July 22 Update: if you are looking for news of today's Akamai outage, go here
Akamai's Prolexic service backfired yesterday. Instead of protecting against online attacks, it took down several major customers in Australia and New Zealand, including banks, airlines, and the postal service.
Prolexic runs on the Akamai content delivery network (CDN) and is intended to protect against distributed denial of service (DDoS) attacks. Yesterday's outage was due to a misconfiguration, not caused by any sort of cyberattack, and affected some 500 customers, some for more than four hours. Those hit included the Commonwealth Bank, ASB, ANZ, Westpac, St George, ME Bank, and Macquarie Bank. The incident also caused disruption at Virgin Australia and the US airlines Southwest and American Airlines, as well as Australia Post.
It's all gone Prolexic
"The issue was not caused by a system update or a cyberattack," said Akamai's post mortem. "A routing table value used by this particular service was inadvertently exceeded. The effect was an unanticipated disruption of service."
The fault began in a Prolexic DDoS services at 4:20am UTC - as this was 2.20pm AEST local time, many people were unable to access bank accounts and other services. The outage only affected companies using version 3.0 of the Routed service. Akamai says it quickly alerted all of the 500 customers involved.
Some customers were rerouted automatically. Others had to wait and manually reroute after Akamai restored service at 8.47am UTC (6.47pm AEST local time).
"We recognize the impact of this issue, and we extend our apologies to our customers and any of their end users who were affected," says Akamai, promising to make sure it doesn't happen again. The company also says it is working to make sure all its customers have automatic rerouting set up so they can get back online quicker if it does happen again.
The outage comes at an embarrassing time, only a week after an outage at rival CDN Fastly caused sites to fail across the global Internet, and a smaller outage to Cloudflare impacted services including Discord and Shopify. Content delivery networks (CDNs) such as Akamai, Fastly and Cloudflare exist to help services connect to end users faster and more reliably, and have expanded from caching content to preventing DDoS attacks.
Akamai chose this week to announce improvements to its Edge computing services, to encourage customers to run more of their cord on its distributed hardware.
Akamai bought its way into the DDoS protection sector. In 2014, it bought Prolexic, a security specialist founded in 2003 for $370m.