What is a Circuit Breaker

A circuit breaker is a resilience pattern that stops a service from making calls to a dependency that is likely to fail, preventing cascading failures and giving the failing dependency time to recover.

How it works

The circuit breaker has three states, modeled after an electrical circuit breaker:

Closed (normal) — requests flow through. The circuit breaker tracks the failure rate. If failures exceed a threshold (e.g., 50% of the last 20 requests), the breaker trips to open.

Open — requests are immediately rejected without calling the dependency. A fast fail. This prevents the calling service from wasting time and resources on calls that will likely fail, and prevents overwhelming the already-struggling dependency.

Half-open — after a timeout period, the breaker allows a limited number of test requests through. If they succeed, the breaker returns to closed. If they fail, it returns to open.

Why it matters

Without a circuit breaker, a failing dependency causes requests to pile up, threads to be exhausted, and timeouts to cascade through the system. Service A calls service B, which calls service C. If C is down, B waits for C to timeout on every request. A waits for B. Users wait for A. The entire system grinds to a halt because of one failing component.

A circuit breaker at B's call to C fails fast, allowing B to return an error or fallback response immediately. The failure is contained.

Common implementations include Hystrix (deprecated but widely known), resilience4j (Java), Polly (.NET), and built-in support in service meshes like Istio/Envoy.

For how circuit breakers fit into microservice architecture, see How Microservices Work.