Exactly Once vs At Least Once
Message systems offer delivery guarantees, and the names mislead people constantly.
At most once means a message is delivered zero or one times. The sender fires and forgets, so a lost message is simply lost. Fast, but loses data.
At least once means the system retries until it gets an acknowledgement, so a message is delivered one or more times. Nothing is lost, but duplicates happen when an ack is lost and the sender retries a message that actually arrived.
Exactly once delivery is the dream of one and only one delivery. On an unreliable network it is impossible, because the sender can never know whether a missing ack means the message was lost or only the ack was lost. It must choose to retry, risking a duplicate, or not retry, risking a loss.
What real systems achieve is exactly once processing, also called effectively once. The transport delivers at least once, and the consumer makes processing idempotent so duplicates have no extra effect. Combine at least once delivery with deduplication or idempotency keys, and the observable result is that each message takes effect once.
- Pick at least once for correctness, then deduplicate.
- Never trust a vendor claim of exactly once delivery on the wire.
- Move idempotency to the consumer where it can be enforced.
Key idea
True exactly once delivery is impossible on an unreliable network, so systems use at least once delivery plus an idempotent consumer to achieve effectively once processing.