Choosing Service Level Indicators

Of all the dimensions of service reliability, availability is the most fundamental. Before users can evaluate whether your service is fast, accurate, or feature-rich, they must first be able to access it. Availability is the prerequisite for every other quality—the foundation without which nothing else matters.

Yet availability, seemingly the simplest reliability concept, harbors surprising complexity when you attempt to measure it rigorously. What does it mean for a service to be "available"? If the homepage loads but checkout fails, is the service available? If requests complete but take 30 seconds, is that availability or a latency problem? If your service works for 99% of users but 1% experience DNS resolution failures, what is your true availability?

These aren't academic questions. The answers determine how you contractually commit to customers (SLAs), what targets you set for engineering teams (SLOs), and how you detect when you're falling short (alerting). Get availability measurement wrong, and you'll either over-promise to customers or under-invest in reliability—both costly mistakes.

The seemingly simple question "Is the service available?" has no single correct answer. Different definitions serve different purposes, and choosing the wrong definition leads to metrics that don't reflect reality.

Time-Based Availability

The traditional definition of availability measures the proportion of time a service is operational:

Availability = (Total Time - Downtime) / Total Time × 100%

For example, if a service has 1 hour of downtime in a 30-day month (720 hours):

Availability = (720 - 1) / 720 × 100% = 99.86%

This approach is intuitive and widely used, particularly in infrastructure contexts (server uptime, network uptime). However, it has significant limitations:

• Granularity problems: Was the service "up" or "down" during a 5-minute period with 50% error rate? Time-based availability forces a binary classification.
• Partial failures invisible: If half your servers are healthy, is the service "up"? Time-based availability doesn't capture degraded states.
• Doesn't reflect traffic patterns: One hour of downtime at 3 AM is very different from one hour during peak sales.

Request-Based Availability

A more user-centric approach measures the proportion of requests that succeed:

Availability = Successful Requests / Total Requests × 100%

This approach has several advantages:

• Naturally traffic-weighted: Periods with more traffic contribute more to the metric.
• Captures partial failures: A 50% error rate for one hour is reflected as 50% of that hour's requests failing, not as "up" or "down."
• Granular resolution: Every individual request is classified, enabling precise measurements.

Request-based availability is the foundation of modern SLI practice. It's what users actually experience—each interaction either succeeds or fails, and the aggregate of these experiences defines availability.

User-Session Availability

Even request-based availability can obscure user experience. Consider a user who makes 10 requests to your service. If 9 succeed and 1 fails, is that 90% availability for that user? It might be, or that one failure might have been critical (the checkout request), making the entire session a failure.

User-session availability measures the proportion of user sessions that complete successfully:

Availability = Successful User Sessions / Total User Sessions × 100%

This is the most user-centric definition but also the most difficult to implement—you must define session boundaries, success criteria for sessions, and handle the complexity of concurrent and abandoned sessions.

For request-based availability SLIs, you must precisely define what constitutes a "successful" request. This is less obvious than it seems, and different definitions significantly impact your availability numbers.

The Naive Definition: HTTP 2xx = Success

The simplest definition treats any HTTP 200-299 response as success and everything else as failure. This is better than nothing but has significant issues:

• Client errors (4xx) aren't always user failures: A 400 Bad Request from a confusing form is a UX problem, not user error. A 404 from a broken link is a system issue.
• Some 5xx errors are expected: A 503 during graceful degradation might be intentional. Rate-limited requests (429) are system-protecting behaviors.
• Success status with failure body: An HTTP 200 that returns {"error": "processing failed"} is not a success.

A Better Definition: Semantic Success

Semantic success means the request accomplished what the user intended—the business logic succeeded, not just the HTTP handshake. This requires understanding the purpose of each endpoint:

• Search endpoint: Success = relevant results returned (even if zero matches)
• Authentication endpoint: Success = valid credentials accepted or invalid credentials rejected with clear feedback
• Payment endpoint: Success = payment captured OR clear rejection with actionable reason
• Data save endpoint: Success = data persisted and confirmation returned

Latency as a Dimension of Availability

A philosophically interesting question: if a request takes 60 seconds to complete, was the service "available"?

From the user's perspective, extremely slow responses are functionally equivalent to unavailability. Users abandon requests, retry (causing more load), and perceive the service as broken. This leads to the concept of latency-adjusted availability:

Latency-Adjusted Success = Request returned AND latency < threshold

You can incorporate latency into availability by treating requests that exceed a latency threshold as failures. Common approaches:

1. Binary threshold: Requests > 10 seconds are counted as unavailable
2. Tiered thresholds: > 5 seconds = degraded, > 30 seconds = unavailable
3. Percentile-based: Success only if within 99th percentile of normal latency

The threshold should reflect user tolerance. For synchronous UI interactions, 10-30 seconds might be appropriate. For background jobs visible to users, minutes might be acceptable.

