A recent update to Google Cloud’s VMware Engine configuration disrupted network connectivity between zones in stretched clusters, causing outages without affecting VM compute or storage. Concurrently, VMware’s Avi Load Balancer was disclosed to have multiple critical security flaws, raising concerns for enterprises relying on it for application delivery and security.
- Configuration change caused inter-zone communication failure affecting stretched clusters
- Core VM compute and storage remained operational; client connectivity was disrupted
- VMware Avi Load Balancer disclosed with multiple serious security flaws
Infrastructure signal
Google Cloud VMware Engine (GCVE) experienced significant resilience issues due to a recent configuration update, which led to network failures between zones in stretched cluster deployments. This caused zonal outages impacting network connectivity across multiple regions including Australia, Europe, and North America. While compute and storage services remained available, customer VMs became unreachable, negating the core benefit of stretched clusters which is maintaining uninterrupted availability through synchronized multi-site failover.
The root cause was traced to interrupted Border Gateway Protocol (BGP) sessions and loss of connectivity with the witness appliance, preventing synchronization between cluster zones. Such disruption reveals the fragility of inter-zone networking dependencies in multi-site VMware clusters on GCP and underscores the need for stringent change management and more resilient interconnect architectures to maintain service availability and user experience.
Developer impact
For developers and operators running workloads on these stretched clusters, the outage means disrupted application connectivity despite underlying compute remaining intact. This complicates troubleshooting since virtual machines continue operating but become unreachable, potentially delaying incident diagnosis and resolution. The reliance on stable inter-zone communication channels imposes new demands on network observability and monitoring tooling to detect and mitigate synchronization impairments early.
The simultaneous disclosure of seven vulnerabilities in VMware Avi Load Balancer, including an authentication bypass and other high-severity flaws, further impacts developer confidence in key infrastructure components. Since Avi integrates with VMware Cloud Foundation and supports Kubernetes and multi-cloud networking, developers and security teams must urgently apply patches and review access controls to mitigate risk of unauthorized control-plane access and compromised application delivery.
What teams should watch
Cloud infrastructure teams managing VMware Engine clusters should prioritize verifying the stability and correctness of inter-zone network configurations and BGP session health after updates. Observability must extend to the witness appliance’s availability, as it plays a critical role in cluster synchronization. Capacity planning should consider the impact of regional failure to reduce risk exposure in key markets including Australia-southeast1, Europe-west3, and Northamerica-northeast2.
Security teams must urgently audit the deployment of VMware Avi Load Balancer instances for exposure to the recently disclosed vulnerabilities (CVE-2026-47865 and others) and coordinate rapid patching schedules. Developer and DevOps teams should integrate these security updates into their deployment pipelines and enhance monitoring for abnormal control-plane access attempts. Close collaboration between network, security, and platform teams will be crucial to restore trust and reinforce resilience in hybrid cloud VMware infrastructure.