Circuit Breaker
Also known as:
Circuit Breaker Pattern
Definition
The circuit breaker pattern stops cascading failures by wrapping calls to a flaky dependency. It has three states: closed (calls pass through), open (calls fail fast without touching the service), and half-open (a few trial calls test recovery). When failures cross a threshold the breaker trips open, giving the struggling service room to recover instead of being buried under more requests and retries.
Key Takeaways
- A circuit breaker fails fast when a dependency is unhealthy, so callers do not pile on and turn one slow service into a system-wide outage.
- Three states: closed (normal), open (reject immediately), half-open (probe to see if it recovered).
- It pairs naturally with timeouts, retries with backoff, bulkheads, and fallbacks for full fault tolerance.
- Without it, a single slow downstream can exhaust threads and connections upstream, the classic cascading failure.
How It Works
- The breaker counts failures and timeouts on calls to a dependency.
- When the failure rate crosses a threshold, it trips to open and short-circuits further calls for a cooldown period.
- After the cooldown it moves to half-open and lets a few trial requests through.
- If the trials succeed it closes again; if they fail it reopens and waits longer.
Where It Is Used
- Netflix Hystrix popularised the pattern; Resilience4j is the common modern Java implementation.
- Service meshes like Istio and Envoy provide circuit breaking at the network layer.
- It is a staple of microservice resilience alongside retries and rate limiting.