Core Code
Core Code Modern Dev Handbook
DISTRIBUTED-SYSTEMS-ENGINEERING Contents
Distributed Systems Fundamentals
What Makes a System Distributed? Latency vs Throughput (Why You Can’t Optimize Both Blindly) The Partial Failure Model (The Real Enemy) The Fallacies of Distributed Computing (Production Examples) Time Is Hard: Clocks, Drift, and Ordering Network Partitions: Detection and Reality Checks CAP Theorem in Practice (What You Actually Choose) PACELC: Latency Tradeoffs Beyond CAP Backpressure vs Queueing (Where Systems Die Quietly) Failure Modes Map: Real Incidents You Will See
Data Consistency Models
Strong Consistency (Costs, When It’s Worth It) Eventual Consistency (What It Guarantees, What It Doesn’t) Causal Consistency (The Practical Middle Ground) Read-Your-Writes and Session Guarantees Monotonic Reads / Writes (User-Visible Correctness) Quorums 101: R/W, N, and What “Majority” Really Means Linearizability vs Serializability vs Strict Serializability Stale Reads: Detection, Measurement, and Guardrails Split-Brain Consistency Failures (How They Start) Designing Consistency SLOs (Correctness as an SLO)
Consensus & Coordination
Why Consensus Is Hard (FLP Intuition, No Math Pain) Raft Overview (Roles, Terms, Safety) Leader Election Patterns (And Their Failure Modes) Quorum Math (Write Safety vs Availability) Log Replication Internals (Commit Index, Match Index) Paxos Simplified (So You Can Read Docs Without Crying) Distributed Locks (Why They’re Dangerous) Zookeeper Patterns (Leader, Config, Locks) etcd Usage Patterns (Kubernetes-Style Coordination) Fencing Tokens (The Only Lock That Survives Partitions)
Replication & Data Distribution
Replication Strategies (Leader, Multi-Leader, Leaderless) Sync vs Async Replication (Latency vs Data Loss) Replication Lag: Causes, Metrics, and Mitigations Anti-Entropy (Merkle Trees, Read Repair, Hinted Handoff) Gossip Protocols (Membership, Failure Detection) Sharding Strategies (Range, Hash, Directory) Consistent Hashing (Why It’s Not Just a Ring Diagram) Rebalancing Clusters Safely (Avoid Melting Prod) Hot Partitions (Detection + Fixes) Multi-Region Data: Patterns and Tradeoffs
Messaging & Event Systems
Messaging Models (Queue vs Log vs PubSub) Delivery Semantics: At-Most-Once Delivery Semantics: At-Least-Once Exactly-Once (Where the Myth Breaks) Idempotency in Event Processing (Design Patterns) Kafka Internals (Partitions, ISR, Replication) Consumer Groups (Rebalances, Sticky Assignors) Ordering Guarantees (What You Can Actually Promise) Dead Letter Queues (Policy, Replay, Poison Pills) Event-Driven Architecture Tradeoffs (Coupling vs Debuggability)
Reliability Patterns in Distributed Systems
Retries & Exponential Backoff (Avoiding Retry Storms) Timeouts & Deadlines (Budgeting Latency) Circuit Breakers (State Machines That Save You) Bulkheads (Stop One Fire From Burning the Ship) Load Shedding (Fail Small, Not Catastrophically) Backpressure in Practice (Push vs Pull, Bounded Queues) Graceful Degradation (Feature Flags and Partial Responses) Hedged Requests (Trading Cost for Tail Latency) Chaos Engineering Basics (What to Test First) Failure Injection Testing (Safe Experiments in Prod-Like Envs)
Distributed Transactions & Sagas
Two-Phase Commit (Why It Blocks) Three-Phase Commit (Why You Still Rarely Use It) Sagas (Orchestration vs Choreography) Saga Orchestration (Central Coordinator Done Right) Saga Choreography (Emergent Workflows, Emergent Pain) Compensating Transactions (Designing Undo) Outbox Pattern (The Dual-Write Fix) Dual-Write Problem (How It Actually Fails) Idempotent Consumers (Dedup, Keys, and Storage) Transactional Messaging (What Guarantees You Can Buy)
Observability in Distributed Systems
Distributed Tracing Fundamentals (Spans, Context, Baggage) Correlation IDs (Request IDs That Survive Microservices) Trace Propagation (W3C Trace Context in Practice) Metrics in Clusters (Aggregation, Cardinality, Cost) High Cardinality Problems (How Monitoring Dies) Structured Logging at Scale (Schemas, Sampling, PII) Monitoring Quorum Health (Consensus Systems SLOs) Alert Fatigue Prevention (Signal > Noise) The Golden Signals (And What Changes in Distributed Systems) Postmortems (Blameless, Actionable, Measurable)
Performance & Scaling Strategies
Horizontal Scaling Patterns (Stateless, Stateful, Sticky) Vertical vs Horizontal Tradeoffs (Cost and Failure Domains) Autoscaling in Practice (When It Helps, When It Hurts) Tail Latency (Why p99 Runs Your Life) p99 vs Averages (SLO Math for Humans) The Thundering Herd (Cache, Locks, and Stampedes) Cache Consistency Tradeoffs (Invalidation Strategies) Distributed Rate Limiting (Token Buckets Across Nodes) Load Balancing Algorithms (RR, LC, EWMA, Hashing) Capacity Planning (Queues, Headroom, Failure Budget)
Production Incident Playbooks
Diagnosing a Network Partition (Fast Triage Checklist) Debugging Split-Brain (Symptoms, Proof, Recovery) Quorum Loss Recovery (Safe Steps, Common Traps) Runaway Retry Storm (How to Stop the Bleeding) Cascading Failure Analysis (Finding the First Domino) Replication Lag Debugging (Root Causes + Fixes) Kafka Consumer Lag Playbook (Rebalance, Throughput, Backlog) Multi-Region Outage Handling (Failover Without Data Lies) Consistency Bug Hunting (Proving “It Can’t Happen” Happened) Production Readiness Checklist (Distributed Systems Edition)

