Spain and Portugal Power Outages: Real-Time Observations and Service Continuity Through Cato SASE Cloud Platform

Introduction

On Monday, April 28, 2025, widespread power outages affected large parts of Spain and Portugal. The exact root cause is still under investigation. These disruptions impacted regional infrastructure supporting connectivity, cloud services, and on-site operations.

This report provides a technical overview of the network behavior we observed across the Cato SASE Cloud in real time, the monitoring actions we performed, and the system resilience measures in place to maintain service continuity throughout the event.

Real-Time Observations During the Outage

As the incident unfolded we detected an immediate drop in Cato ZTNA user connections originating from the affected areas. Concurrently, total switch traffic volumes and packets per second (PPS) within our Madrid PoP exhibited sharp declines, reflecting the broader loss of end-user connectivity in the region.

Despite these trends, all Points of Presence (PoPs) in Europe, including Madrid, remained fully operational throughout the event. Status confirmation can be found in real-time at Cato Networks Service Status.

Madrid PoP Status

• Madrid PoP continues to serve active sessions from Spain and Portugal.
• We assume that clients using local power mitigation (electric generators, UPS systems) maintain uninterrupted connectivity.
• We kept monitoring for active connections and as shown in Figure 1, there are still active connections through the Madrid PoP during the outage. However, this may change as more users lose access to electricity, preventing them from connecting with their laptops or workstations. Services and servers that remain powered continue to maintain connectivity through our platform, with traffic capable of automatically rerouting to other PoPs if necessary.

Figure 1: Drop in Active ZTNA user connections through Madrid PoP during the outage

• We monitored and checked sites and cloud connectivity as shown in Figure 2 and a small percentage of tunnels and socket connections remain operational. In many cases, we assume that connectivity dropped as sites lost power and backup systems were exhausted. Our distributed monitoring systems — including CPU performance metrics, PoP communication liveness, tunnel stability, network analytics (e.g., packet loss metrics), and socket UI connection statuses — immediately registered changes as the event unfolded and it allowed us to correlate site behavior and network health across affected geographies with high granularity.

Figure 2: Drop in sites and cloud tunnels due to local power loss

Traffic Behavior Analytics During the Event

Following the outage, we observed a measurable decrease in traffic volume from peers connected to the Madrid PoP.

Figure 3 shows the Switch Total Traffic Peers volume and Packets Per Second (PPS) — both metrics show significant reductions, consistent with the drop in active user sessions.

Figure 3: Switch traffic and PPS drop after the outage

• If a PoP becomes unreachable or degraded, we rely on the following mechanisms:
• Automatic failover: Sockets and tunnels migrate to alternative PoPs without manual intervention.
• Dynamic traffic rerouting: Traffic is redirected through available PoPs across the global backbone.
• Site rehoming: Sites reconnect to the next best-performing PoP (e.g., Marseille or Frankfurt) to maintain performance.
• Distributed fault isolation: Localized failures are contained without affecting the wider network.

Proactive Monitoring Systems

We monitored and checked CPU and memory utilization, PoP-to-PoP communication health, tunnel stability, packet loss, anomaly detection, and socket UI connectivity.

This allowed identification of the impact and confirmation of infrastructure stability. Monitoring is ongoing.

Impact on External and Dependent Systems

Organizations operating outside of Spain and Portugal but relying on services located within the region may experience different outcomes based on their resilience strategies:

• If these services remain operational via backup power, our SASE cloud platform ensures continued access via Madrid or fallback PoPs.
• If the services are unreachable, organizations with failover strategies to other regions will benefit from seamless traffic rerouting via alternative PoPs, without manual reconfiguration.

Ongoing Monitoring and Full Visibility

As soon as the regional power issue was detected, our monitoring infrastructure captured network-wide trends in real time. This visibility enabled immediate operational decisions and full situational awareness throughout the event.

We continue to actively monitor our systems, including tracking for any emerging cybersecurity trends, to ensure uninterrupted service globally. Our teams remain fully engaged, analyzing telemetry and adjusting response measures as needed to maintain enterprise connectivity, even during widespread regional disruptions.