2 min read

Google Cloud VMware outage breaks stretched clusters

A bad Google Cloud config cut GCVE stretched cluster resilience, as VMware separately patches a critical Avi Load Balancer flaw.

Image: The Register

Stretched clusters stall on Google Cloud

Google Cloud VMware Engine (GCVE) customers lost one of the platform’s key resilience features this week after a bad configuration update broke stretched clusters in several regions.

A Google Cloud incident report time-stamped 13:24 PDT on July 14 (21:24 UTC) said some customers were “experiencing zonal outages impacting network connectivity across multiple regions”, with issues starting at 10:00 PDT.

Google initially blamed “an underlying network connectivity issue affecting the infrastructure that links the zones within a stretch cluster”, warning that “This disruption is causing synchronization issues between the affected zones.”

Recommended reading

Mira Murati’s lab unveils Inkling, a 975B open model

Resilience feature taken out by the control plane

Storage and compute were not directly affected and VMs continued running, but customers could not reach their virtual servers.

That undercuts the whole idea of stretched clusters, which are meant to:

  • Pool resources across two physical sites
  • Keep both sides in sync for rapid failover without downtime

A later update pointed to “underlying inter-zone communication failures and Border Gateway Protocol (BGP) session flapping between cluster zones”, adding:

“Specifically, network connectivity has been lost between the affected zones and the witness appliance. Because the witness appliance is currently unreachable, the cluster zones are unable to safely synchronize state.”

At 16:05 PDT, Google acknowledged the real cause:

“Our investigation has identified a recent configuration update that is the likely cause of the inter-zone network disruption. Teams are working on remediation.”

Google has not provided a fix time. Impacted regions are australia-southeast1, australia-southeast2, europe-west3, and northamerica-northeast2, where customers are currently paying for stretched-cluster resilience they can’t reliably use.

VMware Avi Load Balancer hit by critical bug

While GCVE users wait for Google to restore resilience, VMware customers have another problem to think about.

The Broadcom-owned business unit disclosed seven vulnerabilities in VMware Avi Load Balancer on Tuesday. One of them, CVE-2026-47865, is an authentication bypass with a CVSS score of 9.8.

Despite the name, the product is more than a simple load balancer — it is a full Application Delivery Controller with load balancing and a Web Application Firewall.

VMware has offered limited detail on the critical bug, warning only that:

“A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism.”

The tool integrates with VMware Cloud Foundation, Kubernetes Service, and can connect resources across public clouds, making any unauthorized control-plane access especially problematic.

The five remaining CVEs are also rated high, with CVSS scores from 8.8 down to 7.1. Broadcom has shipped fixes in recent product updates, leaving admins to deploy patches while cloud resilience and control planes are having a rough week.

Ava Chen

AI Editor

Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.

via The Register

// Keep reading