Railway Blocked by Google Cloud (status.railway.com)
262 points by aarondf 3 hours ago
valgaze 16 minutes ago
May 2024 UniSuper incident: https://cloud.google.com/blog/products/infrastructure/detail...
https://www.unisuper.com.au/about-us/media-centre/2024/a-joi...
A joint statement from UniSuper CEO Peter Chun and Google Cloud CEO Thomas Kurian
8 May 2024
UniSuper and Google Cloud understand the disruption to services experienced by members has been extremely frustrating and disappointing. We extend our sincere apologies to all members.
While supporting UniSuper to bring its systems back online, Google Cloud has been conducting a root cause analysis.
Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events, where an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription.
This is described as an isolated, “one-of-a-kind occurrence” that has never before occurred with any Google Cloud client globally. This should not have happened. Google Cloud has identified the sequence of events and taken measures to ensure it does not happen again.
Why did the outage last so long?
UniSuper had duplication across two geographies as protection against outages and data loss. However, the deletion of the Private Cloud subscription triggered deletion across both geographies.
Restoring the Private Cloud required significant coordination and effort between UniSuper and Google Cloud, including recovery of hundreds of virtual machines, databases, and applications.
dangoodmanUT 2 hours ago
It has been 0 days since GCP has taken down a startup (again).
You see this at least once a year. Never heard of this from AWS or Azure.
In all seriousness, this is why we don't use them. They have the most ergonomic cloud of the big three, then absolutely murder it by having this kind of reputation.
Spooky23 6 minutes ago
https://en.wikipedia.org/wiki/Timeline_of_Amazon_Web_Service...
Azure nerfed the front door of all Azure and O365 services last year.
All it these companies are great at what they and occasionally fuck up.
somewhatgoated 2 hours ago
On the other hand i can’t remember when there was a serious outage on GCP, unlike AWS/Azure who seem to go down catastrophically a couple of times per year.
adamtaylor_13 27 minutes ago
Perhaps you don't notice GCP outages because so few companies rely on them?
fragmede 6 minutes ago
abofh an hour ago
I've been in AWS for almost twenty years at this point. It's been a long time since I've seen a global outage of the data plane on anything. The control plane, especially the US-east-1 services? Yes - but if you're off of east-1, your outages are measured in missile strikes, not botched deployments.
andreareina 13 minutes ago
plandis an hour ago
GCP has had outages. From a quick search it looks like they had a global outage less than a year ago:
https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1S...
JoRyGu an hour ago
AWS goes down catastrophically but are back up in minutes/hours most of the time (as long as they aren't down because Iran blew up their data center). That's obviously REALLY bad for certain industries, but I suspect for the vast majority of their customers it's not a big deal. We've been able to isolate the damage almost every time just by having AZ failover in place and avoiding us-east-1 where we can.
pixl97 an hour ago
GCP never goes down because they banned all their customers.
corpoposter an hour ago
IIRC the Paris datacenter flood took down a whole “region” and some data was permanently unrecoverable.
nemothekid 20 minutes ago
>On the other hand i can’t remember when there was a serious outage on GCP
They had a really bad global outage a year ago. At least with AWS outages are contained to a single region.
blobbers 40 minutes ago
Unfortunately, if everyone goes down people are understanding. If just _you_ go down, then its oddly less forgiveable.
manyatoms 25 minutes ago
How is blackhole-ing a customer not considered an outage?
devmor an hour ago
There was a pretty bad one last summer - their IAM system got a bad update and it broke almost all GCP services for an hour or so, since every authenticated API call reaches out to IAM.
It had lasting effects for us for a little over 3 hours.
danesparza 35 minutes ago
You can read the parent post, right?
Izikiel43 30 minutes ago
I still remember the one where they nuked all the storage of I think an Australian insurance company I think, luckily the it department had done a multi cloud setup for backups
overfeed an hour ago
> Never heard of this from AWS or Azure.
AWS does it more efficiently; it takes down many startups at a time when us-east-1 goes down.
yandie a few seconds ago
During my 5 years of my startup, we had only 1 outage due to AWS because we picked us-west-2 as the primary reason. If anyone starting a company and picks us-east-1 as the primary reason, they should be fired. There's absolutely no reason to be in that region.
stingraycharles an hour ago
That’s an entirely different type of problem, and avoidable by just using us-east-2 (I still don’t understand why people default to us-east-1 unless they require some highly specific services).
aloha2436 32 minutes ago
MattGaiser 33 minutes ago
mgfist 23 minutes ago
And we all celebrate it since we can't do any work
rozap an hour ago
Yep, we also don't touch them for this same reason.
abrookewood 2 hours ago
Yep, agree 100%. Such a stupid move on their behalf.
jameson 2 hours ago
What was the reason GCP took down a startup previously?
__s an hour ago
busterarm 36 minutes ago
Hetzner and OVH also do this all the time.
It's AWS and Azure that are the outliers and tend not to care too much what their customers do with their infrastructure. AWS is perfectly fine with allowing me to run copies of 15 year old vulnerable AMIs copied from AMIs they've long since deprecated and removed. Even for removed features like NAT AMIs.
tjpnz 2 hours ago
AWS normally contacts you first.
kevin_nisbet 2 hours ago
Do they?
The only anecdotal thing I've seen is we hired a vendor to do a pentest a few years ago, and they setup some stuff in an AWS account and that account got totally yeeted out of existence by AWS if memory serves.
dannyw an hour ago
alchemism 2 hours ago
mixdup an hour ago
cherioo 2 hours ago
They better do. What is google doing?
Gigachad 2 hours ago
binarycleric 2 hours ago
How the heck do these things happen, especially with companies with huge monthly spend? At my last job we had some suspicious workloads running on AWS and our TAM reached out to us before taking any action. Who wants to bet this was some AI automation gone wrong and because GCP seems to be allergic to actually contacting a human to get a response, this just sits in some support queue that outsourced workers look at after a few hours just to give a canned response?
garciasn 2 hours ago
Nothing surprises me with anything related to support on GCP. While we absolutely do not need them, I have been through no less than 12 different Account Executives over the last 6y and they're all ENTIRELY and COMPLETELY useless.
They all introduce themselves, beg me to setup a meeting w/them and some sort of engineering resource(s), and they come to a meeting with a canned slide deck that is so absurdly unrelated to us that I just laugh, and then the next time I hear from them it's because we have a new AE.
This is my most recent reply (right after Next '26):
> I really appreciate you reaching out; however, we have met with, I dunno at this point, more than a dozen GCP Account reps, execs, technical teams, etc over the years and there's little to no value for us or you, now or in the future. Please do feel free to invest your time on your other clients. We're good; truly.
I love GCP and its services; we have been very pleased with it over the years, but the human side of it? Fucking sucks and I just don't see why they even bother.
OptionOfT 2 hours ago
It's because they're measured on something, unsure which metric, but it's definitely not how helpful they are to you.
YuriNiyazov an hour ago
dylanpyle 39 minutes ago
For what it's worth - I'm not sure what the criteria is (I assume we're "medium sized / not a big upsell opportunity"?) - our GCP rep quickly pushed us to switching to using a GCP reseller. They took over our billing so that we can pay via ACH, and provide both free first-line support/escalation and paid engagements for bigger projects; they don't charge a premium on top, apparently Google pays them for supporting us. Hasn't made much of a difference in how we operate, but at least we have a direct-ish line for issues when they come up.
idontwantthis an hour ago
It doesn’t worry you enough that someday you could have a serious problem and they wouldn’t be able to help you?
garciasn an hour ago
ndneighbor an hour ago
huh- I guess there are two HN submissions with meaningful replies...
I said this in the other thread, we got access to our account back, but even with a Account Rep. and a CSM on our account- it still took them a while to figure out what was going on.
I'm sure it could have been worse if we didn't have a rep on our account.
guluarte 2 hours ago
It's Google. They let you use their services, but the moment you don't fit the norm, they suspend you.
rajeshvar 9 minutes ago
What does blocked mean? Is there a different post that I am missing? There is shared infrastructure in GCP for networking (ex-googler here) and if only railway is affected, then it is not clear if it is only GCP or if there is something from Railway's perspective that needs to be addressed.
BitWiseVibe 2 hours ago
As someone who runs some public APIs, the amount of spam from Railway IPs is insane. They have horrible abuse prevention. Hopefully this encourages them to improve their operations.
nikcub 25 minutes ago
This is the conflict at the center of running a hosting company - make it easy to signup and you get a lot of new users but also a lot of abuse.
Implement anti-abuse measures and you will hit some loud false positives (this may be the case with GCP here).
I don't envy anybody running a hosting co - the internet is a really ugly place under the surface.
edit: to add - AWS are really good here. Must be the ~30 years of retail fraud and abuse experience.
chatmasta an hour ago
I thought Railway was building their own data centers? [0]
> The fact of the matter is, you simply cannot build a cloud on someone else’s cloud.
Indeed…
bearjaws 2 hours ago
I will never leverage GCP in an enterprise setting, it's honestly amazing how hard they fumble the bag. Will be interesting to see when GCP support started working with them, from the updates there was an hour and change from when they identified the issue and GCP support was confirmed.
