The basic idea behind the circuit breaker is very simple. You wrap a protected function call in a circuit breaker object, which monitors for failures. Once the failures reach a certain threshold, the circuit breaker trips, and all further calls to the circuit breaker return with an error, without the protected call being made at all.
A circuit breaker has these characteristics:
When enough errors are detected a circuit breaker flips into the open state, which means it shuts off the service. When that happens, the calling service or application realizes that it can not reach the service. It could have some contingency in place such as increasing its retry period, rerouting to another service, or switching to some form of degraded functionality for a while. These fallback plans prevent the application from tying up any more time trying to use the service.
|observe layer7||Monitor live traffic for HTTP errors.|
|observe layer4||Monitor live traffic for TCP errors.|
|error-limit 50||If errors reach 50, trigger the on-error action.|
|on-error||What to do when the error-limit is reached|
|mark-down||mark the service as down|
|fail-check||simulate a failed check, also forces fastinter (default)|
|sudden-death||simulate a pre-fatal failed health check, one more failed check will mark a server down, forces fastinter|