Bulkhead Isolation

resilienceMedium
Applicability

When to Use

When one slow service should not affect others
When you need resource isolation between tenants
When preventing total system failure from a single point
Overview

How It Works

The Bulkhead pattern borrows from ship design: compartments (bulkheads) prevent a single breach from sinking the whole ship. In an MCP architecture, each server connection gets its own resource pool (connection limit, timeout, queue). If one server becomes slow, it only fills its own pool, leaving other servers unaffected. This prevents the common failure mode where a slow database causes all other API calls to time out because they are waiting for the database to release connections.
Implementation

Code Example

typescript
class Bulkhead {
  active = 0;
  queue = [];
  constructor(public maxConcurrent = 10, public maxQueue = 50) {}
  
  async execute(fn) {
    if (this.active >= this.maxConcurrent) {
      if (this.queue.length >= this.maxQueue) throw new Error("Bulkhead full");
      await new Promise((resolve, reject) => {
        this.queue.push({ resolve, reject, timeout: setTimeout(() => reject(new Error("Queue timeout")), 5000) });
      });
    }
    this.active++;
    try {
      return await fn();
    } finally {
      this.active--;
      const next = this.queue.shift();
      if (next) { clearTimeout(next.timeout); next.resolve(); }
    }
  }
}

const bulkheads = {
  postgres: new Bulkhead(20),
  redis: new Bulkhead(50),
  externalApi: new Bulkhead(5)
};

Quick Info

Categoryresilience
ComplexityMedium

Need Architecture Help?

Our team designs custom automation architectures.

Get in Touch
CortexAgent Customer Service

Want to skip the form?

Our team is available to help you get started with CortexAgent.

This chat may be recorded for quality assurance. You can view our Privacy Policy.

Bulkhead Isolation - Architecture Patterns - CortexAgent