Core Code
Core Code Modern Dev Handbook
DISTRIBUTED-SYSTEMS-ENGINEERING Contents
Distributed Systems Fundamentals
What Makes a System Distributed? Latency vs Throughput (Why You Can’t Optimize Both Blindly) The Partial Failure Model (The Real Enemy) The Fallacies of Distributed Computing (Production Examples) Time Is Hard: Clocks, Drift, and Ordering Network Partitions: Detection and Reality Checks CAP Theorem in Practice (What You Actually Choose) PACELC: Latency Tradeoffs Beyond CAP Backpressure vs Queueing (Where Systems Die Quietly) Failure Modes Map: Real Incidents You Will See
Data Consistency Models
Strong Consistency (Costs, When It’s Worth It) Eventual Consistency (What It Guarantees, What It Doesn’t) Causal Consistency (The Practical Middle Ground) Read-Your-Writes and Session Guarantees Monotonic Reads / Writes (User-Visible Correctness) Quorums 101: R/W, N, and What “Majority” Really Means Linearizability vs Serializability vs Strict Serializability Stale Reads: Detection, Measurement, and Guardrails Split-Brain Consistency Failures (How They Start) Designing Consistency SLOs (Correctness as an SLO)
Consensus & Coordination
Why Consensus Is Hard (FLP Intuition, No Math Pain) Raft Overview (Roles, Terms, Safety) Leader Election Patterns (And Their Failure Modes) Quorum Math (Write Safety vs Availability) Log Replication Internals (Commit Index, Match Index) Paxos Simplified (So You Can Read Docs Without Crying) Distributed Locks (Why They’re Dangerous) Zookeeper Patterns (Leader, Config, Locks) etcd Usage Patterns (Kubernetes-Style Coordination) Fencing Tokens (The Only Lock That Survives Partitions)
Replication & Data Distribution
Replication Strategies (Leader, Multi-Leader, Leaderless) Sync vs Async Replication (Latency vs Data Loss) Replication Lag: Causes, Metrics, and Mitigations Anti-Entropy (Merkle Trees, Read Repair, Hinted Handoff) Gossip Protocols (Membership, Failure Detection) Sharding Strategies (Range, Hash, Directory) Consistent Hashing (Why It’s Not Just a Ring Diagram) Rebalancing Clusters Safely (Avoid Melting Prod) Hot Partitions (Detection + Fixes) Multi-Region Data: Patterns and Tradeoffs
Messaging & Event Systems
Messaging Models (Queue vs Log vs PubSub) Delivery Semantics: At-Most-Once Delivery Semantics: At-Least-Once Exactly-Once (Where the Myth Breaks) Idempotency in Event Processing (Design Patterns) Kafka Internals (Partitions, ISR, Replication) Consumer Groups (Rebalances, Sticky Assignors) Ordering Guarantees (What You Can Actually Promise) Dead Letter Queues (Policy, Replay, Poison Pills) Event-Driven Architecture Tradeoffs (Coupling vs Debuggability)
Reliability Patterns in Distributed Systems
Retries & Exponential Backoff (Avoiding Retry Storms) Timeouts & Deadlines (Budgeting Latency) Circuit Breakers (State Machines That Save You) Bulkheads (Stop One Fire From Burning the Ship) Load Shedding (Fail Small, Not Catastrophically) Backpressure in Practice (Push vs Pull, Bounded Queues) Graceful Degradation (Feature Flags and Partial Responses) Hedged Requests (Trading Cost for Tail Latency) Chaos Engineering Basics (What to Test First) Failure Injection Testing (Safe Experiments in Prod-Like Envs)
Distributed Transactions & Sagas
Two-Phase Commit (Why It Blocks) Three-Phase Commit (Why You Still Rarely Use It) Sagas (Orchestration vs Choreography) Saga Orchestration (Central Coordinator Done Right) Saga Choreography (Emergent Workflows, Emergent Pain) Compensating Transactions (Designing Undo) Outbox Pattern (The Dual-Write Fix) Dual-Write Problem (How It Actually Fails) Idempotent Consumers (Dedup, Keys, and Storage) Transactional Messaging (What Guarantees You Can Buy)
Observability in Distributed Systems
Distributed Tracing Fundamentals (Spans, Context, Baggage) Correlation IDs (Request IDs That Survive Microservices) Trace Propagation (W3C Trace Context in Practice) Metrics in Clusters (Aggregation, Cardinality, Cost) High Cardinality Problems (How Monitoring Dies) Structured Logging at Scale (Schemas, Sampling, PII) Monitoring Quorum Health (Consensus Systems SLOs) Alert Fatigue Prevention (Signal > Noise) The Golden Signals (And What Changes in Distributed Systems) Postmortems (Blameless, Actionable, Measurable)
Performance & Scaling Strategies
Horizontal Scaling Patterns (Stateless, Stateful, Sticky) Vertical vs Horizontal Tradeoffs (Cost and Failure Domains) Autoscaling in Practice (When It Helps, When It Hurts) Tail Latency (Why p99 Runs Your Life) p99 vs Averages (SLO Math for Humans) The Thundering Herd (Cache, Locks, and Stampedes) Cache Consistency Tradeoffs (Invalidation Strategies) Distributed Rate Limiting (Token Buckets Across Nodes) Load Balancing Algorithms (RR, LC, EWMA, Hashing) Capacity Planning (Queues, Headroom, Failure Budget)
Production Incident Playbooks
Diagnosing a Network Partition (Fast Triage Checklist) Debugging Split-Brain (Symptoms, Proof, Recovery) Quorum Loss Recovery (Safe Steps, Common Traps) Runaway Retry Storm (How to Stop the Bleeding) Cascading Failure Analysis (Finding the First Domino) Replication Lag Debugging (Root Causes + Fixes) Kafka Consumer Lag Playbook (Rebalance, Throughput, Backlog) Multi-Region Outage Handling (Failover Without Data Lies) Consistency Bug Hunting (Proving “It Can’t Happen” Happened) Production Readiness Checklist (Distributed Systems Edition)

