HTTP Retries without Backoff

How 'trying again immediately' accidentally launches a DDoS attack against your own database.

The idea

Networks are flaky. If an HTTP request fails, a good engineer writes a while loop to retry it. But what if the request failed because the target server is genuinely overloaded? If 1,000 clients all fail, and they all instantly retry in a tight while loop, they will bombard the struggling server with a massive spike of traffic, ensuring it crashes completely. This is called a Retry Storm. To fix it, you must use Exponential Backoff.

Step 1: The server is slightly overloaded. A request fails.

How it works (Exponential Backoff + Jitter)

Instead of retrying instantly, you wait. And every time it fails again, you double the wait time (1s, 2s, 4s, 8s). This is Exponential Backoff—it gives the struggling server time to recover. Furthermore, you must add Jitter (randomness). If 1,000 clients all wait exactly 1.0 seconds and retry at the exact same millisecond, they will still cause a spike. You make them wait 1.0s + random(0.5s) so the retries are smeared out over time.

// GOOD: Exponential Backoff with Jitter
let attempt = 0;
const maxAttempts = 5;

while (attempt < maxAttempts) {
    try {
        return await fetch("https://api.example.com/data");
    } catch (error) {
        attempt++;
        
        // Base delay: 2^attempt (2s, 4s, 8s...)
        const baseDelay = Math.pow(2, attempt) * 1000;
        
        // Jitter: Randomize by +/- 20% to avoid synchronized spikes
        const jitter = baseDelay * 0.2 * (Math.random() - 0.5);
        
        await sleep(baseDelay + jitter);
    }
}
throw new Error("Server is dead.");

Cost

Backoff deliberately adds latency. If the 3rd retry succeeds after 4 seconds, the user had to stare at a loading spinner for 4 seconds. In real-time systems (like a multiplayer game), data from 4 seconds ago is often useless. In those cases, you might prefer to "Fail Fast" and let the user click a retry button themselves rather than silently backing off.

Watch out for