Designing High‑Availability Architecture with Rate Limiting, Circuit Breaking, and Degradation Strategies

The concept of high availability (HA) is introduced, describing how a system should continue providing services despite hardware failures, software bugs, or network issues, often measured by the "five nines" (99.999%) availability target.

A typical HA architecture is illustrated: user requests first hit a load balancer, which distributes traffic to redundant application servers (Server A and Server B) and performs health checks; databases are also duplicated (Database A and Database B) with master‑slave replication; a monitoring system observes the health of services and can automatically remove faulty nodes or trigger scaling.

Rate Limiting is presented as a key service‑governance technique for protecting the system under high traffic. Various algorithms are described, including fixed‑window counters, sliding‑window counters, token‑bucket, and priority queues. An example of token‑bucket rate limiting using Spring Cloud Gateway and Redis is provided:

import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.cloud.gateway.filter.ratelimit.RedisRateLimiter;

@Configuration
public class GatewayConfig {
  // Define route to product‑detail service
  @Bean
  public RouteLocator customRouteLocator(RouteLocatorBuilder builder){
        return builder.routes()
                .route("product_detail_route", r -> r.path("/product/details/**")
                     .filters(f -> f.requestRateLimiter().configure(c -> c.setRateLimiter(redisRateLimiter())))
                     .uri("lb://PRODUCT-SERVICE"))
                .build();
    }

    // Apply rate‑limiter using Redis
    @Bean
    RedisRateLimiter redisRateLimiter() {
        // allow 5 requests per second, burst size 10 tokens
        return new RedisRateLimiter(5, 10);
    }
}

The code is explained: requestRateLimiter() applies the Redis‑backed limiter, and RedisRateLimiter(5, 10) configures the token‑bucket parameters.

Circuit Breaking is then covered. The three states of a circuit breaker (CLOSED, OPEN, HALF‑OPEN) are described, followed by a Spring Cloud Hystrix example that protects a comment‑service call:

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
    <version>2.2.6.RELEASE</version>
</dependency>

@SpringBootApplication
@EnableCircuitBreaker
public class ProductServiceApplication {
    public static void main(String[] args) {
        SpringApplication.run(ProductServiceApplication.class, args);
    }
}

@Service
public class CommentService {
    @HystrixCommand(fallbackMethod = "getDefaultComments")
    public String getComments(String productId) {
        if (new Random().nextInt(10) < 8) {
            throw new RuntimeException("评论服务异常");
        }
        return "正常获取评论数据";
    }
    public String getDefaultComments(String productId) {
        return "评论服务当前不可用，请稍后再试";
    }
}

A Node.js Hystrix.js example is also shown, demonstrating how to wrap a payment request and trigger the breaker when error rates exceed 50%.

Degradation (Fallback) Strategies are discussed next. Three levels are defined: service degradation (return cached or simplified data), functional degradation (disable non‑core features such as recommendations), and user‑experience degradation (replace images with text). Sample Java code for service degradation using cache fallback is provided:

public class ProductService {
    private CacheManager cacheManager;
    public ProductService(CacheManager cacheManager) { this.cacheManager = cacheManager; }
    public ProductDetail getProductDetail(String productId) {
        try {
            ProductDetail productDetail = fetchProductDetailFromDB(productId);
            return productDetail;
        } catch (Exception e) {
            ProductDetail cachedDetail = cacheManager.getCachedProductDetail(productId);
            if (cachedDetail != null) { return cachedDetail; }
            return new ProductDetail(productId, "暂无详细描述，请稍后再试。");
        }
    }
    private ProductDetail fetchProductDetailFromDB(String productId) throws Exception {
        Thread.sleep(200);
        return new ProductDetail(productId, "完整的商品描述。");
    }
}

For functional degradation, a static flag controls whether the recommendation service is enabled, and the service returns an empty list when disabled:

public class RecommendationService {
    private static volatile boolean isServiceEnabled = true;
    public static void setServiceStatus(boolean status) { isServiceEnabled = status; }
    public List
recommendProducts(User user) {
        if (!isServiceEnabled) { return Collections.emptyList(); }
        // normal recommendation logic …
        return new ArrayList<>();
    }
}

Finally, a front‑end JavaScript snippet demonstrates how a client can fall back to a simplified product view when the API call fails:

function fetchProductDetails(productId) {
    fetch(`/api/product/${productId}`)
        .then(response => {
            if (!response.ok) { return getDegradedProductDetails(productId); }
            return response.json();
        })
        .then(details => renderProductDetails(details))
        .catch(error => {
            getDegradedProductDetails(productId).then(degradedDetails => {
                renderDegradedProductDetails(degradedDetails);
            });
        });
}

function getDegradedProductDetails(productId) {
    return new Promise(resolve => {
        resolve({ name: '商品名称', description: '商品描述', price: '商品价格' });
    });
}

function renderDegradedProductDetails(degradedDetails) {
    const container = document.getElementById('product-details');
    container.innerHTML = `
${degradedDetails.name}
${degradedDetails.description}
价格：$${degradedDetails.price}
`;
}

The article concludes that combining load‑balancing, redundancy, rate limiting, circuit breaking, and graceful degradation enables an e‑commerce platform to maintain core functionality and user experience even under extreme traffic or component failures.