Dealing with overloaded servicesWhen making calls to any service, the caller must be prepared to contend with a service that has failed or is under stress and causing the call time timeout. To address these failures, the caller usually provides some form of retry logic which can often stress the overloaded dependent service further. To mitigate the risk of this we introduce the Circuit Breaker pattern.
Circuit Breaker PatternIn much the same way that an electrical circuit protects a house's electrical wiring from overheating due to excessive electrical current, the circuit-breaker pattern avoids overloading a service with too many calls. To prevent overloading the service with calls when it is under stress, we mediate the call to the target service with a proxy (Circuit Breaker) that is responsible for both detecting failures in the dependent service and managing the service's invocation.
Under normal circumstances, the circuit breaker operates in the Closed state. While in the closed state, the circuit breaker allows calls to pass through to the dependent service.
The circuit breaker will allow a pre-configured number of failures to occur before tripping. Once the circuit breaker has tripped, it transitions to the Open state. In this state, the circuit breaker will no longer pass calls to the dependent service, and subsequent calls will fail immediately.
The circuit breaker waits for a pre-configured interval once the circuit breaker has tripped, and transitions into the Half-Open state. In this state, the next call to circuit-breaker is permitted to pass to the dependent service to test if the service has recovered. If the request succeeds, the circuit-breaker resets and returns to the Closed state and normal operation. If this call fails, the circuit-breaker transitions back to the Open state and the timeout counter resets for another try.