Dual-Write Problem (How It Actually Fails)

The Dual Write Problem occurs when a system updates two independent resources without atomic coordination, leading to inconsistent state. This lesson explains failure modes, detection challenges, and production-safe mitigation patterns.
On this page

The Dual Write Problem: Inconsistent State Across Systems

The Dual Write Problem occurs when an application writes to two independent systems separately without atomic coordination. If one write succeeds and the other fails, the system enters an inconsistent state.

This is one of the most subtle and dangerous reliability issues in distributed architectures.

What Is a Dual Write?

A dual write happens when an operation updates two resources independently:

  • Database + Message Broker
  • Database + Cache
  • Database + Search Index
  • Service A + Service B

If these updates are not atomic, failure between them causes divergence.

Classic Example: Database and Event Publish

update_order_in_db()
publish_order_created_event()

If the database update succeeds but the event publish fails, downstream services never learn about the order. If the event publishes but the database transaction rolls back, consumers receive an event for nonexistent data.

This is the dual write problem.

Why It Is Dangerous

  • Inconsistency may remain silent.
  • Detection is delayed or impossible.
  • Recovery often requires manual reconciliation.
  • Data corruption propagates to other systems.

Unlike immediate crashes, dual writes create latent data integrity issues.

Production Scenario: Missing Search Index Updates

Symptom

Products appear in database but are missing from search results.

Root Cause

Application updated database successfully but crashed before updating search index.

Diagnosis

  • Database row exists.
  • No corresponding index document.
  • No reconciliation job running.

Resolution

  • Introduce Outbox Pattern for event publication.
  • Use background indexer driven by events.
  • Add reconciliation and audit job.

Why Not Use Two-Phase Commit?

In theory, distributed transaction protocols like Two-Phase Commit can ensure atomicity across systems. In practice:

  • High latency overhead.
  • Blocking behavior under failure.
  • Poor availability under partition.
  • Not supported across heterogeneous systems.

Most modern systems avoid distributed atomic commits.

Mitigation Patterns

1) Outbox Pattern

Write business data and event into same database transaction.

2) Transactional Log Streaming (CDC)

Capture committed changes directly from database log.

3) Idempotent Reconciliation Jobs

Periodic jobs detect and repair divergence.

4) Single Source of Truth

Ensure derived systems (cache, search) can rebuild state from primary data store.

Detection Strategies

  • Compare record counts between systems.
  • Audit missing event sequences.
  • Track last processed offset vs DB version.
  • Monitor event publish failure rates.

Detection must be automated. Manual detection is too slow.

Interaction with Event-Driven Architectures

Event-driven systems amplify dual write risks:

  • Events drive multiple downstream systems.
  • Missing event causes cascading inconsistency.
  • Retry behavior may duplicate events.

Strong delivery guarantees and idempotent handlers are essential.

Failure Injection Test

# Dual write validation
1) Execute business transaction
2) Force crash between DB commit and event publish
3) Restart system
4) Verify whether downstream systems reflect correct state
5) Confirm reconciliation mechanism repairs divergence

Common Anti-Patterns

  • Assuming publish call will always succeed.
  • No retry mechanism for second write.
  • No monitoring for divergence.
  • No reconciliation job.
  • Mixing business logic with side-effect publishing in same request thread.

Operational Checklist

  • Are any operations writing to multiple systems separately?
  • Is atomicity guaranteed at least for primary state + event log?
  • Are reconciliation jobs implemented?
  • Are event publishing failures monitored?
  • Is idempotency enforced downstream?

Key Takeaways

  • Dual writes cause silent data inconsistency.
  • Atomicity across systems cannot be assumed.
  • Outbox Pattern is a primary mitigation strategy.
  • Detection and reconciliation mechanisms are essential.
  • Dual write risks increase in event-driven architectures.

The Dual Write Problem is not a theoretical concern — it is one of the most common causes of distributed data corruption. Production-grade systems must identify and eliminate unsafe multi-system writes through structured reliability patterns.

Idempotent Consumers (Dedup, Keys, and Storage) →