← BACK TO DRAWING SET
SPECIFICATION · CONCEPT BRIEFDWG · 12-TRIP-THE-BREAKER

Trip the Breaker

When the downstream is broken, fail fast — don't pile on.

§01The cascading-failure problem

When a downstream slows down or starts failing, naive callers keep sending requests, hold connections waiting for responses that never come, and run out of resources themselves. One failing service brings down everything that depends on it.

§02How a circuit breaker helps

A circuit breaker watches the recent error rate to a downstream. Three states: closed (normal), open (downstream is broken — reject immediately), half-open (cooldown elapsed, send one probe). Successful probe → closed. Failed probe → back to open.

  • failureRateThreshold: drop ratio above which the breaker opens.
  • windowTicks: how long a slice of recent history to consider.
  • cooldownTicks: how long to stay open before probing again.
APPROVED
The point isn't fewer drops
When the downstream is down, drops are inevitable. The point is freeing your callers fast — they get an error in milliseconds instead of a hung connection.
⚑ CHEATSHEET · QUICK REFERENCE
  • Closed → open when error rate spikes; cooldown; half-open probe; success closes it.
  • Pair with retries and timeouts. The breaker prevents the retries from making things worse.
▸ THE EXERCISE

The database goes flaky for a window. Without a circuit breaker, the server's connection pool fills with hung requests. Insert a breaker so failures fast-fail and the server stays responsive.

▸ START EXERCISEBACK TO DRAWING SET