Availability = Successful Requests / Total Requests. We've discussed the numerator (what's a success?), now let's tackle the denominator: what counts as a request?

This is the "denominator problem," and getting it wrong can dramatically skew your availability numbers.

Problem 1: Synthetic vs. Real Traffic

Your monitoring systems generate synthetic requests for health checks. Your internal tools make API calls. Partner services call your endpoints. Not all of this represents "user" traffic.

Should synthetic health checks count?

• If they fail while real users succeed → artificially deflates availability
• If they succeed while real users fail → artificially inflates availability

Solution: Separate SLIs for synthetic and real user traffic. Use synthetic monitoring to detect issues quickly, but calculate user-facing availability SLIs from user traffic only. Tag requests at ingestion to distinguish origins.

Problem 2: Internal vs. External Traffic

In a microservices architecture, a single user request might generate 50 internal service-to-service calls. If you count all requests equally:

• One user clicking a button creates 50 "requests"
• That user's experience is over-weighted by 50x

Solution: Calculate availability at the boundary that users interact with. Internal service calls contribute to that boundary's availability but shouldn't be double-counted. Alternatively, maintain separate SLIs for internal and external availability.

Problem 3: Request Amplification and Reduction

The relationship between user intent and requests is rarely 1:1:

Amplification scenarios:

• User loads a page → browser makes 50 requests (HTML, CSS, JS, images, APIs)
• User submits a form → server fans out to 10 downstream services
• Client uses HTTP/2 multiplexing → multiple logical operations over one connection

Reduction scenarios:

• CDN caches response → user requests that never reach origin
• GraphQL batches multiple queries → one request contains multiple operations
• Websocket connections → continuous stream counted as one request

Solution: Define your SLI at the level of user intent, not network requests. For a page load, the SLI might be "page load success rate," counting each navigation as one attempt regardless of how many HTTP requests it generates. This requires client-side instrumentation but produces more meaningful measurements.

Problem 4: The Zero-Traffic Window

What's your availability when nobody is using the service? If there are zero requests in a measurement window, what's the availability?

• 0/0 = undefined, not 100%
• Absence of failure is not presence of availability

Solution: For windows with insufficient traffic, either:

1. Extend the measurement window until you have statistical significance (changes SLI characteristics)
2. Fall back to synthetic monitoring data for those windows
3. Report "insufficient data" rather than a misleading number

With definitions established, let's explore practical measurement approaches.

Measurement Point Selection

Where you measure availability affects what you capture:

At the load balancer/ingress:

• Pros: Sees all traffic, captures transport-layer failures, high-fidelity data
• Cons: Doesn't see client-side failures, doesn't understand business logic success

At the application layer:

• Pros: Can apply semantic success definitions, correlate with business logic
• Cons: Missed requests (crashed before logging), doesn't see upstream failures

Client-side (RUM):

• Pros: Captures true user experience, includes network and rendering failures
• Cons: Incomplete data (sampling, blocked scripts), harder to aggregate

Hybrid approach (recommended):

• Client-side RUM provides the ground-truth user experience
• Server-side logging provides complete request data and debugging context
• Correlation between them identifies gaps (client saw failure, server didn't log it)

Aggregation Windows

Availability SLIs are typically aggregated over time windows. The choice of window size has significant implications:

Short windows (1-5 minutes):

• High-resolution visibility into availability changes
• Noisy—random variability causes fluctuations
• Good for alerting, poor for SLO calculations

Medium windows (1 hour):

• Balance between resolution and stability
• Smooths out random variation
• Common for dashboard displays

Long windows (1 day, 1 week, 1 month):

• Stable, comparable over time
• Masks short incidents
• Appropriate for SLO reporting and SLA calculations

Rolling vs. calendar windows:

• Rolling (e.g., last 30 days): Always current, but comparison is tricky (different windows overlap)
• Calendar (e.g., month of January): Clean comparisons, but early in the month you have little data

For SLO compliance, rolling windows (often 30 days) are typical. For reporting to stakeholders, calendar months align with business cycles.

Availability is commonly expressed in "nines"—99% is "two nines," 99.9% is "three nines," and so on. This shorthand obscures the dramatic differences between levels. Let's make it concrete.

The Exponential Scale of Nines

Each additional nine represents a 10x reduction in allowed downtime. This exponential relationship has profound implications:

The Cost of Each Nine

Making a service more available costs exponentially more as you add nines:

• 99% → 99.9%: Requires robust monitoring, on-call rotation, incident response process. Cost: Moderate.
• 99.9% → 99.99%: Requires redundancy at every layer, automated failover, multi-region deployment, chaos engineering. Cost: Significant.
• 99.99% → 99.999%: Requires active-active multi-region, zero-downtime deployments, extensive testing, potentially purpose-built infrastructure. Cost: Very high.
• Beyond 99.999%: Requires fundamental architectural innovations, potentially custom hardware, extreme operational discipline. Cost: Exceptional.

