Core Code
Core Code Modern Dev Handbook
DISTRIBUTED-SYSTEMS-ENGINEERING Contents
Distributed Systems Fundamentals
What Makes a System Distributed? Latency vs Throughput (Why You Can’t Optimize Both Blindly) The Partial Failure Model (The Real Enemy) The Fallacies of Distributed Computing (Production Examples) Time Is Hard: Clocks, Drift, and Ordering Network Partitions: Detection and Reality Checks CAP Theorem in Practice (What You Actually Choose) PACELC: Latency Tradeoffs Beyond CAP Backpressure vs Queueing (Where Systems Die Quietly) Failure Modes Map: Real Incidents You Will See
Data Consistency Models
Strong Consistency (Costs, When It’s Worth It) Eventual Consistency (What It Guarantees, What It Doesn’t) Causal Consistency (The Practical Middle Ground) Read-Your-Writes and Session Guarantees Monotonic Reads / Writes (User-Visible Correctness) Quorums 101: R/W, N, and What “Majority” Really Means Linearizability vs Serializability vs Strict Serializability Stale Reads: Detection, Measurement, and Guardrails Split-Brain Consistency Failures (How They Start) Designing Consistency SLOs (Correctness as an SLO)
Consensus & Coordination
Why Consensus Is Hard (FLP Intuition, No Math Pain) Raft Overview (Roles, Terms, Safety) Leader Election Patterns (And Their Failure Modes) Quorum Math (Write Safety vs Availability) Log Replication Internals (Commit Index, Match Index) Paxos Simplified (So You Can Read Docs Without Crying) Distributed Locks (Why They’re Dangerous) Zookeeper Patterns (Leader, Config, Locks) etcd Usage Patterns (Kubernetes-Style Coordination) Fencing Tokens (The Only Lock That Survives Partitions)
Replication & Data Distribution
Replication Strategies (Leader, Multi-Leader, Leaderless) Sync vs Async Replication (Latency vs Data Loss) Replication Lag: Causes, Metrics, and Mitigations Anti-Entropy (Merkle Trees, Read Repair, Hinted Handoff) Gossip Protocols (Membership, Failure Detection) Sharding Strategies (Range, Hash, Directory) Consistent Hashing (Why It’s Not Just a Ring Diagram) Rebalancing Clusters Safely (Avoid Melting Prod) Hot Partitions (Detection + Fixes) Multi-Region Data: Patterns and Tradeoffs
Messaging & Event Systems
Messaging Models (Queue vs Log vs PubSub) Delivery Semantics: At-Most-Once Delivery Semantics: At-Least-Once Exactly-Once (Where the Myth Breaks) Idempotency in Event Processing (Design Patterns) Kafka Internals (Partitions, ISR, Replication) Consumer Groups (Rebalances, Sticky Assignors) Ordering Guarantees (What You Can Actually Promise) Dead Letter Queues (Policy, Replay, Poison Pills) Event-Driven Architecture Tradeoffs (Coupling vs Debuggability)
Reliability Patterns in Distributed Systems
Retries & Exponential Backoff (Avoiding Retry Storms) Timeouts & Deadlines (Budgeting Latency) Circuit Breakers (State Machines That Save You) Bulkheads (Stop One Fire From Burning the Ship) Load Shedding (Fail Small, Not Catastrophically) Backpressure in Practice (Push vs Pull, Bounded Queues) Graceful Degradation (Feature Flags and Partial Responses) Hedged Requests (Trading Cost for Tail Latency) Chaos Engineering Basics (What to Test First) Failure Injection Testing (Safe Experiments in Prod-Like Envs)
Distributed Transactions & Sagas
Two-Phase Commit (Why It Blocks) Three-Phase Commit (Why You Still Rarely Use It) Sagas (Orchestration vs Choreography) Saga Orchestration (Central Coordinator Done Right) Saga Choreography (Emergent Workflows, Emergent Pain) Compensating Transactions (Designing Undo) Outbox Pattern (The Dual-Write Fix) Dual-Write Problem (How It Actually Fails) Idempotent Consumers (Dedup, Keys, and Storage) Transactional Messaging (What Guarantees You Can Buy)
Observability in Distributed Systems
Distributed Tracing Fundamentals (Spans, Context, Baggage) Correlation IDs (Request IDs That Survive Microservices) Trace Propagation (W3C Trace Context in Practice) Metrics in Clusters (Aggregation, Cardinality, Cost) High Cardinality Problems (How Monitoring Dies) Structured Logging at Scale (Schemas, Sampling, PII) Monitoring Quorum Health (Consensus Systems SLOs) Alert Fatigue Prevention (Signal > Noise) The Golden Signals (And What Changes in Distributed Systems) Postmortems (Blameless, Actionable, Measurable)
Performance & Scaling Strategies
Horizontal Scaling Patterns (Stateless, Stateful, Sticky) Vertical vs Horizontal Tradeoffs (Cost and Failure Domains) Autoscaling in Practice (When It Helps, When It Hurts) Tail Latency (Why p99 Runs Your Life) p99 vs Averages (SLO Math for Humans) The Thundering Herd (Cache, Locks, and Stampedes) Cache Consistency Tradeoffs (Invalidation Strategies) Distributed Rate Limiting (Token Buckets Across Nodes) Load Balancing Algorithms (RR, LC, EWMA, Hashing) Capacity Planning (Queues, Headroom, Failure Budget)
Production Incident Playbooks
Diagnosing a Network Partition (Fast Triage Checklist) Debugging Split-Brain (Symptoms, Proof, Recovery) Quorum Loss Recovery (Safe Steps, Common Traps) Runaway Retry Storm (How to Stop the Bleeding) Cascading Failure Analysis (Finding the First Domino) Replication Lag Debugging (Root Causes + Fixes) Kafka Consumer Lag Playbook (Rebalance, Throughput, Backlog) Multi-Region Outage Handling (Failover Without Data Lies) Consistency Bug Hunting (Proving “It Can’t Happen” Happened) Production Readiness Checklist (Distributed Systems Edition)

