Why a breaker helps
When a downstream service is failing, continuing to send it requests wastes resources and slows callers waiting on doomed calls. A circuit breaker watches the failure rate and, once it crosses a threshold, stops sending requests for a while, failing fast instead. This protects the caller and gives the dependency room to recover.
The three states
- Closed is normal operation. Requests flow, and the breaker counts failures.
- Open is tripped. Requests are rejected immediately without contacting the dependency, for a cool down period.
- Half open is a trial. After the cool down, a few probe requests are allowed. If they succeed the breaker closes, if they fail it opens again.
The breaker turns slow, repeated failures into fast rejections, which keeps thread pools and connection pools from filling with stalled calls. It pairs naturally with a fallback, such as serving cached data or a default response when the circuit is open. Tuning the failure threshold and cool down matters, since a breaker that trips too eagerly hurts availability and one that trips too late offers little protection.
Key idea
A circuit breaker moves between closed, open, and half open states to fail fast when a dependency is unhealthy, protecting the caller and giving the dependency time to recover.