failsafe-lib / failsafe

Fault tolerance and resilience patterns for the JVM
https://failsafe.dev
Apache License 2.0
4.2k stars 297 forks source link

Time based error limiter policy #368

Open jhalterman opened 1 year ago

jhalterman commented 1 year ago

I've hit on a few use cases for something like an error limiter that would allow through as many executions as possible so long as we stay below some recent error threshold. The thresholding part would be similar to a time based circuit breaker, but rather than delaying for some fixed period (in a half open state) when a threshold is exceeded, as a circuit breaker does, an error limiter would only need to delay as long as needed for the recent error rate to drop back below the threshold. The potential benefit of this approach, vs a circuit breaker, is that you could still alleviate load on a system without risking delaying too long in the half-open state, or flapping between states.

The main way that an error limiter would differ from a time based circuit breaker is the role that time plays. In an error limiter, executions are allowed up to the failure threshold. As time progresses, older executions fall out of the time window, and additional executions are allowed up to the limit.

I'm interested to hear any feedback on this idea vs just using a time based circuit breaker.