Incident Report: Feb 18-21 DDoS + Cloudflare Outage
This summary is created by Generative AI and may differ from the actual content.
Overview
Railway experienced a series of networking access issues from February 18th to February 21st, 2026, due to a combination of DDoS attacks and reduced network capacity from a fiber cut. The attacks targeted Railway's proxy infrastructure, causing intermittent service disruptions for customers. The incident involved multiple attack waves, shifts in attack patterns, and complications from vendor failures and infrastructure changes.
Impact
Customers experienced intermittent 4xx and 5xx errors, periods of complete unreachability, and issues with SSL certificates and HTTP request terminations. The impact varied by region and attack wave, with some customers affected for extended periods.
Trigger
The incident was triggered by a combination of hostile traffic patterns (DDoS attacks) and reduced network capacity due to a fiber cut on February 16th. The attacks escalated on February 18th and continued through February 21st.
Detection
Railway's internal network monitoring systems detected traffic anomalies and customer reports of impact. The team was paged and responded to each attack wave, adjusting countermeasures as needed.
Resolution
Railway engaged countermeasures, including provisioning additional network infrastructure, rolling out a global WAF with Fastly, and isolating Business Class and Enterprise customers. They also resolved issues related to SSL certificates and HTTP request terminations.
Root Cause
The root cause was a combination of exceptionally high load from DDoS attacks and reduced network capacity due to a fiber cut. The attacks overwhelmed the network capacity, leading to cascading failures and service disruptions.