Alibaba Cloud Cloud Operations Troubleshooting Guide

Alibaba Cloud / 2026-06-30 13:32:56

Introduction

Cloud operations troubleshooting sounds simple on paper: watch alerts, find the root cause, fix the issue, and prevent recurrence. In practice, cloud incidents are messy. Signals arrive late or conflict with each other. Metrics look normal while users complain. The infrastructure changes while you investigate. Teams move fast, but every minute you spend guessing costs more than doing the right checks in the right order.

This guide is written for operators and engineers who need a practical, repeatable way to troubleshoot problems on Alibaba Cloud. It focuses on the operations workflow rather than a single product feature, because real incidents cross service boundaries—compute, network, storage, security, monitoring, and application code.

You can use it as a checklist for common scenarios, or as a framework to design your own runbooks. The goal is to help you: (1) triage quickly, (2) narrow the scope systematically, (3) verify assumptions with evidence, (4) apply targeted fixes, and (5) close the loop with monitoring and lessons learned.

1. Build the Troubleshooting Mindset

Good troubleshooting isn’t about being the fastest person in the room. It’s about being the most disciplined. Before you touch any system, align on what “done” means, what changed, and what evidence exists.

1.1 Define the incident and success criteria

Start with a short incident statement:

  • What is the symptom? (e.g., 5xx errors, slow page loads, job failures, increased latency)
  • Who is affected? (regions, tenants, endpoints, internal vs external users)
  • When did it start? (time window with timezone)
  • What is the impact level? (business criticality, data risk, compliance risk)

Then define success criteria. For example: “Service latency returns to baseline for 15 minutes” or “Error rate falls below 0.1% and remains stable after rollback.” Without success criteria, “fixing” can mean anything.

1.2 Freeze the facts, then move

In cloud environments, people often restart services first and ask questions later. That’s understandable under pressure, but it can destroy the very evidence you need. Whenever possible:

  • Capture key metrics and logs at the incident start time
  • Record recent changes (deployments, configuration updates, scaling events, network rules)
  • Avoid repeated experiments that overwrite data (e.g., clearing logs, deleting traces)

If you must act quickly, still document what you changed and why. Your future self will thank you.

1.3 Use a hypothesis-driven approach

Instead of “check everything,” form a small number of hypotheses and test them. For example, if users see timeouts:

  • Hypothesis A: network path is broken (routing, security groups, NACL)
  • Hypothesis B: compute is overloaded (CPU saturation, thread pools, autoscaling lag)
  • Hypothesis C: dependencies are failing (database, cache, DNS)
  • Hypothesis D: application regression (release bug, config mismatch)

Your next steps should either confirm or rule out these hypotheses with evidence.

Alibaba Cloud 2. Practical Triage: From Alert to Root Cause

Most incidents follow a predictable path: alerts trigger, a gap appears between system behavior and user expectations, and you need to translate noisy signals into a clear picture.

2.1 Prioritize alerts by impact, not by severity

Severity labels can be misleading. A “warning” might correspond to an imminent outage, while a “critical” alert might be noisy but not user-impacting. Prioritize in this order:

  • User-facing availability and latency
  • Data integrity and correctness (especially write paths)
  • Security and access anomalies
  • Resource saturation that will soon cascade (disk full, connection pool exhaustion)
  • Background jobs and non-critical workloads

2.2 Correlate monitoring with logs and traces

Monitoring tells you what changed; logs and traces tell you why. Try to connect three layers:

  • Metrics: CPU, memory, disk, network, request rate, error rate, latency percentiles
  • Logs: application exceptions, timeouts, dependency failures, auth errors
  • Infrastructure events: scaling activity, instance status changes, load balancer health

A common failure mode is chasing metrics alone. For example, you might see latency increase, then restart instances, but the real cause could be a database lock or an application thread deadlock.

2.3 Identify the scope: blast radius first

Before deep diving, answer: is it a single instance, a cluster, a region, or an entire service?

