I’ve never run a big system like this, but like the lead character in the story, I always figured exponential backoff would be enough. Turns out there’s more.
Very interesting, thanks for this article. It’s funny how I notice ever more repetition of phenomena through different branches of engineering; metastable failure caused by feedback loops is possible both in mechanical and electrical engineering. Named differently though, resonance and ringing, respectively.
Loved this read, thanks for sharing. A good illustration of how chasing an issue with a quick solution can lead to bigger issues.
A circuit breaker could prematurely cut off all requests to a service, even if only one shard was failing.
They only circuit break retries ?
If a single node is down, then it should not receive traffic via k8s or whatever you use to route based on liveness probe.
Why does your software need to retry anyways? I prefer not implementing live retries, stuff breaks sometimes. Tasks will retry themselves.
You can circuit break the connection to other services so that you stop contacting them if they are down. Giving them some breathing room.
The Wikipedia implem looks simple and good enough to me: https://en.m.wikipedia.org/wiki/Circuit_breaker_design_pattern