In the cloud space it seems like AWS does nothing and wins.
UrbanNorminal 2 hours ago
Is google allergic to humans or something? Cannot they just send an email or call the company before taking a wrecking ball to the entire company's infra? Are they stupid?
BarryMilo an hour ago
Surely this is automated. They wouldn't waste precious dollars on employing humans just to keep other humans happy.
brokenodo an hour ago
Well, as a 2 week tenured and very happy Railway customer until now, I am now a Render customer. Somehow DNS cut over within 1 min(!) and live after about 30 minutes of work. Not bad!
DrewADesign an hour ago
In my experience, DNS changes are a lot faster than they used to be. There’s some website that has a map that tries to resolve your domain with a bunch of name servers around the world that was pretty neat to look at last time I migrated something.
nbarbettini a few seconds ago
I became so conditioned to waiting hours(!) for DNS propagation that I'm always pleasantly surprised when it takes <5 min these days.
sammy2255 an hour ago
The 3-2-1 backup rule is pretty outdated in the world of cloud. You could have 3 complete copies of your data in different S3 buckets, but if they're all under the same account you've lost your blast radius protection
rsync an hour ago
If only there were a quick and easy way to replicate s3 buckets to an independent provider…
… on the Unix command line …
… to a cloud older than AWS…
… if only …
oefrha 29 minutes ago
Well having backups help, but I certainly can’t migrate my infra to rsync.net on moments’ notice (or ever since rsync.net does storage and nothing else) so my customers aren’t affected.
funtech 27 minutes ago
Wish I could upvote this comment account more. Too many people look for something new and shiny when trusty ol tools are sitting right there. :)
eclipticplane 30 minutes ago
I don't think that technology exists. Sorry.
codegeek 2 hours ago
This is bad. Even their own website is down at railway.com. Looks like total dependency on google cloud. Surprising for a company of their scale with all this VC money.
choilive 2 hours ago
They run a decent amount of their own compute/bare metal server for customer workloads. But likely still had some critical dependencies on GCP.
padolsey 2 hours ago
Does anyone know how this even happens inside the walls of google? Is it an automated process? How is such a (presumably) high revenue account just magically blocked without human intervention? I'm quite perplexed.
jpollock 2 hours ago
There would have been efforts to contact them, but it would have been via their contact method, aka the email they set it up with.
Common ways this happens? They are using a credit card to run their business with no backup payment method. Then the company's contact person is on vacation.
Sign up for terms. It will get you payment terms!
mbreese an hour ago
Yeah, I'm not sure what to think here. We know Google is not the best at customer service and has automated account suspensions. But, what I'm curious about here is why this happened.
Railway hosts applications for customers. An uneducated guess for some possible reasons: 1) one of those customers hosted something they shouldn't have 2) railway had something spawn that took up too many resources 3) Or their account balance was too high 4) Or something...
But all of this probably culminates in someone needed to read an email that was missed.
Scaling a customer infrastructure setup like Railway is hard. This is one of the non-technical hard parts - how to make sure your account with your primary vendor is safe. But, I'm willing to wait to pass judgement here until more information is available. I'm sure the post-mortem will have lessons. I'd like to know more.
thayne 10 minutes ago
> via their contact method, aka the email they set it up with
If it's anything like AWS, that may be just one of hundreds of emails they send every day, most of which are just noise.
scratchyone 2 hours ago
Honestly still insane to nuke a high-volume client's business after a single payment issue. There would be no reason for Google to believe that a single hiccup like that is evidence that they won't get paid and have to cut account access immediately.
zelon88 37 minutes ago
Wild to me that any tech sector business would want to rent an operating environment to park their entire infrastructure into. This is the equivalent to traveling shoe salesmen setting up a tent in the parking lot of a strip mall.
r_lee 2 hours ago
seriously, is it possible to trust GCP with critical data/services at this point if you're not a billion dollar company?
I'm exaggerating but someone said they got "auto banned"
what if that happens to a small account which hosts some really important data/services there?
xyzzy_plugh 2 hours ago
I've managed several accounts with GCP over the years and I've always maintained a great relationship with our contacts there. Some of these accounts were quite small, on the order of <$20k/mo, and even then we were kept abreast of anything that might be cause for concern. I always maintain a standing biweekly meeting with at least someone on the other side (account exec, technical staff, whatever) and I've yet to be blindsided by anything.
Is Google's communication good? No, not particularly. The only way something like TFA happens is if the relationship is neglected (by one or both parties). I'm not saying Railway did something wrong, but there are usually many flags and opportunities to correct long before drastic actions.
I get the impression that Railway plays fast and loose with a lot of their limits and resources and that Google may not be a fan of that.