The question isn't "how to achieve five nines" but "do we need five nines?" For most consumer services, three to four nines is appropriate. Five or more nines is reserved for critical infrastructure (telecommunications, financial clearing, emergency services).

Nines Are Not Additive

A common misconception: "If I have two components each at 99.9% availability, my total availability is also 99.9%." This is wrong.

If components are in series (request must pass through both), availability multiplies:

• Component A: 99.9%
• Component B: 99.9%
• Combined: 99.9% × 99.9% = 99.8%

With 10 components at 99.9% each in series: 99.9%¹⁰ = 99.0% You've lost an entire nine just by having 10 dependencies!

This is why microservices architectures can have availability challenges—you multiply many slightly-unreliable components together.

Choosing the Right Target

How do you select an appropriate availability target? Consider:

1. User expectations: What do your users expect based on competitive alternatives and historical experience?

2. Business impact of downtime: What's the cost per minute of unavailability? (Lost revenue, SLA penalties, reputation damage)

3. Achievability: What level can your team and infrastructure realistically maintain?

4. Cost-benefit analysis: At what point does the incremental cost of reliability exceed the benefit?

For most B2B SaaS products, 99.9% is a sensible starting target—achievable with good practices, meeting user expectations, and not requiring heroic effort. As you mature, you can tighten to 99.95% or 99.99% if business needs justify the investment.

Real-world availability measurement is full of edge cases that don't fit neatly into "success" or "failure." How you handle these determines whether your SLI reflects reality or fiction.

Planned Maintenance

Should scheduled maintenance count against availability? Arguments both ways:

Count it: Users experience unavailability regardless of whether it was planned. From the user perspective, the service was down.

Exclude it: Planned maintenance with advance notice is a different user experience than unexpected outages. Users can plan around announced maintenance.

Recommended approach: Count planned maintenance in your SLI but track it separately. Report "raw availability" (all downtime) and "unplanned availability" (excluding announced maintenance). Be strict about what qualifies as "announced"—maintenance that gets announced 5 minutes before isn't properly planned.

Dependency Failures

If your service is unavailable because AWS is down, should that count?

Count it: Users experience your unavailability. They don't care whose fault it is.

Exclude it: It's beyond your control; punishing you for AWS failures isn't fair.

Recommended approach: Count all failures in your SLI (users experienced them). However, track "owned" vs. "dependency" failures separately for internal analysis. Your SLO should account for expected dependency outages—if AWS promises 99.9%, your SLO can't assume 100% AWS uptime.

Partial Availability

Complex applications have multiple features with independent reliability. How do you handle partial outages?

Example: Your e-commerce site's search is down, but browse, cart, and checkout work fine. What's your availability?

Option 1 - Component SLIs: Maintain separate availability SLIs for search, browse, cart, checkout. Each has its own target. This is operationally clean but doesn't give an overall picture.

Option 2 - Weighted composite: Define weights based on usage frequency or business importance. Overall availability = Σ(component availability × weight). Search at 40% traffic weight and 0% availability + everything else at 60% weight and 100% availability = 60% overall.

Option 3 - Critical path: Define availability by the critical user journey. If checkout is available, the service is "available." Degraded features are tracked separately. This works well for primarily transactional services.

Recommended approach: Use component SLIs for operations and reporting, critical path for high-level SLA contractual commitments, and be explicit about what "available" means in each context.

Gray Failures

The hardest edge case: the service appears available but is subtly broken. Examples:

• Responses are returned but incorrect (wrong data, stale cache)
• Service is fast but silently dropping 1% of writes
• Everything works except one obscure but critical feature

These are the most dangerous because they evade simple success/failure SLIs.

Solution: Complement availability SLIs with correctness SLIs. Don't just measure "did it respond?" but "did it respond correctly?" This might mean sampling responses for correctness, monitoring data integrity, or tracking specific correctness indicators.

Let's examine how specific systems might define availability SLIs, demonstrating the principles in practice.

Example 1: RESTful API Service

Example 2: E-Commerce Web Application

Example 3: Data Processing Pipeline

Availability SLIs, while conceptually simple, require careful design to accurately reflect user experience. Let's consolidate the key learnings:

What's Next

Availability answers "did it work?" but doesn't capture "how fast did it work?" In the next page, we'll explore Latency SLIs—measuring and setting targets for response time, understanding percentiles, and the nuanced relationship between latency and user experience.