rapid failover without disruption.
Google’s next update offered “underlying inter-zone communication failures and Border Gateway Protocol (BGP) session flapping between cluster zones” as the reason for the mess, adding “Specifically, network connectivity has been lost between the affected zones and the witness appliance. Because the witness appliance is currently unreachable, the cluster zones are unable to safely synchronize state.”
At 16:05 PDT Google ‘fessed up.
“Our investigation has identified a recent configuration update that is the likely cause of the inter-zone network disruption,” the web giant admitted. “Teams are working on remediation.”
Google hasn’t said when it will set things right, so customers in the impacted regions – australia-southeast1, australia-southeast2, europe-west3, and northamerica-northeast2 – must wait to learn when they’ll once again enjoy the resilience they pay for.
Other VMware customers may not want to wait because the Broadcom business unit on Tuesday warned of seven flaws in its VMware Avi Load Balancer. One of them, CVE-2026-47865, is an authentication bypass vulnerability that earned a CVSS score of 9.8.
The product’s name is a little misleading, as it’s actually a full Application Delivery Controller that includes load balancing and a Web Application Firewall
VMware hasn’t said much about the flaw other than warning “A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism.” The tool works with VMware’s Cloud Foundation bundle, Kubernetes Service, and can connect resources in public clouds. Unauthorized access is therefore distinctly undesirable.
The five remaining CVEs are also significant, with CVSS ratings ranging from 8.8 to 7.1. Broadcom has fixed the flaws in recent updates to the product. ®
As VMware itself warns of critical flaw in its load balancer
Developers worry encrypted MultiAgentV2 messages will make debugging and auditing harder
PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around
Remember when last month’s 206 CVEs seemed eye-watering? Yeah, those were the days
Bringing troubled contracts in-house requires skills Whitehall is already struggling to recruit
Anthropic finds Claude expresses different values across languages
AI and ML
Developers worry encrypted MultiAgentV2 messages will make debugging and auditing harder
AI and ML
Anthropic finds Claude expresses different values across languages
ai and ml
50 MW-plus bit barn builds on hold while Empire State hashes out rules to protect the environment and ratepayers
on-prem
CEO Krishna: Customers blew their Z budgets on servers and storage before prices spike, Q2 financials ‘disappointing’
AI and ML
Token consumption doesn’t tell the whole tale but it shouldn’t be ignored
Security
PLUS: US takes down Iranian propaganda sites; Marketing company asks ‘Why Do We Have Your Information?’ And more!
Security
PLUS: China upgrades smartphone surveillance tools; Ring eases anti-snooping stance; and more
Black Hat and DEF CON
Voting village reports have been so successful, says Jeff Moss, that the whole of DEF CON will now be included
Security
Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified
Malware Month
On the plus side, infosec’s a good bet for a long, stable career
Flaws in iCagenda, Balbooa Forms extensions can impact open source CMS that powers a million sites worldwide
Joins yserver, Phoenix, and of course XLibre – and outlier Arcan
Next version of Linux Mint’s desktop has both kinds of display server
6.7 is now current, and in 6.8 you’re getting Wayland whether you like it or not
Now with Markdown support and smarter formula error handling – plus integrated AI, though it’s off by default
Retro-computing fun for the nostalgic with first (and last) release to use Motif instead of GTK
Biting the hand that feeds IT
Contact us
Advertise with us
Who we are
Newsletter
The Next Platform
DevClass
Blocks and Files
Situation Publishing
Cookies Policy
Privacy Policy
Ts & Cs
Do not share my personal information
Your Consent Options
Copyright. All rights reserved © 1998-2026.


