Bird
Raised Fist0
Microservicessystem_design~10 mins

Circuit breaker pattern in Microservices - Scalability & System Analysis

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Scalability Analysis - Circuit breaker pattern
Growth Table: Circuit Breaker Pattern Scaling
Users/RequestsSystem BehaviorCircuit Breaker RoleImpact on Services
100 usersLow traffic, few failuresMostly closed, few tripsServices communicate normally
10,000 usersModerate traffic, occasional failuresOccasional open state to prevent cascadingSome retries delayed, improved stability
1 million usersHigh traffic, frequent failures possibleFrequent circuit trips, fallback activatedReduced load on failing services, prevents overload
100 million usersVery high traffic, multiple failures likelyDistributed circuit breakers, complex state managementCritical to isolate failures, maintain system health
First Bottleneck

The first bottleneck is the service dependency that fails or slows down under load. Without circuit breakers, this causes cascading failures across microservices.

As traffic grows, the network calls to failing services increase, causing resource exhaustion (threads, connections) in calling services.

Thus, the calling service's thread pool or connection pool becomes the bottleneck first.

Scaling Solutions
  • Implement circuit breakers to detect failures and stop calls to failing services temporarily.
  • Use fallback methods to provide default responses or degrade gracefully.
  • Configure thread and connection pools to limit resource usage and avoid exhaustion.
  • Distribute circuit breaker state if using multiple instances, to share failure info.
  • Combine with bulkheads to isolate failures to parts of the system.
  • Monitor and tune thresholds for opening/closing circuits based on real traffic patterns.
Back-of-Envelope Cost Analysis
  • Assuming 1 million requests per second (RPS) at peak.
  • Each service instance handles ~2000 concurrent connections.
  • Without circuit breaker, failed calls cause retries, increasing load by 20-50%.
  • Circuit breaker reduces failed call retries, saving CPU and network bandwidth.
  • Memory overhead per circuit breaker instance is small (~MBs), but scales with number of dependencies.
  • Network bandwidth saved by avoiding calls to failing services can be hundreds of MB/s.
Interview Tip

When discussing circuit breaker scalability, start by explaining the problem of cascading failures in microservices.

Describe how circuit breakers detect failures and prevent overload by stopping calls temporarily.

Explain the impact on resource usage and how this improves system stability.

Discuss scaling challenges like distributed state and tuning thresholds.

Finally, mention fallback strategies and monitoring as part of a complete solution.

Self Check

Your database handles 1000 QPS. Traffic grows 10x. What do you do first?

Answer: Implement circuit breakers on services calling the database to prevent overload and cascading failures. Then add caching or read replicas to reduce database load.

Key Result
Circuit breakers prevent cascading failures by stopping calls to failing services, protecting resources and improving stability as traffic grows.

Practice

(1/5)
1. What is the primary purpose of the circuit breaker pattern in microservices?
easy
A. To prevent repeated calls to a failing service and improve system stability
B. To increase the speed of database queries
C. To encrypt communication between services
D. To balance load evenly across servers

Solution

  1. Step 1: Understand the problem circuit breaker solves

    The circuit breaker pattern stops calls to a failing service to avoid cascading failures.

  2. Step 2: Identify the main benefit

    This pattern improves system stability by preventing repeated failures and allowing recovery.

  3. Final Answer:

    To prevent repeated calls to a failing service and improve system stability -> Option A

  4. Quick Check:

    Circuit breaker purpose = prevent repeated failing calls [OK]
Hint: Circuit breaker stops calls to failing services fast [OK]
Common Mistakes:
  • Confusing circuit breaker with load balancing
  • Thinking it speeds up database queries
  • Assuming it encrypts data
2. Which of the following correctly represents the three states of a circuit breaker?
easy
A. START, STOP, PAUSE
B. ACTIVE, INACTIVE, PENDING
C. CLOSED, OPEN, HALF_OPEN
D. ON, OFF, WAIT

Solution

  1. Step 1: Recall circuit breaker states

    The circuit breaker has three states: CLOSED (normal), OPEN (blocking calls), HALF_OPEN (testing recovery).

