Principles/Circuit Breaker

[ ]Service◈Architectureintermediate2007resiliencehystrixresilience4jfail-fast

Circuit Breaker

Automatically stop calling a failing service to give it time to recover — preventing cascading failures across distributed systems.

★★★★★5/5

[ ]

Operates at: Service level

Service boundary — one deployed unit talking to others

Network Infrastructure System Service Code

Interactive visualization

Live

CLOSED Traffic flows normally. Failures are counted.

CLOSED

OPEN

HALF-OPEN

client

CB

service

0

failures (/3)

0

successes (/2)

CLOSED

circuit state

How it works

The Circuit Breaker pattern (popularised by Michael Nygard in 'Release It!') wraps remote calls in a state machine with three states:

— CLOSED: calls flow normally. Failures are counted. — OPEN: after a failure threshold is exceeded, all calls fail immediately (fail-fast) without hitting the remote service. The circuit 'opens'. — HALF-OPEN: after a timeout, a probe request is allowed through. If it succeeds, the circuit closes. If it fails, it opens again.

This prevents a slow or failing dependency from consuming all threads and causing cascading failure across the entire system.

Why it matters

In microservices, one slow service can exhaust thread pools and bring down calling services. Circuit Breaker is a fundamental resilience primitive — it's implemented in Hystrix, Resilience4j, and every major service mesh.

✓ When to use

→Any service-to-service call in a microservices system
→External third-party API calls (payment gateways, SMS providers)
→Database connection pools under heavy load

✗ When NOT to use

→Synchronous, in-process calls — overhead without benefit
→Idempotent operations where retrying is safe and preferred

Trade-offs

+

Prevents cascading failures in distributed systems

−

Adds complexity — thresholds need tuning per service

+

Fail-fast gives callers immediate error feedback

−

OPEN state means legitimate requests also fail

+

Recovery detection via HALF-OPEN probe

−

State management needs coordination in multi-instance deployments

In production

Netflix

Hystrix library (now Resilience4j) protects all service-to-service calls

AWS

SDK retry + circuit breaker patterns recommended in Well-Architected Framework

Envoy Proxy

Built-in outlier detection implements circuit-breaker semantics

Industry adoption

★★★★★5/5Ubiquitous — used at virtually every scale-focused company.

Related principles

Microservices Architecture

Decompose an application into small, independently deployable services that communicate over a network.

◈Architecture★★★★★5/5

Service Mesh

Offload cross-cutting network concerns (mTLS, retries, circuit breaking, observability) to a dedicated infrastructure layer via sidecar proxies.

⬡Infrastructure★★★★★3/5

API Gateway

Single entry point for all clients that handles routing, authentication, rate limiting, and protocol translation.

◈Architecture★★★★★5/5