How to avoid cascading failures using Circuit Breaker?
Add resiliency to your Microservices using Circuit Breaker
What is Circuit Breaker?
A circuit breaker is a stability pattern used when calling remote functions. It protects and monitors a function. A circuit breaker detects the failure and prevents the application from trying to perform an action that is doomed to fail during system maintenance, failure or unexpected difficulties.
When one service synchronously invokes another there is always the possibility that the other service is unavailable or is exhibiting such high latency it is essentially unusable. Precious resources such as threads might be consumed by the caller while waiting for the other service to respond. This might lead to resource exhaustion, which would make the calling service unable to handle other requests. The failure of one service can potentially cascade to other services throughout the application.
Why to use Circuit Breaker?
- Helps in preventing cascading failures in distributed systems and enable resilience where failure is inevitable.
- To fail fast and recover rapidly
- Circuit breaker helps to have a fallback and gracefully degrade when possible.
Overall, Circuit breaker acts as a cushion by handling cascading failures if there is a failure in one of your dependent systems.
How Circuit Breaker Works?
- A service client should invoke a remote service via a proxy that functions similarly to an electrical circuit breaker.
- When the number of consecutive failures crosses a threshold, the circuit breaker trips, and for the duration of a timeout period all attempts to invoke the remote service will fail immediately.
- After the timeout expires the circuit breaker allows a limited number of test requests to pass through. If those requests succeed the circuit breaker resumes normal operation. Otherwise, if there is a failure the timeout period begins again.
Circuit Breaker State Management
Circuit Breaker can be in one of the following 3 states.
- CLOSED : when client and supplier service both are working fine, circuit breaker would just forward call, as there would be nothing between the caller and wrapped code.
- OPEN : When supplier service starts failing, each failure is recorded and when certain threshold is met, circuit breaker disables call forwarding of subsequent requests and starts to fail immediately.
- HALF OPEN : While supplier service is throwing errors, a circuit breaker will check if the grace period has passed (without even hitting actual service). If it did, Circuit breaker will try again. Only once during this time , circuit breaker will be in HALF OPEN state.
If supplier is able to handle requests and working fine, circuit will go back to CLOSED state otherwise it will go to OPEN state.