  • Single instance: likely node issue, local disk problem, misconfiguration
  • Small subset: load balancer health checks, zone-specific capacity, targeted rule changes
  • Whole cluster/region: dependency outage, network policy change, auth system problem
  • All services: platform or control-plane issue, credential expiry, shared library regression

This step often eliminates half the search space.

3. Incident Response Workflow You Can Reuse

When you need speed and correctness, a repeatable workflow matters. Here is a practical runbook-style sequence.

3.1 Step 1: Triage and stabilize

Stabilization aims to stop the bleeding while preserving evidence.

  • Confirm the problem with at least two signals (e.g., user reports + error rate)
  • Alibaba Cloud Check if there are ongoing deployments or config changes
  • Temporarily reduce load if safe (rate limiting, circuit breakers) to buy time
  • Decide whether to roll back or scale out, based on whether the issue looks systemic

3.2 Step 2: Narrow down layer by layer

Use the “layer cake” approach:

  • Client/edge: CDN/WAF, TLS, request routing
  • Alibaba Cloud Network: security groups, NACL, route tables, load balancer health
  • Compute: instance health, CPU/memory saturation, OS-level errors
  • Runtime/application: process logs, thread pools, retry logic
  • Dependencies: database, cache, message queues, external APIs
  • Data: storage performance, locks, replication lag

At each layer, stop when you find evidence supporting one hypothesis and enough to proceed to the fix.

3.3 Step 3: Validate the fix with metrics and user tests

A fix isn’t complete until you see a measurable improvement. Prefer:

  • Return of latency and error rate to baseline
  • Healthy dependency indicators (e.g., database connections, queue consumption)
  • User-perceived success via synthetic checks or internal canaries

If the symptom partially improves but metrics remain unstable, keep investigating. Partial recovery is often the next incident waiting to happen.

3.4 Step 4: Document and prevent recurrence

After stabilization, write down the incident facts:

  • Timeline: when alerts fired, when you took actions, when metrics recovered
  • Root cause: what actually caused the issue (not just the symptom)
  • Trigger: the change or condition that made it happen
  • Corrective actions: immediate and long-term
  • Preventive actions: alerts, dashboards, runbook improvements, testing

This is where cloud operations becomes mature instead of repetitive.

4. Key Troubleshooting Areas in Alibaba Cloud Operations

Different teams use different parts of the cloud platform. But the operational challenges are similar: network reachability, resource constraints, configuration drift, security controls, and data-plane failures.

Below are common areas and the checks that usually pay off.

4.1 Networking issues: timeouts, connection resets, and routing confusion

When users report “it hangs” or “requests time out,” start with network path correctness.

Checklist:

  • Confirm the load balancer listener and backend health status
  • Alibaba Cloud Check security group rules for the affected ports and source ranges
  • Verify whether NACL or firewall rules changed recently
  • Inspect route tables and ensure subnets are correctly connected
  • Validate DNS resolution for service endpoints

Evidence to collect:

  • Request logs showing connect vs read timeouts
  • Instance-side network errors (e.g., connection refused, handshake failures)
  • Alibaba Cloud Health check failures indicating reachability vs application failure

4.2 Compute resource bottlenecks: CPU, memory, disk, and thread starvation

Compute issues often show up as rising latency, increased error rates, or slow recovery after deploys.

Checklist:

  • Review CPU and load averages at the time of the incident
  • Inspect memory usage and garbage collection pauses (for JVM/managed runtimes)
  • Check disk utilization and inode exhaustion
  • Alibaba Cloud Look for process restarts, OOM kills, or kernel-level errors
  • Validate autoscaling triggers vs actual capacity availability

Important detail: “CPU is low” does not automatically mean compute is fine. Thread pools, connection pools, and external dependency waits can create user-facing slowness while CPU remains below saturation.

