Bird
Raised Fist0
Microservicessystem_design~12 mins

Circuit breaker pattern in Microservices - Architecture Diagram

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
System Overview - Circuit breaker pattern

The circuit breaker pattern helps microservices handle failures gracefully. It prevents a service from repeatedly calling a failing service, avoiding cascading failures and improving system stability.

Key requirements include detecting failures, stopping calls temporarily, and retrying after a cooldown period.

Architecture Diagram
User
  |
  v
Load Balancer
  |
  v
API Gateway
  |
  v
Circuit Breaker
  |
  v
Service B
  |
  v
Database

Cache (optional) connected to Service B
Components
User
client
Initiates requests to the system
Load Balancer
load_balancer
Distributes incoming requests evenly to API Gateway instances
API Gateway
api_gateway
Entry point for client requests, routes to services
Circuit Breaker
circuit_breaker
Monitors service calls, stops calls to failing services temporarily
Service B
service
Handles business logic and data retrieval
Database
database
Stores persistent data for Service B
Cache
cache
Stores frequently accessed data to reduce database load
Request Flow - 12 Hops
UserLoad Balancer
Load BalancerAPI Gateway
API GatewayCircuit Breaker
Circuit BreakerService B
Service BCache
CacheService B
Service BDatabase
DatabaseService B
Service BCircuit Breaker
Circuit BreakerAPI Gateway
API GatewayLoad Balancer
Load BalancerUser
Failure Scenario
Component Fails:Service B
Impact:Circuit breaker detects repeated failures and opens circuit, stopping calls to Service B. Users receive fallback or error responses quickly.
Mitigation:Circuit breaker opens to prevent overload, retries after cooldown. Cache can serve stale data if available. Alerts notify engineers to fix Service B.
Architecture Quiz - 3 Questions
Test your understanding
What component decides to stop calls to a failing service?
AAPI Gateway
BLoad Balancer
CCircuit Breaker
DCache
Design Principle
The circuit breaker pattern protects the system from cascading failures by stopping calls to unhealthy services. It improves resilience by quickly failing fast and allowing fallback strategies like caching or retries after cooldown.

Practice

(1/5)
1. What is the primary purpose of the circuit breaker pattern in microservices?
easy
A. To prevent repeated calls to a failing service and improve system stability
B. To increase the speed of database queries
C. To encrypt communication between services
D. To balance load evenly across servers

Solution

  1. Step 1: Understand the problem circuit breaker solves

    The circuit breaker pattern stops calls to a failing service to avoid cascading failures.

  2. Step 2: Identify the main benefit

    This pattern improves system stability by preventing repeated failures and allowing recovery.

  3. Final Answer:

    To prevent repeated calls to a failing service and improve system stability -> Option A

  4. Quick Check:

    Circuit breaker purpose = prevent repeated failing calls [OK]
Hint: Circuit breaker stops calls to failing services fast [OK]
Common Mistakes:
  • Confusing circuit breaker with load balancing
  • Thinking it speeds up database queries
  • Assuming it encrypts data
2. Which of the following correctly represents the three states of a circuit breaker?
easy
A. START, STOP, PAUSE
B. ACTIVE, INACTIVE, PENDING
C. CLOSED, OPEN, HALF_OPEN
D. ON, OFF, WAIT

Solution

  1. Step 1: Recall circuit breaker states

    The circuit breaker has three states: CLOSED (normal), OPEN (blocking calls), HALF_OPEN (testing recovery).

  2. Step 2: Match states to options

    Only CLOSED, OPEN, HALF_OPEN lists these exact states.

  3. Final Answer:

    CLOSED, OPEN, HALF_OPEN -> Option C

  4. Quick Check:

    States = CLOSED, OPEN, HALF_OPEN [OK]
Hint: Remember states as Closed, Open, Half-Open [OK]
Common Mistakes:
  • Mixing up state names with unrelated terms
  • Using generic terms like ON/OFF
  • Forgetting the HALF_OPEN state
3. Consider this pseudocode for a circuit breaker: 
if state == 'OPEN':
  return 'fail fast'
elif state == 'HALF_OPEN':
  if test_call_successful():
    state = 'CLOSED'
  else:
    state = 'OPEN'
else:
  call_service()
What happens when the circuit breaker is in HALF_OPEN state and the test call fails?
medium
A. The state changes to CLOSED and service calls continue
B. The state remains HALF_OPEN and retries immediately
C. The service call is ignored without state change
D. The state changes back to OPEN and calls are blocked

Solution

  1. Step 1: Analyze HALF_OPEN state logic

    In HALF_OPEN, a test call checks if the service recovered. If it fails, the state changes to OPEN.

  2. Step 2: Understand consequence of failure

    Changing to OPEN blocks further calls to prevent overload.

  3. Final Answer:

    The state changes back to OPEN and calls are blocked -> Option D

  4. Quick Check:

    HALF_OPEN fail -> OPEN state [OK]
Hint: Failed test call in HALF_OPEN resets to OPEN [OK]
Common Mistakes:
  • Assuming state changes to CLOSED on failure
  • Thinking retries happen immediately in HALF_OPEN
  • Ignoring state changes on test failure
4. A developer implemented a circuit breaker but notices it never transitions from OPEN to HALF_OPEN. What is the most likely cause?
medium
A. The timeout to switch from OPEN to HALF_OPEN is missing or too long
B. The service calls are always successful
C. The circuit breaker is stuck in CLOSED state
D. The test call in HALF_OPEN always succeeds

Solution

  1. Step 1: Understand OPEN to HALF_OPEN transition

    The circuit breaker moves from OPEN to HALF_OPEN after a timeout period to test recovery.

  2. Step 2: Identify cause of no transition

    If the timeout is missing or set too long, the breaker stays OPEN indefinitely.

  3. Final Answer:

    The timeout to switch from OPEN to HALF_OPEN is missing or too long -> Option A

  4. Quick Check:

    Missing timeout blocks OPEN -> HALF_OPEN transition [OK]
Hint: Check timeout settings for OPEN to HALF_OPEN switch [OK]
Common Mistakes:
  • Assuming success of service calls affects OPEN state
  • Confusing CLOSED and OPEN states
  • Ignoring timeout mechanism
5. You design a microservice system with a circuit breaker protecting a payment service. The circuit breaker trips (opens) after 5 failures within 1 minute and stays open for 2 minutes before trying again. What is the main tradeoff of setting the open duration too long?
hard
A. Long open duration improves user experience by retrying quickly
B. Long open duration reduces load on failing service but increases request failures for users
C. Long open duration causes the circuit breaker to never open
D. Long open duration increases the number of successful calls

Solution

  1. Step 1: Understand open duration effect

    A long open duration blocks calls longer, reducing load on the failing service.

  2. Step 2: Identify user impact

    While protecting the service, users experience more failures because calls are blocked longer.

  3. Final Answer:

    Long open duration reduces load on failing service but increases request failures for users -> Option B

  4. Quick Check:

    Long open = less load, more user failures [OK]
Hint: Long open = safer service, worse user experience [OK]
Common Mistakes:
  • Thinking long open improves user experience
  • Assuming circuit breaker never opens with long duration
  • Believing long open increases successful calls