  2. Step 2: Match states to options

    Only CLOSED, OPEN, HALF_OPEN lists these exact states.

  3. Final Answer:

    CLOSED, OPEN, HALF_OPEN -> Option C

  4. Quick Check:

    States = CLOSED, OPEN, HALF_OPEN [OK]
Hint: Remember states as Closed, Open, Half-Open [OK]
Common Mistakes:
  • Mixing up state names with unrelated terms
  • Using generic terms like ON/OFF
  • Forgetting the HALF_OPEN state
3. Consider this pseudocode for a circuit breaker: 
if state == 'OPEN':
  return 'fail fast'
elif state == 'HALF_OPEN':
  if test_call_successful():
    state = 'CLOSED'
  else:
    state = 'OPEN'
else:
  call_service()
What happens when the circuit breaker is in HALF_OPEN state and the test call fails?
medium
A. The state changes to CLOSED and service calls continue
B. The state remains HALF_OPEN and retries immediately
C. The service call is ignored without state change
D. The state changes back to OPEN and calls are blocked

Solution

  1. Step 1: Analyze HALF_OPEN state logic

    In HALF_OPEN, a test call checks if the service recovered. If it fails, the state changes to OPEN.

  2. Step 2: Understand consequence of failure

    Changing to OPEN blocks further calls to prevent overload.

  3. Final Answer:

    The state changes back to OPEN and calls are blocked -> Option D

  4. Quick Check:

    HALF_OPEN fail -> OPEN state [OK]
Hint: Failed test call in HALF_OPEN resets to OPEN [OK]
Common Mistakes:
  • Assuming state changes to CLOSED on failure
  • Thinking retries happen immediately in HALF_OPEN
  • Ignoring state changes on test failure
4. A developer implemented a circuit breaker but notices it never transitions from OPEN to HALF_OPEN. What is the most likely cause?
medium
A. The timeout to switch from OPEN to HALF_OPEN is missing or too long
B. The service calls are always successful
C. The circuit breaker is stuck in CLOSED state
D. The test call in HALF_OPEN always succeeds

Solution

  1. Step 1: Understand OPEN to HALF_OPEN transition

    The circuit breaker moves from OPEN to HALF_OPEN after a timeout period to test recovery.

  2. Step 2: Identify cause of no transition

    If the timeout is missing or set too long, the breaker stays OPEN indefinitely.

  3. Final Answer:

    The timeout to switch from OPEN to HALF_OPEN is missing or too long -> Option A

  4. Quick Check:

    Missing timeout blocks OPEN -> HALF_OPEN transition [OK]
Hint: Check timeout settings for OPEN to HALF_OPEN switch [OK]
Common Mistakes:
  • Assuming success of service calls affects OPEN state
  • Confusing CLOSED and OPEN states
  • Ignoring timeout mechanism
5. You design a microservice system with a circuit breaker protecting a payment service. The circuit breaker trips (opens) after 5 failures within 1 minute and stays open for 2 minutes before trying again. What is the main tradeoff of setting the open duration too long?
hard
A. Long open duration improves user experience by retrying quickly
B. Long open duration reduces load on failing service but increases request failures for users
C. Long open duration causes the circuit breaker to never open
D. Long open duration increases the number of successful calls

Solution

  1. Step 1: Understand open duration effect

    A long open duration blocks calls longer, reducing load on the failing service.

  2. Step 2: Identify user impact

    While protecting the service, users experience more failures because calls are blocked longer.

  3. Final Answer:

    Long open duration reduces load on failing service but increases request failures for users -> Option B

  4. Quick Check:

    Long open = less load, more user failures [OK]
Hint: Long open = safer service, worse user experience [OK]
Common Mistakes:
  • Thinking long open improves user experience
  • Assuming circuit breaker never opens with long duration
  • Believing long open increases successful calls