Pattern: Transactional outbox
Also known as
A service command typically needs to create/update/delete aggregates in the database and send messages/events to a message broker. For example, a service that participates in a saga needs to update business entities and send messages/events. Similarly, a service that publishes a domain event must update an aggregate and publish an event.
The command must atomically update the database and send messages in order to avoid data inconsistencies and bugs. However, it is not viable to use a traditional distributed transaction (2PC) that spans the database and the message broker The database and/or the message broker might not support 2PC. And even if they do, it’s often undesirable to couple the service to both the database and the message broker.
But without using 2PC, sending a message in the middle of a transaction is not reliable. There’s no guarantee that the transaction will commit. Similarly, if a service sends a message after committing the transaction there’s no guarantee that it won’t crash before sending the message.
In addition, messages must be sent to the message broker in the order they were sent by the service.
They must usually be delivered to each consumer in the same order although that’s outside the scope of this pattern.
For example, let’s suppose that an aggregate is updated by a series of transactions
This transactions might be performed by the same service instance or by different service instances.
Each transaction publishes a corresponding event:
T1 -> E1,
T2 -> E2, etc.
E1 must be published before
How to atomically update the database and send messages to a message broker?
- 2PC is not an option. The database and/or the message broker might not support 2PC. Also, it’s often undesirable to couple the service to both the database and the message broker.
- If the database transaction commits then the messages must be sent. Conversely, if the database rolls back, the messages must not be sent
- Messages must be sent to the message broker in the order they were sent by the service. This ordering must be preserved across multiple service instances that update the same aggregate.
The solution is for the service that sends the message to first store the message in the database as part of the transaction that updates the business entities. A separate process then sends the messages to the message broker.
The participants in this pattern are:
- Sender - the service that sends the message
- Database - the database that stores the business entities and message outbox
- Message outbox - if it’s a relational database, this is a table that stores the messages to be sent. Otherwise, if it’s a NoSQL database, the outbox is a property of each database record (e.g. document or item)
- Message relay - sends the messages stored in the outbox to the message broker
This pattern has the following benefits:
- 2PC is not used
- Messages are guaranteed to be sent if and only if the database transaction commits
- Messages are sent to the message broker in the order they were sent by the application
This pattern has the following drawbacks:
- Potentially error prone since the developer might forget to publish the message/event after updating the database.
This pattern also has the following issues:
- The Message relay might publish a message more than once. It might, for example, crash after publishing a message but before recording the fact that it has done so. When it restarts, it will then publish the message again. As a result, a message consumer must be idempotent, perhaps by tracking the IDs of the messages that it has already processed. Fortunately, since message Consumers usually need to be idempotent (because a message broker can deliver messages more than once) this is typically not a problem.
- The Saga and Domain event patterns create the need for this pattern.
- The Event sourcing is an alternative solution
- There are two patterns for implementing the Message relay: