Circuit Breaker Trade Offs: When Not to Use Them

When Failures Are Expected

Some services have high baseline error rates by design. User input validation services may reject 30% of requests. A circuit breaker would stay permanently open. Similarly, services that explicitly return errors for business logic (insufficient funds, item out of stock) should not trigger circuit breakers. Only infrastructure failures (timeouts, connection refused, 5xx errors) should count as breaker failures.

When Fallbacks Are Impossible

Circuit breakers work when degraded operation is acceptable. For transactions where partial success is worse than failure, circuit breakers create problems. If a payment service breaker opens mid transaction, you may have charged the customer but not recorded the order. Some operations must either complete fully or fail completely. Use database transactions and idempotent retry patterns instead of circuit breakers for these cases.

When Latency Is More Important Than Availability

Circuit breakers add processing overhead: checking state, updating counters, evaluating thresholds. For ultra low latency paths measuring microseconds, this overhead matters. High frequency trading systems, real time bidding, and gaming backends may skip circuit breakers on hot paths, accepting occasional failures for consistently low latency.

Alternatives to Consider

Bulkheads: Isolate failures by limiting resources per dependency instead of cutting off traffic entirely. Rate limiting: Prevent overload by capping request rates, protecting both caller and callee. Load shedding: Deliberately drop requests when overloaded rather than attempting and failing. Retry with backoff: For transient failures, simple retries may suffice without circuit breaker complexity. Choose based on failure mode: circuit breakers for sustained outages, retries for transient blips, bulkheads for resource isolation.