Loading learning content...
The consistency-availability trade-off isn't just a technical concern—it's fundamentally a business decision that engineers must help stakeholders understand and make. The best technical architecture is meaningless if it doesn't align with what the business actually needs.
This page teaches you to:
These skills separate engineers who build systems from engineers who build the right systems.
By the end of this page, you will be able to lead conversations with product managers, business analysts, and executives about consistency trade-offs, translating between technical and business vocabulary fluently.
Business stakeholders rarely say "we need linearizable consistency." They describe requirements in business terms that we must translate:
| Business Statement | Implied Consistency | Technical Translation |
|---|---|---|
| "The customer must never see a balance that's wrong" | Strong (CP) | Linearizable reads on account balances; reject reads if uncertain |
| "We can't sell more tickets than we have" | Strong (CP) | Serializable transactions for inventory; block sales if isolated |
| "Users should always be able to add to cart" | Eventual (AP) | Best-effort writes; merge conflicts later |
| "Search results need to be fast, not perfect" | Eventual (AP) | Stale indexes acceptable; prioritize response time |
| "A user should always see their own posts" | Session (RYW) | Read-your-writes guarantee; global consistency not required |
| "Reports don't need to be real-time" | Eventual (AP) | Async replication to reporting replica; minutes of lag acceptable |
| "Compliance audit must trace every action" | Strong (CP) | Durable, ordered writes; no dropped events |
When gathering requirements, ask these questions explicitly:
1. "What happens if two users see different values for the same data at the same time?"
2. "What happens if the system is temporarily unavailable?"
3. "How quickly must changes propagate across all users?"
4. "What's the recovery process if data conflicts occur?"
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
# Consistency Requirements Questionnaire ## Data Domain: [e.g., User Balances] ### Inconsistency Tolerance1. If two users simultaneously view this data, can they see different values? - [ ] No - values must always match - [ ] Yes - for brief periods (< X seconds) - [ ] Yes - indefinitely, until explicitly synced 2. If a user makes a change, who must see it immediately? - [ ] Only that user - [ ] All users accessing the same record - [ ] All users globally 3. What's the maximum acceptable stale data age? - [ ] 0 (real-time) - [ ] Seconds - [ ] Minutes - [ ] Hours/Days ### Availability Tolerance4. What happens if this feature is unavailable for 5 minutes? - [ ] Critical business impact (revenue, compliance) - [ ] Significant user frustration - [ ] Minor inconvenience - [ ] Acceptable (users can wait or retry) 5. During degraded conditions, what should happen? - [ ] Refuse operations (data integrity priority) - [ ] Allow operations with warning (availability priority) - [ ] Allow without warning (maximum availability) ### Conflict Resolution6. If two users modify the same data simultaneously: - [ ] One must fail (no conflicts allowed) - [ ] Last write wins (simple resolution) - [ ] Merge changes (both preserved) - [ ] Flag for human review ### Compliance and Audit7. Are there regulatory requirements for this data? - [ ] Yes - full audit trail required - [ ] Yes - accuracy requirements (financial, medical) - [ ] No specific requirements ---## SummaryBased on responses, recommended consistency model: [Strong/Session/Eventual]Key constraints: [List]Risks of alternative models: [List]Create an Architecture Decision Record (ADR) for significant consistency choices. Include the business requirements that drove the decision, alternatives considered, and the trade-offs accepted. Future engineers will thank you.
Abstract discussions of "consistency vs availability" don't resonate with business stakeholders. Concrete cost analysis does. Your job is to quantify both sides of the trade-off in business terms.
