Preventing Redis Cache Penetration, Avalanche, and Thundering Herd

Redis is often used as a front‑line cache to reduce database load, but when cache hit rates drop, requests fall back to the database, potentially overwhelming it. The three main cache failure scenarios are cache penetration, cache avalanche, and cache thundering herd.

Key Concepts

Cache Penetration : Massive requests for keys that never exist in the database.

Cache Avalanche : A large number of keys expire simultaneously, causing a sudden surge of DB queries.

Cache Thundering Herd : A hot key expires while many clients concurrently request it.

Root Cause

All three problems stem from a sudden drop in Redis hit rate, forcing requests to hit the underlying database directly.

Cache Penetration Solutions

Cache null values for non‑existent keys (e.g., store key=-3872, value=null with a short TTL).

Maintain a whitelist or blacklist to filter out obviously invalid requests.

Deploy a Bloom filter (or BitMap) containing all valid keys; reject requests that fail the filter.

Implement network‑level protection (e.g., firewalls) to block malicious traffic.

Cache Avalanche Solutions

Stagger key expiration times by adding random offsets.

Monitor hot data in real time and adjust TTLs dynamically.

Use lock mechanisms to serialize cache rebuilds.

Adopt multi‑level caching (e.g., Nginx → Redis → other caches) for higher reliability.

Mark keys with metadata to trigger background refresh when they near expiration.

Employ queues or exclusive locks so that only one request repopulates a missing key while others wait.

Cache Thundering Herd Solutions

Pre‑warm hot data in Redis before it becomes popular.

Continuously monitor hot keys and adjust their TTLs based on traffic patterns.

Apply lock or semaphore mechanisms to ensure only one request triggers a DB fetch when a hot key expires.

Additional Preventive Measures

Set reasonable expiration times for null‑value caches to avoid wasting Redis memory.

Combine null‑value caching with blacklist rules to mitigate attacks that use dynamic invalid IDs.

Be aware that Bloom filters can produce false positives due to hash collisions.

By understanding these failure modes and applying the above mitigation techniques, developers can keep Redis hit rates high, protect the database from overload, and maintain overall system stability.