Distributed Transactions
A distributed transaction is a set of operations spanning multiple independent nodes, databases, or services that must succeed or fail together as a single atomic unit, even though no single node has full visibility or control over the others. This is straightforward within one database thanks to ACID transaction support, but becomes genuinely hard once you split state across services — for example, debiting a wallet service and crediting an order service in a microservices architecture — because a partial failure (one side commits, the other doesn't) leaves the system in an inconsistent state that's hard to detect and even harder to repair automatically. Distributed transaction techniques exist specifically to prevent or gracefully recover from these partial-failure states, at some cost in latency, availability, or implementation complexity.
Cricket analogy: Like a single umpire easily keeping the scorebook consistent alone, but once the scorebook is split between the bowling and batting team's separate official scorers, a mid-over disagreement can leave the runs credited on one side but not the other.
Two-Phase Commit (2PC)
Two-phase commit is the classical protocol for atomic distributed transactions. In the 'prepare' (voting) phase, a coordinator asks every participant to lock the relevant resources and confirm they are able to commit; each participant replies 'yes' (ready) or 'no' (abort). Only if every participant votes 'yes' does the coordinator move to the 'commit' phase, telling everyone to make the change permanent and release locks; if any participant votes 'no,' the coordinator tells everyone to abort and roll back. 2PC guarantees atomicity across nodes, but it has a serious weakness: if the coordinator crashes after participants have voted 'yes' but before sending the final commit/abort decision, participants are left blocked, holding locks indefinitely, unable to safely decide on their own whether to commit or abort — this is why 2PC is called a blocking protocol, and it's a major reason it fell out of favor for large-scale, loosely-coupled systems.
Cricket analogy: Like a match referee polling both captains before confirming a result change — 'are you ready to accept this?' — and only finalizing if both say yes; but if the referee vanishes after both agree but before announcing it, both teams are stuck unable to update the record on their own.
The Saga Pattern
The saga pattern sidesteps 2PC's blocking problem by abandoning true atomicity in favor of a sequence of local transactions, each with a corresponding compensating action that can undo its effect if a later step fails. Instead of holding distributed locks across services for the duration of a transaction, each service commits its own local transaction immediately and publishes an event or is invoked by an orchestrator to trigger the next step; if step N fails, the saga executes compensating transactions for steps 1 through N-1 in reverse order (e.g., 'refund payment' compensates 'charge card'). Sagas can be coordinated via choreography (each service reacts to events from the previous one, with no central coordinator) or orchestration (a central saga orchestrator explicitly calls each step and handles failures) — orchestration is generally easier to reason about and debug at scale, while choreography reduces coupling but can make the overall flow harder to trace. Because each local transaction commits immediately rather than waiting on a global lock, sagas sacrifice isolation compared to ACID: other parts of the system can observe intermediate, partially-completed states before the saga finishes (e.g., inventory temporarily shows stock reserved before payment is confirmed), which must be handled explicitly through semantic locks, versioning, or read paths designed to tolerate it.
Cricket analogy: Like a tour selector committing each squad change immediately (no locked-in whole squad) and, if a later pick falls through, reversing earlier picks one by one — either via each selector reacting to news individually (choreography) or a chief selector directing every change (orchestration), with the squad list visibly incomplete mid-process.
Saga (orchestrated) for 'place order':
1. Orchestrator -> Payment Service: charge card [OK]
2. Orchestrator -> Inventory Service: reserve stock [OK]
3. Orchestrator -> Shipping Service: schedule ship [FAILS]
Compensation kicks in, running in reverse:
4. Orchestrator -> Inventory Service: release stock (compensates #2)
5. Orchestrator -> Payment Service: refund card (compensates #1)
Result: no step ever held a distributed lock; each local
transaction committed independently, and failure triggered
explicit compensating actions instead of a global rollback.Most large e-commerce and payments platforms (e.g., systems modeled after Uber's or Amazon's order pipelines) use saga-style orchestration rather than 2PC precisely because order fulfillment spans many independently-owned, independently-scaled services (payments, inventory, shipping, notifications) where holding a single distributed lock across all of them for the duration of an order would be a severe availability and throughput bottleneck.
Idempotency and Exactly-Once Semantics
Because distributed transactions (especially sagas, which rely on retries when a step fails or a message is delayed) can result in a step being invoked more than once, every step and every compensating action must be idempotent — applying it multiple times must produce the same result as applying it once. This is typically achieved with idempotency keys (a unique ID per logical operation that the service checks before re-applying an effect) so that network retries, at-least-once message delivery, or orchestrator restarts never cause a double-charge or a double-refund. Idempotency is not optional in distributed transaction design — without it, the retry mechanisms that make sagas resilient to partial failure become a source of new bugs.
Cricket analogy: Like a scorer using a unique ball-ID so that if a run update is resent due to a radio glitch, the same run isn't credited twice — without this, a retried transmission would double-count runs on the scoreboard.
- Distributed transactions coordinate atomic updates across independent services or databases, where no single node has full control.
- Two-phase commit (2PC) provides strong atomicity via a prepare/vote phase and a commit/abort phase, but blocks participants indefinitely if the coordinator crashes mid-protocol.
- The saga pattern replaces atomic distributed locking with a sequence of local transactions plus compensating actions for rollback.
- Sagas can be choreographed (event-driven, no central coordinator) or orchestrated (central coordinator explicitly drives each step).
- Sagas sacrifice isolation — intermediate, partially-completed states can be visible to other parts of the system before the saga finishes.
- Every step and compensating action in a distributed transaction must be idempotent to safely tolerate retries.
Practice what you learned
1. What is the core weakness of the two-phase commit (2PC) protocol that led many large-scale systems to avoid it?
2. In the saga pattern, what mechanism is used to undo the effects of an earlier successful step when a later step fails?
3. What key property must every step and compensating action in a saga have to safely tolerate retries?
4. What isolation guarantee does the saga pattern sacrifice compared to a traditional ACID transaction?
5. What is the key difference between choreography-based and orchestration-based sagas?
Was this page helpful?
You May Also Like
The CAP Theorem
A foundational result stating that a distributed data store can only guarantee two of consistency, availability, and partition tolerance at once, shaping every distributed database's design.
Consensus Algorithms
Consensus algorithms let a group of distributed nodes agree on a single value or ordered log despite failures and network delays, underpinning leader election and replicated state machines.
Idempotency in Distributed Systems
The property that performing the same operation multiple times produces the same result as performing it once, essential for safely retrying requests over unreliable networks.
Consistency Models
Consistency models define the contract about what values reads may return after concurrent writes, ranging from strict linearizability to loosely-ordered eventual consistency.
Related Reading
Related Study Notes in Software Engineering
Browse all study notesMicroservices Study Notes
Software Architecture · 30 topics
Software EngineeringTesting & TDD Study Notes
Software Testing · 30 topics
Software EngineeringDesign Patterns Study Notes
Software Design · 30 topics
Software EngineeringSoftware Engineering Study Notes
Python · 40 topics
Software EngineeringGit & Version Control Study Notes
Bash · 40 topics