| Inconsistency Event | Business Impact | Example Quantification |
|---|---|---|
| Double-sold inventory | Operational cost + customer compensation + reputation damage | $50 per incident + 20% churn risk for affected customers |
| Stale product price displayed | Revenue loss if too low; trust loss if too high | 1% of margin × affected transactions |
| Delayed notification | Reduced engagement; potential safety issue | 0.1% engagement drop per 10 seconds delay |
| Inconsistent user profile | Minor confusion; user fixes it | Low cost; self-correcting |
| Financial audit failure | Regulatory fines; legal exposure | $10K-$10M depending on jurisdiction |
Unavailability cost is often easier to quantify because it's more visible:
| Unavailability Event | Business Impact | Example Quantification |
|---|---|---|
| E-commerce checkout down | Direct revenue loss | Revenue per minute × downtime minutes |
| API errors to partners | SLA violations; relationship damage | Penalty per minute + relationship cost |
| Search not responding | Users leave site; reduced conversions | Bounce rate × avg order value × traffic |
| Mobile app won't load | Negative reviews; uninstalls | Acquisition cost × churn rate increase |
| Internal tool down | Employee productivity loss | Employee cost per hour × affected employees |
For each consistency decision, build a simple cost model:
Scenario A (Prioritize Consistency):
Scenario B (Prioritize Availability):
Decision: Choose the lower expected annual cost, adjusted for risk tolerance.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
// Cost analysis for inventory consistency decision interface CostScenario { name: string; consistencyModel: 'CP' | 'AP'; // Inconsistency costs expectedOversellsPerYear: number; costPerOversell: number; // Customer compensation, fulfillment cost // Unavailability costs expectedUnavailabilityHoursPerYear: number; revenuePerHour: number; // Lost sales during downtime // Indirect costs reputationImpact: number; // Annual revenue at risk complianceRisk: number; // Expected regulatory cost} function calculateAnnualCost(scenario: CostScenario): number { const inconsistencyCost = scenario.expectedOversellsPerYear * scenario.costPerOversell; const unavailabilityCost = scenario.expectedUnavailabilityHoursPerYear * scenario.revenuePerHour; return inconsistencyCost + unavailabilityCost + scenario.reputationImpact + scenario.complianceRisk;} // Example: E-commerce inventory system const cpScenario: CostScenario = { name: 'Strong Consistency (CP)', consistencyModel: 'CP', expectedOversellsPerYear: 0, // Never oversell costPerOversell: 0, expectedUnavailabilityHoursPerYear: 8, // Some downtime during partitions revenuePerHour: 50_000, reputationImpact: 0, // No oversell = no angry customers complianceRisk: 0,}; const apScenario: CostScenario = { name: 'Eventual Consistency (AP)', consistencyModel: 'AP', expectedOversellsPerYear: 500, // Some overselling will occur costPerOversell: 150, // Refund + shipping + customer service expectedUnavailabilityHoursPerYear: 0, // Always available revenuePerHour: 0, reputationImpact: 25_000, // Some customers unhappy with oversells complianceRisk: 0,}; console.log('CP Cost:', calculateAnnualCost(cpScenario));// $400,000 (8 hours × $50K/hour) console.log('AP Cost:', calculateAnnualCost(apScenario));// $100,000 (500 × $150 + $25K reputation) // Decision: AP is cheaper for this specific scenario// BUT: This ignores catastrophic risk (what if one oversell goes viral?)// Need to also consider tail risk, not just expected valueExpected value calculations assume average outcomes. But a single catastrophic consistency failure (public embarrassment, regulatory intervention) can outweigh years of small savings. Include tail risk in your analysis, especially for financial, health, and safety-critical systems.
Technical jargon alienates stakeholders. Your goal is to explain the trade-off in terms they understand and care about.
Avoid: "We need to choose between CP and AP for the inventory service."
Instead: "There's a decision we need to make: In rare network issues, should the checkout refuse some orders to guarantee we never oversell, or should it accept all orders but occasionally need to manually fix an oversell? Here are the cost estimates for each approach..."
Create simple diagrams that show:
12345678910111213141516171819202122232425262728293031323334353637383940
# Consistency Model Decision: [System Name] ## The SituationWe need to make an architectural decision about how [system] behaves when network issues occur. This affects both user experience and operational costs. ## Option A: Prioritize Accuracy**What happens:** During network issues (~X times/year, lasting ~Y minutes each), some users will see temporary errors instead of completing their action. **Business impact:**- [Z] transactions affected per year- $[A] estimated lost revenue- Zero risk of [specific inconsistency problem] **User experience:** "Please try again in a moment" ## Option B: Prioritize Availability **What happens:** During network issues, all users can continue their actions, but some may experience [specific inconsistency]. **Business impact:**- Zero downtime during network issues- [W] incidents per year requiring manual fix- $[B] operational cost + customer compensation **User experience:** Works normally but [inconsistency scenario] may occur ## RecommendationBased on our cost analysis, we recommend [Option X] because:- [Primary reason]- [Secondary reason] ## What We Need From You- Confirm the cost estimates are reasonable- Validate which user experience is preferable- Approve the recommended approach ## Questions?Present options, provide analysis, make a recommendation—but let business stakeholders make the actual decision. They own the business priorities; you own the technical translation. Document their decision for future reference.
Different industries have vastly different tolerance for inconsistency and unavailability. Understanding your industry's norms and regulations is essential.
| Industry | Default Approach | Consistency Priority | Availability Priority |
|---|---|---|---|
| Banking & Finance | CP | Transactions, balances, audit logs | Notifications, marketing content |
| E-Commerce | Mixed | Payments, inventory | Catalog, reviews, search |
| Social Media | AP | Billing, authentication | Everything else |
| Healthcare | CP | Patient data, prescriptions | Scheduling, non-clinical content |
| Gaming | Mixed | Purchases, rankings | Game state, chat, matchmaking |
| IoT / Telemetry | AP | Billing, alerts | Sensor data, metrics |
Before finalizing consistency decisions, consult with your compliance and legal teams. Regulations may mandate specific behaviors (e.g., audit completeness) that override pure business cost analysis.
Consistency decisions are made once but have long-lasting implications. Documentation ensures decisions are understood, followed, and revisited when appropriate.
Every significant consistency choice should have an ADR that captures:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
# ADR-042: Consistency Model for Order Management System ## StatusAccepted (2024-01-15) ## ContextThe Order Management System (OMS) handles order creation, inventory reservation, and fulfillment tracking. We need to determine the consistency model for key operations, particularly during network partitions between our primary datacenter and disaster recovery site. Key stakeholders: Product (Alice), Engineering (Bob), Compliance (Carol) ## Decision Drivers- Business requires 99.9% uptime for order submission- Compliance requires complete audit trail (SOX)- Overselling has cost $150K in manual fixes over past year- Current downtime costs ~$50K/hour in lost revenue ## Options Considered ### Option 1: Strong Consistency (CP)- All writes require majority quorum across datacenters- Orders would fail during cross-DC partition- Pros: Never oversell; perfect audit trail- Cons: Estimated 4 hours downtime/year during partitions ### Option 2: Eventual Consistency (AP) - Accept orders locally; sync asynchronously- Merge conflicts with last-write-wins- Pros: Zero order submission downtime- Cons: Possible oversells; audit complexity ### Option 3: Hybrid Approach (Recommended)- Strong consistency for inventory reservation- Eventual consistency for order display and notifications- Session guarantees for customer's view of their orders ## DecisionAdopt Option 3 (Hybrid Approach) **Rationale:**- Inventory is the critical constraint; gets strong consistency- Order display is read-heavy and tolerates staleness- Customer session guarantees prevent confusion ("where's my order?")- Cost analysis: Hybrid has lowest expected annual cost ## Consequences- Inventory service has ~5 hours/year of reduced availability during partitions- Engineering must implement session-aware routing for customer reads- Conflicting order updates during partition require manual review- Quarterly review of oversell incidents to validate model ## Stakeholder Approval- Product: Alice (approved)- Engineering: Bob (approved) - Compliance: Carol (approved with condition: quarterly audit review)Document procedures for handling consistency-related incidents:
Consistency decisions should be reviewed periodically (annually or when major changes occur):
ADRs should be versioned and updated, not replaced. When you change a decision, create a new ADR that references and supersedes the old one. This maintains the decision history and makes it clear how thinking evolved.
Sometimes different stakeholders have contradictory requirements. Product wants maximum availability; Compliance demands perfect accuracy. Navigating these conflicts is a critical skill.
Product vs Compliance:
Engineering vs Business:
Short-term vs Long-term:
Sometimes "conflicting" requirements aren't actually in conflict when you dig deeper. Product may accept brief unavailability if warned in advance. Compliance may accept eventual consistency with appropriate controls. Always probe whether the conflict is real before declaring it irresolvable.
We've explored the often-neglected connection between technical consistency choices and business requirements. This is where senior engineers become technical leaders.
The final page of this module explores practical compromises—the real-world techniques that systems use to get the best of both worlds where possible, and gracefully handle the situations where trade-offs are inevitable.
You now have the skills to bridge the technical and business worlds around consistency decisions. This ability—to translate, quantify, communicate, and document trade-offs—is what differentiates engineers who build systems from engineers who build the right systems for their organizations.