4.3 Database and storage performance: locks, replication lag, and IO saturation

Many “application problems” are actually database or storage problems. Signs include:

  • Request latency increases with database connection time
  • Alibaba Cloud Timeouts during queries or transactions
  • Alibaba Cloud Queue backlogs for services that depend on writes/reads
  • Alibaba Cloud Errors indicating connection limits or deadlocks

Checklist:

  • Check database CPU, memory, and IO performance
  • Look for slow queries and their time range
  • Inspect lock waits, deadlocks, and transaction durations
  • Verify connection pool settings and max connections
  • For replication scenarios, check replication lag and failover events

When the root cause is database contention, scaling compute might reduce pressure but doesn’t fix the underlying query or lock pattern. Prioritize finding the slow or locking queries.

4.4 Application-level failures: config drift, regressions, and dependency timeouts

Cloud operations often involves many moving parts. A configuration change—like a TTL update, a new timeout value, or a different endpoint—can cascade into widespread failures.

Checklist:

  • Compare current configuration with the last known good version
  • Check application logs for new exception types introduced around the incident start time
  • Inspect dependency timeouts and retry policies
  • Verify circuit breaker behavior to prevent retry storms
  • Look for version skew (some instances on old code, others on new)

A reliable pattern is to correlate spikes in a specific error message with deploy timestamps and configuration update timestamps.

4.5 Security and access issues: authentication failures and authorization mismatches

Security problems can appear as sudden access failures even when compute and network are healthy. Common symptoms:

  • 401/403 errors across many endpoints
  • Service-to-service authentication failures
  • Sudden permission denied errors after policy changes

Checklist:

  • Alibaba Cloud Confirm credential validity and rotation schedule
  • Review security policies and role permissions changes
  • Check token/expiry-related logs and clock skew
  • Verify whether requests are hitting the expected auth endpoints

Also watch for “partial auth” where some endpoints work but others fail. That often points to mismatched routing rules or inconsistent environment variables.

5. Common Incident Patterns and How to Respond

Operators benefit from recognizing patterns. Here are frequent scenarios and what tends to work.

5.1 Error rate spike after a release

Symptoms: 5xx increases, specific endpoints failing, stack traces point to new code.

Fast path:

  • Rollback if the release is recent and the errors correlate strongly with deployment time.
  • Check feature flags; disable risky features before rolling back if rollback is costly.
  • Validate dependency calls introduced in the release (timeouts, endpoints, request formats).

Root cause candidates: regression, wrong config values, incompatible API contract, missing migration.

5.2 Latency increases without major CPU growth

Symptoms: users feel slowness, CPU remains moderate, queues grow, thread pools saturate.

Fast path:

  • Inspect application thread pools and connection pools (maxed pools create “hidden” bottlenecks).
  • Check dependency latency (database, cache, external HTTP services).
  • Look for retry storms or misconfigured timeouts that amplify load.

Root cause candidates: dependency slowness, retry policy mismatch, deadlocks, GC pauses.

5.3 Sudden network timeouts and intermittent failures

Symptoms: requests sometimes work, sometimes hang; health checks flip between healthy and unhealthy.

Fast path:

  • Verify security group and firewall rule changes.
  • Check routing changes and subnet/NAT behaviors.
  • Inspect DNS resolution stability.

Root cause candidates: rule mismatch, partial propagation, DNS issues, load balancer health check thresholds.

5.4 Disk full and cascading failures

Symptoms: applications crash, logs stop rotating, new writes fail.

Fast path:

  • Confirm free space and growth rate immediately.
  • Free space safely (compress logs, rotate, delete temporary files).
  • Change logging configuration to avoid runaway log volume.

Root cause candidates: misconfigured log level, runaway retries writing logs, missing log rotation.

6. Designing Dashboards and Alerts for Better Troubleshooting

Great troubleshooting is not only about skills during incidents. It starts with instrumentation that tells you the truth.

6.1 Build “symptom-to-cause” dashboards

A dashboard should answer, quickly:

  • What changed? (traffic, errors, latency, resource usage)
  • Alibaba Cloud Where is it happening? (service, region, zone, instance group)
  • What layer is failing? (network, compute, app, dependency)
  • Is it improving or worsening?

Group related graphs: request rate next to error rate, latency next to saturation indicators, and dependency metrics next to user metrics.

6.2 Use alerting that matches your operational decisions

Instead of alerting on everything, align alerts with actions you can take:

  • Alert on error rate thresholds that trigger rollback decisions
  • Alert on dependency latency percentiles that trigger load shedding or circuit breakers
  • Alert on disk growth rates that trigger log policy review
  • Alert on autoscaling lag that triggers capacity adjustments

Also ensure alerts include enough context: affected endpoints, region, and the time series link between metrics and logs.

6.3 Set up runbooks and “known good” baselines

Every service should have a baseline:

  • Normal latency percentiles
  • Alibaba Cloud Typical error rate range
  • Expected resource usage during peak
  • Dependency SLAs and normal response times

Runbooks should include “if you see X, check Y” steps. During incidents, people don’t want theories—they want a sequence of checks.

7. Operational Safety: Change Control and Risk Management

Troubleshooting often requires changes. That doesn’t mean you operate recklessly. Cloud environments make it easy to perform actions, but not all actions are reversible.

7.1 Prefer reversible actions first

When stabilizing:

  • Use configuration toggles and feature flags when possible
  • Apply temporary rate limiting or traffic shifting before hard restarts
  • Rollback releases before deleting data or altering critical schemas

Always note what can’t be reversed and treat it as high-risk.

7.2 Avoid thrashing: limit repeated restarts

Restart loops can hide the original cause and damage stability. Before restarting multiple times:

  • Check if the same condition repeats (e.g., OOM, auth failure)
  • Confirm that the restart actually changes something meaningful
  • Set a stop rule: “If still failing after N tries, proceed to deeper investigation.”

7.3 Keep change logs tied to incident timelines

Write down every operational action with timestamp and rationale. This turns your troubleshooting from a chain of guesses into an auditable process.

8. Post-Incident Review: Turn Pain into Process

Alibaba Cloud A strong post-incident review is the difference between surviving incidents and reducing them.

8.1 Identify the real root cause

Root cause should be a cause—not a symptom. A symptom is “5xx errors.” A root cause might be “database connection pool exhausted due to a new query pattern after release.”

Ask:

  • What triggered the incident?
  • What allowed it to escalate?
  • What prevented detection earlier?
  • What could have limited blast radius?

8.2 Add targeted preventive controls

After the review, choose changes that directly address what failed:

  • New alerts for missing signals
  • Dashboards that show the dependency chain
  • Automated rollback triggers
  • Load test coverage for the release path
  • Alibaba Cloud Configuration validation in CI/CD

Keep preventive actions specific and measurable.

9. A Simple End-to-End Checklist

When you’re in the middle of an incident, you need clarity. Here is a compact checklist you can reuse.

  • Confirm: symptom, time window, affected users/endpoints
  • Correlate: metrics + logs + recent changes
  • Scope: single instance vs cluster vs region vs shared service
  • Hypothesize: network / compute / app / dependencies / security
  • Test: validate with evidence, avoid blind restarts
  • Stabilize: apply safe mitigations (rate limiting, rollback, capacity shift)
  • Verify: error rate and latency return to baseline; dependencies healthy
  • Document: timeline, actions, root cause, preventive steps

Conclusion

Cloud operations troubleshooting is less about memorizing every feature and more about mastering a disciplined workflow. When you triage quickly, narrow scope methodically, test hypotheses with evidence, and validate fixes with real metrics, incidents become manageable instead of chaotic.

Use this guide as a baseline to build your own runbooks. The fastest teams aren’t the ones who jump to solutions—they’re the ones who can prove, step by step, what is happening, why it is happening, and how to prevent it from happening again.

TelegramContact Us
CS ID
@cloudcup
TelegramSupport
CS ID
@yanhuacloud