SA-301f · Module 3
Bulkhead Pattern
3 min read
The bulkhead pattern isolates failures to prevent them from spreading. Named after the watertight compartments in ship hulls, bulkheads in software architecture isolate resource pools — thread pools, connection pools, process pools — so that a failure in one pool does not exhaust the resources available to others. A slow dependency that consumes all available threads in a shared pool blocks every other dependency. A slow dependency with a dedicated pool blocks only its own callers.
Do This
- Allocate dedicated thread pools for each external dependency — a slow payment service should not block order queries
- Set pool sizes based on the dependency's expected concurrency and timeout — over-sized pools waste resources, under-sized pools reject valid requests
- Monitor pool utilization as a leading indicator — a pool consistently at 80% utilization is approaching saturation
Avoid This
- Share a single thread pool across all external calls — one slow dependency starves every other dependency
- Set pool sizes to "large enough" without measuring — pools that are too large consume resources without benefit
- Ignore pool exhaustion signals — a full pool is a failed dependency in slow motion