The Thundering Herd (Cache, Locks, and Stampedes)

The thundering herd problem occurs when many clients simultaneously retry or access the same resource, overwhelming the system. This lesson explains retry storms, cache stampedes, mitigation strategies, and production safeguards.
On this page

The Thundering Herd Problem: When Synchronization Turns into a Stampede

The thundering herd problem occurs when a large number of clients or processes simultaneously attempt to access or retry the same resource. In distributed systems, synchronized behavior — especially during failures — can overwhelm infrastructure and amplify outages.

What begins as a small failure can cascade into systemic overload.

Common Causes

  • Simultaneous retry after dependency timeout.
  • Cache expiration at the same timestamp.
  • Leader election after node failure.
  • Batch job scheduled at fixed intervals.
  • Mass reconnect attempts after network outage.

Synchronized timing is the root trigger.

Retry Storm Scenario

Initial Event

A downstream service experiences 2-second latency spike.

Client Behavior

  • All clients timeout at 2 seconds.
  • All immediately retry.
  • Retry load doubles traffic instantly.

The dependency collapses under retry amplification.

Cache Stampede Example

Assume cached data expires at the same moment for all clients.

Cache TTL = 60 seconds
All keys expire at 12:00:00
Thousands of requests regenerate data simultaneously

Backend service becomes overloaded.

Production Scenario: Redis Outage Amplified

Symptom

Short Redis disruption leads to full API outage.

Root Cause

All application instances retry cache calls simultaneously with no jitter or backoff.

Impact

  • CPU saturation.
  • Connection pool exhaustion.
  • Cascading timeouts.

Resolution

  • Introduce exponential backoff with jitter.
  • Implement request-level circuit breakers.
  • Stagger cache expiration times.

Mitigation Strategies

1) Exponential Backoff with Jitter

retry_delay = base * 2^attempt + random_jitter

Jitter prevents synchronized retry waves.

2) Token Bucket or Rate Limiting

Limit number of concurrent retries or regeneration attempts.

3) Cache Randomized Expiration

Add random offset to TTL values.

4) Request Coalescing

Allow only one request to regenerate shared data while others wait.

5) Circuit Breakers

Prevent excessive retry attempts when dependency unhealthy.

Autoscaling Interaction

Autoscaling can worsen thundering herd behavior:

  • New instances start simultaneously.
  • All perform warm-up calls.
  • Downstream service overloaded.

Warm-up traffic must be controlled.

Leader Election Storm

In consensus systems:

  • Node failure triggers election.
  • Multiple nodes compete simultaneously.
  • Repeated election cycles increase instability.

Randomized election timeouts mitigate this risk.

Observability Requirements

  • Retry rate metrics.
  • Dependency request burst detection.
  • Cache regeneration frequency.
  • Connection pool saturation.
  • Concurrent request counts.

Retry storms should be visible immediately.

Failure Injection Test

# Thundering herd validation
1) Simulate dependency slowdown
2) Trigger client timeouts
3) Observe retry burst behavior
4) Apply jitter and backoff
5) Confirm retry distribution smooths out
6) Validate system stability under repeated failures

Common Anti-Patterns

  • Immediate retries without delay.
  • No jitter in backoff calculation.
  • Synchronized TTL expiration.
  • No circuit breaker.
  • No retry budget limit.

Synchronized systems fail together.

Operational Checklist

  • Are retries using exponential backoff with jitter?
  • Are cache TTLs randomized?
  • Is retry budget enforced?
  • Are retry storms detectable in monitoring?
  • Are circuit breakers configured correctly?

Key Takeaways

  • Thundering herd is caused by synchronized behavior.
  • Retries without jitter amplify failures.
  • Cache stampedes overload backends.
  • Backoff and randomness reduce synchronization.
  • Failure amplification must be engineered against.

The thundering herd problem demonstrates how coordinated client behavior can transform minor instability into catastrophic outage. Production-grade distributed systems must deliberately introduce randomness and rate control to prevent synchronized collapse.

Cache Consistency Tradeoffs (Invalidation Strategies) →