Distributed Transactions With the 2PC Protocol

Imagine someone asking you to build an atomic business transaction that requires state modification of your application's database and another service via a REST API. It seems to be pretty straight forward and easy to design and implement, but the devil is always in the details.

Let’s try and design what seems to be obvious. The system first updates the database and then executes the HTTP request right before committing the database transaction. If the HTTP request fails, normally with an exception, the database transaction will rollback and so you can guarantee data consistency. This design decision is something that you are going to regret when this feature reaches production. The reason is called distributed transactions that take place whenever a state modification is performed by two or more remote systems within the boundaries or the same business transaction. Let’s do further analysis over some negative scenarios that can potentially lead to data inconsistency:

1. The HTTP request fails with a timeout before the application receives the response. The operation has been executed successfully by the remote service, although the application failed to get a response and handled the exception by rolling back the database transaction. 
2. The HTTP request is successful but the database transaction failed to commit, due to a timeout error or even an application crash.

Additionally, another aspect to consider is the bad utilization of the application resources such as database connections while waiting for the HTTP response from the remote service.

But How Can We Guarantee That the System Is Consistent? 

The two-phase commit protocol consists of two phases:

1. The commit request or voting phase.
2.  The commit phase, where based on the voting, the system decides to commit or abort the transaction.

For our use-case, the protocol implementation will require the following:

1. A database transaction to persist the request and the HTTP request to the remote service as part of the voting phase.
2. A second database transaction that will modify the database state and accept or fail the business operation.

With this design, the HTTP request is not within any database transaction boundaries and our voting phase is based on the HTTP response to determine the state of the overall business transaction. So in a happy scenario where the HTTP response status is 2xx, the system will persist the operation as successful in the database. If the HTTP request is rejected, for example, it failed with a 400 HTTP response, then the operation is considered to have failed and is persisted in the database. 

But now let’s see if we made any progress with the edge case scenarios of our previous design. If we receive a timeout of the HTTP request, then we got two options based on the system’s requirements:

1. Retry the HTTP request as a more graceful recovery option so that the request will eventually succeed. This option is valid only if the remote service operation is idempotent so that reprocessing the same request is safe.
2. Fail fast and reconcile by performing an HTTP request to the remote service to undo the original operation and additionally fail the operation in the database. The undo operation of the remote service must also be idempotent since, during the reconciliation process, it may be executed multiple times due to unexpected errors such as timeout of other system failures.

Both retries and reconciliation require client-side ID generation of the resource or the request. Based on the ID generated by our application the remote service will be able to implement the idempotent behavior or the undo operation.

What if our application or database crashes at any phase? By the time the system recovers it will be able to retry or reconcile the business operation, similar to the request timeout scenario. For this reason, the request is accepted and persisted as part of the first database transaction before the system sends the HTTP request to the remote service.

There are several patterns of handling distributed transactions depending on their complexity, especially in the microservices world. In this article, we cover distributed transactions in the simplest form, which is frequently ignored by engineers. The first and most important step is to identify, design them properly, and never underestimate them.