Sagas (Orchestration vs Choreography)

The Saga pattern coordinates distributed transactions using a sequence of local transactions with compensating actions. This lesson explains orchestration vs choreography, failure handling, compensation design, and production tradeoffs.
On this page

Saga Pattern Overview: Distributed Transactions Without Global Locking

The Saga pattern is a distributed transaction management strategy that replaces atomic multi-node commits with a sequence of local transactions. Each step commits independently, and if a later step fails, previously completed steps are undone using compensating actions.

Instead of enforcing strict atomicity across services, Sagas embrace eventual consistency and recovery through compensation.

Why Sagas Exist

Two-Phase Commit and Three-Phase Commit provide strong atomic guarantees but introduce blocking behavior, coordination bottlenecks, and poor availability under partitions. At internet scale, these tradeoffs are often unacceptable.

Sagas solve the problem differently:

  • Break global transaction into smaller local transactions.
  • Commit each step independently.
  • If failure occurs, execute compensating actions to reverse prior work.

This improves availability at the cost of temporary inconsistency.

Basic Saga Flow Example

Consider an order workflow:

  1. Create order record.
  2. Reserve inventory.
  3. Charge payment.
  4. Schedule shipment.

If step 3 fails, steps 1 and 2 must be compensated:

  • Cancel order.
  • Release inventory.

Each service performs its own local transaction and exposes a compensating operation.

Two Saga Coordination Models

1) Orchestration

A central orchestrator controls the workflow.

  • Orchestrator sends commands to services.
  • Services reply with success or failure.
  • Orchestrator triggers compensations if needed.

Advantages:

  • Clear control flow.
  • Easier observability.
  • Simpler debugging.

Disadvantages:

  • Central coordination logic.
  • Orchestrator can become complex.

2) Choreography

No central controller. Services emit events and react to them.

  • OrderCreated event triggers InventoryService.
  • InventoryReserved event triggers PaymentService.
  • PaymentFailed event triggers compensations.

Advantages:

  • Looser coupling.
  • More decentralized control.

Disadvantages:

  • Harder to trace.
  • Complex event chains.

Production Scenario: Payment Failure After Inventory Reservation

Symptom

Inventory remains reserved after payment fails.

Root Cause

Compensation logic not triggered correctly due to event delivery delay.

Diagnosis

  • InventoryReserved event processed.
  • PaymentFailed event not consumed due to lag.
  • No monitoring for stuck saga instances.

Resolution

  • Implement saga state tracking store.
  • Add timeout-based compensation fallback.
  • Monitor incomplete saga instances.

Designing Compensating Actions

Compensation must:

  • Be idempotent.
  • Be safe to retry.
  • Reverse the effect of original step logically.

Compensation is not always perfect reversal. Sometimes it is a logical correction rather than exact undo.

Saga State Management

Production systems track saga progress explicitly:

  • Persistent saga state record.
  • Status transitions (STARTED, COMPLETED, FAILED, COMPENSATING).
  • Timeout monitoring for stalled steps.

Without state tracking, debugging is extremely difficult.

Tradeoffs Compared to 2PC

  • No global locking.
  • Higher availability under partition.
  • Temporary inconsistency possible.
  • Requires compensating logic.
  • Operational complexity in workflow tracking.

Sagas trade atomicity for resilience and scalability.

Observability Requirements

  • Active saga count
  • Failed saga rate
  • Compensation execution count
  • Saga duration percentiles
  • Stuck saga detection alerts

Saga workflows must be visible end-to-end.

Failure Injection Test

# Saga validation test
1) Execute full multi-step workflow
2) Inject failure at step N
3) Verify compensating actions execute
4) Confirm final state consistency
5) Measure recovery duration

Common Anti-Patterns

  • No compensation for irreversible actions.
  • Ignoring idempotency of compensation steps.
  • No timeout handling for stalled steps.
  • Hidden choreography logic spread across services.
  • No centralized tracing of saga progress.

Operational Checklist

  • Is every step paired with a compensation?
  • Are compensations idempotent?
  • Is saga state persisted durably?
  • Are stalled workflows detectable?
  • Is end-to-end tracing implemented?

Key Takeaways

  • Saga pattern replaces global atomicity with compensating transactions.
  • It improves availability and scalability.
  • Temporary inconsistency must be tolerated.
  • Compensation logic is critical and must be safe.
  • Observability and state tracking are mandatory.

The Saga pattern represents the practical evolution of distributed transaction management. Instead of preventing partial progress, it embraces it and provides structured recovery. In production-grade distributed systems, Sagas are often the preferred alternative to blocking commit protocols.

Saga Orchestration (Central Coordinator Done Right) →