A narrow bridge holds 50 cars safely. When car 51 tries to enter, the light turns red. Cars queue on the approach road, then the streets leading to it, then the highways beyond.
The bridge is protecting itself by pushing back against the flow. That’s backpressure: when a component can’t handle more load, it signals upstream to slow down.
Without it, catastrophic failure.
Without Backpressure
Monday morning rush:
- Bridge capacity: 50 cars
- Cars arriving: 100 per minute
- Cars exiting: 40 per minute
Without control:
- Minute 1: 60 cars crowd onto bridge
- Minute 2: 80 cars packed dangerously
- Minute 3: 100 cars, bridge groaning
- Minute 4: Bridge structure fails
Everyone wanted to cross. Nobody wanted to wait. Disaster.
Traffic Light System
Level 1: Bridge Entry Control
Simple traffic light at entrance:
- Green: Less than 40 cars on bridge
- Yellow: 40-45 cars
- Red: 45+ cars, stop and wait
Cars queue safely on approach road instead of the bridge.
This diagram requires JavaScript.
Enable JavaScript in your browser to use this feature.
Level 2: Approach Road Monitoring
Approach road has limits too:
- Capacity: 200 cars
- When full, signal upstream
- Highway ramp meters activate
- Flow control propagates backward
Level 3: Network Coordination
Traffic system coordinates:
- Bridge at 80% capacity
- Signals to approach road
- Approach road signals highways
- Highway signs: “Bridge Delay - Consider Alternate Routes”
The entire network responds to protect the weakest link.
Backpressure Types
Blocking
Complete stop when full: Red means full stop. Simple, clear signal, can cause deadlocks.
Rate Limiting
Gradual flow reduction:
- 100% capacity: Full speed
- 80% capacity: Reduce to 80%
- 90% capacity: Reduce to 50%
- 95% capacity: Reduce to 20%
Like highway ramp meters, smooth flow control.
Credit-Based
Pre-allocated capacity:
- Consumer grants 100 credits
- Producer sends 1 message per credit
- Consumer replenishes credits as processed
Like bridge passes, limited number available.
Strategies
Drop
When full, reject new messages immediately. Return “System at capacity.” No queuing.
Harsh but effective.
Buffer
Temporary storage: when processor is busy, messages go into a queue. Monitor queue size, signal backpressure when threshold exceeded.
Smooths spikes but limited capacity.
Throttle
Slow down gradually: calculate current rate based on buffer utilization. 50% full means 50% speed, 90% full means only 10% speed.
Graceful degradation.
Redirect
When primary system reaches capacity, find alternate system and redirect traffic there. Dynamic load balancing triggered by backpressure.
Failure Modes
Deadlock
Circular dependencies:
- A waits for B to consume
- B waits for C to consume
- C waits for A to consume
Complete gridlock.
Upstream Timeout
Backpressure delays processing, sender times out, resends, adds more load. Vicious cycle.
Memory Explosion
Buffering without limits: backpressure signals ignored, buffer grows unbounded, memory exhausted, system crashes.
Decision Rules
Build backpressure in from the start. Identify capacity limits, plan buffer sizes, define rejection policies.
Communicate clearly: clear error messages, meaningful status codes, retry-after headers.
Test backpressure scenarios: load testing, chaos engineering, cascade scenarios.
Accepting some requests slowly is better than accepting all requests and failing.