Edit: would also like to say that if you put all your resources in one GCP project you are going to have a bad time. If you organize stuff over many projects it is very unlikely that they will ever take account wide action. I've had issues with, for example, a particular tenant's behavior, but it never jeopardized the other tenants.
Avicebron 2 hours ago
> what if that happens to a small account which hosts some really important data/services there?
Pray to @dang that you will make the front page of HN?
throwaway85825 2 hours ago
Even if you are a billion dollar company you still have problems like the Australian pension did. Google is just that bad.
chi_features 2 hours ago
https://blog.railway.com/p/series-b
Agreed. Railway are probably not far off a billion dollar company though!
jrockway an hour ago
I don't think you can ever trust one service with critical data. Some Claude instance deletes your prod database, you have to restore from an offsite backup because it also deleted your local backups. Even at small startups we did pg_dump to AWS from GCP because ... who knows what is going to happen to GCP, and we want to continue to be in business if that happens.
I don't feel safe with any one single point of failure. "Your credit card bounced", "you thought it was dev", "you got hacked", etc. are all the same problem to me and no cloud provider solves those merely by setting up an account.
ttoinou 2 hours ago
Railway isnt far from being a billion dollar company, no ?
tux 2 hours ago
At this point you can’t trust Google anymore, it keeps breaking things. Imagine having Google AI do this thins automatically. Will have apocalypse in in a day.
hnburnsy an hour ago
From their founder on X...
"Absolutely. The Railway network is a mesh ring between AWS, GCP, and Metal
So: - High availability interconnects - High availability path routing between clouds - Database itself is high availability
However, Google's VPC itself is not. So we will add a shard to Metal and AWS"
hnburnsy an hour ago
More here...
jefborges 2 hours ago
Railway is back, but I’m not sure if I can trust keeping my projects there, so I’m going to migrate to another company.
oofbey an hour ago
After reading about how their delete database API also deletes all the backups, I concluded they are not to be trusted.
marknutter 13 minutes ago
It's not back.
usernametaken29 an hour ago
I didn’t knew Railway so with this misleading headline I thought a Google Cloud data centre was being built in the way of a railroad. That’d been a funny story to read..
astafrig an hour ago
How is the title misleading?
orliesaurus 2 hours ago
I wonder if someone has exploited a weird Google-safety automated process to report something on Railway which caused Google to block the whole thing.
gnabgib 3 hours ago
Dupe - join the discussion started an hour ago instead of query string work (12 points, 4 comments) https://news.ycombinator.com/item?id=48200827
aarondf 3 hours ago
I added the qs because it defaulted to a story from 3 months ago.
jujube3 an hour ago
If you buy a cloud-on-a-cloud, you're a clown-on-a-clown.
parineum an hour ago
There's a lot of, what seems to me, unfounded blame being directed at Google for this. Isn't railway the company that just blamed Anthropic for deleting their prod database?
mmmore an hour ago
Nope, Railway was the company who was hosting PocketOS, which is the company that blamed Cursor for deleting their prod database. Railway is only involved insofar as their API allowed an instant delete of the prod database.
oofbey an hour ago
Railway deserves a lot of blame here. Deleting backups along with the database is a lot like not having backups. Moronic design choice.
Genego 15 minutes ago
sidrag22 an hour ago
fairly certain you are remembering the goofy article that was going around where a railway user allowed an agent to delete his db. iirc he questioned the agent after and the agent told him it should have read the file that told him not to do things, so just sounds like he deleted his db and blamed his tools.
redanddead 2 hours ago
one of the many reasons companies are cloud agnostic and dont want to get locked in
fh67 an hour ago
Yeah but until you find that the new cloud provider won't approve your compute quota or doesn't have enough capacity in the region or you hit fraud flags for stagnant account spinning up lots of compute.
ChrisArchitect 2 hours ago
isninkhamiss 2 hours ago
github got way more noise for less
fnord77 26 minutes ago
wish I knew what "railway" is
rvz 2 hours ago
Let me guess… Googler running AI agent in production that blocked this startup’s account.
rekabis 3 hours ago
TL;DR: putting all your eggs into one basket is bad, man.
canpan 2 hours ago
How to handle domains? The rest is easy, but your domain registrar blocking you sounds like a pain. My current solution is to use a local small provider, just for the domain. Then if there is a problem with your play account it is out of any blast radius.
FlamingMoe 2 hours ago
What do you mean by local small provider? A registrar on main street?
truekonrads 2 hours ago
MarkMonitor
Barbing 2 hours ago
binarycleric 2 hours ago
Same applies to all the companies betting the farm on AWS.