The 2 AM Nightmare: Why Dual Writes Are a Silent Killer
The pager duty alert screamed at 2 AM. Our order processing system had hit a wall. While the database confirmed $15,000 in successful customer charges, our shipping service was silent—it never received the ‘OrderCreated’ events. We were using the standard, naive approach: updating the database and immediately calling broker.publish(). This is a Dual Write, and it is a recipe for data corruption.
In a distributed architecture, you cannot guarantee that two independent systems—like a SQL database and a Message Broker (RabbitMQ or Kafka)—will succeed or fail as a single unit. If your database commit finishes but a network blip occurs before the message reaches the broker, your data is out of sync. You now have a ‘ghost’ record in your DB that the rest of your microservices will never see.
To fix this, we need to move toward the Transactional Outbox Pattern.
Comparing Approaches to Event-Driven Communication
When you need to update a database and notify other services, you generally have two choices:
1. The Dual Write (The Risky Way)
async function createOrder(orderData) {
await db.orders.create(orderData); // Step 1: DB Save
await broker.publish('order_created', orderData); // Step 2: Broker Publish
}If Step 2 fails, Step 1 cannot be rolled back easily. This creates data silos and breaks business logic across your entire stack.
2. The Transactional Outbox (The Resilient Way)
Instead of hitting the broker directly, we save the message into a dedicated “Outbox” table. Crucially, this happens within the same database transaction as your business logic. A separate, background process then reads from this table and handles the publishing. This ensures that if the order is saved, the event is guaranteed to be saved too.
Trade-offs of the Outbox Pattern
No architecture is a silver bullet. In production environments handling over 1,000 requests per second, this pattern is the gold standard for reliability, but it does introduce new overhead.
- Pros:
- Strict Atomicity: The business state and the event live or die together.
- Resilience: Messages stay safe in your DB even if your broker (Kafka/RabbitMQ) goes offline for maintenance.
- Guaranteed Delivery: This setup ensures “at-least-once” delivery to your downstream consumers.
- Cons:
- Operational Latency: Expect a slight delay (often 50ms to 500ms) between the DB commit and the message hitting the broker.
- Added Moving Parts: You have to manage a background worker and monitor the growth of your outbox table.
- Duplicate Handling: Because it guarantees delivery, your consumers must be idempotent to handle the occasional redelivery.
The Tech Stack
For this implementation, we will use:
- Node.js: Our runtime for the API and the Relay worker.
- PostgreSQL: Our primary store with robust ACID transaction support.
- pg: The battle-tested PostgreSQL client for Node.js.
- A Message Broker: Such as RabbitMQ or Kafka.
Step-by-Step Implementation
Step 1: The Outbox Table Schema
First, create a table to act as your internal queue. We use JSONB for the payload to allow for flexible event structures.
CREATE TABLE outbox (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
aggregate_type TEXT NOT NULL,
aggregate_id TEXT NOT NULL,
type TEXT NOT NULL,
payload JSONB NOT NULL,
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
processed_at TIMESTAMP WITH TIME ZONE
);
-- Index for performance: finding unprocessed messages quickly
CREATE INDEX idx_outbox_unprocessed ON outbox (created_at) WHERE processed_at IS NULL;Step 2: Atomic Saves in Node.js
Wrap your business logic and the outbox insert in a single transaction. If the order fails to save, the event never enters the outbox. If the event fails to save, the order rolls back. It’s all or nothing.
const { Pool } = require('pg');
const pool = new Pool();
async function createOrder(order) {
const client = await pool.connect();
try {
await client.query('BEGIN');
// 1. Save the actual business data
const orderQuery = 'INSERT INTO orders (id, total, status) VALUES ($1, $2, $3)';
await client.query(orderQuery, [order.id, order.total, 'PENDING']);
// 2. Queue the event in the same transaction
const outboxQuery = `
INSERT INTO outbox (aggregate_type, aggregate_id, type, payload)
VALUES ($1, $2, $3, $4)
`;
const eventPayload = { orderId: order.id, total: order.total };
await client.query(outboxQuery, ['Order', order.id, 'OrderCreated', JSON.stringify(eventPayload)]);
await client.query('COMMIT');
} catch (err) {
await client.query('ROLLBACK');
throw err;
} finally {
client.release();
}
}Step 3: The Relay Worker
Now we need a worker to move messages from Postgres to the broker. We use FOR UPDATE SKIP LOCKED. This prevents multiple worker instances from grabbing the same message simultaneously, which is vital for scaling.
async function relayMessages() {
const client = await pool.connect();
try {
// Lock 10 messages so other workers don't see them
const selectQuery = `
SELECT id, type, payload
FROM outbox
WHERE processed_at IS NULL
ORDER BY created_at ASC
LIMIT 10
FOR UPDATE SKIP LOCKED
`;
const res = await client.query(selectQuery);
for (const row of res.rows) {
try {
await broker.publish(row.type, row.payload);
// Mark as done after successful publish
await client.query('UPDATE outbox SET processed_at = NOW() WHERE id = $1', [row.id]);
} catch (publishError) {
// If broker is down, we just leave the record for the next poll
console.error(`Publishing failed for ${row.id}`);
}
}
} finally {
client.release();
}
}
// Poll every 2 seconds
setInterval(relayMessages, 2000);Handling the “At-Least-Once” Reality
The Outbox pattern guarantees the message will be sent. However, network failures can still happen after the broker receives the message but before the worker updates the database. In this case, the worker will try again, sending a duplicate.
Downstream services must be idempotent. They should check a unique event_id or order_id before processing. If they’ve seen the ID before, they should simply acknowledge the message and do nothing.
Wrapping Up
Moving away from Dual Writes is a major milestone for any backend engineer. It eliminates a massive category of race conditions and prevents data loss during peak traffic. While polling is a great starting point, high-scale systems might eventually migrate to Change Data Capture (CDC) tools like Debezium. CDC tools tail the Postgres Write-Ahead Log (WAL) to achieve even lower latency. For most applications, however, the polling approach is more than enough to let you sleep soundly at night.
