Skip to main content

Scaling fundamentals: out, not up

Everything in this guide so far has been about building and running a system. This chapter is about what happens when it gets popular — when one server, one database, one of anything is no longer enough. Scaling is the umbrella word for handling more load: more users, more requests, more data, without falling over. This lesson builds the mental model from the ground up. Almost none of it is cloud-specific trivia; it's the durable physics of distributed systems that has been true for decades and will outlast every tool name in this guide.

Two directions: up vs out

There are exactly two ways to give a system more capacity.

  • Vertical scaling (scaling up) means making one machine bigger — more CPU, more memory, a faster disk. It's the obvious first move and it's genuinely easy: in the cloud you change an instance size and reboot. But it has a hard ceiling (there is a biggest machine money can buy), it usually means downtime to resize, and that one big machine is a single point of failure — when it dies, everything dies with it.
  • Horizontal scaling (scaling out) means adding more machines and spreading the load across them. There's no real ceiling — need more capacity, add more boxes — and if one machine dies, the others carry on. This is how every large system on earth is built. The cost is complexity: now you have many machines that must coordinate, and a way to spread traffic across them.

Durable rule of thumb: scale up first because it's simple, but design to scale out, because that's where real scale and resilience live. The interesting engineering — and most of this lesson — is in scaling out.

The unlock for scaling out: statelessness

Here is the single most important concept in scaling, and the one beginners most often miss. To run many copies of your app behind a load balancer, any copy must be able to handle any request. That only works if the application servers are stateless — meaning they keep no important data in their own memory between requests. Every request carries (or looks up) everything it needs; the server forgets you the moment it responds.

Why does this matter so much? Imagine the opposite — a stateful server that remembers, in its own RAM, that "user 42 is logged in" or "user 42's shopping cart has 3 items." Now request #2 from user 42 gets load-balanced to a different server, which has never heard of user 42. The user appears logged out; the cart is empty. Stateful app servers and horizontal scaling are fundamentally at war.

The fix is to push state out of the app servers into shared, purpose-built stores:

  • Session/login state → a shared cache (e.g. Redis) or a signed token the client carries.
  • Persistent data → the database (Chapter 2).
  • Uploaded files → object storage (Chapter 2's S3-style storage).

Now every app server is an identical, disposable, interchangeable worker. Any one can handle any request because the state lives elsewhere. Kill one, add ten — nothing breaks. (Recognize this? It's exactly why Kubernetes pods in Chapter 4 are "disposable and ephemeral." Statelessness is what makes them disposable.)

:::tip Why "state is the hard part" Notice that statelessness doesn't eliminate state — it relocates it into the database and cache. Those stateful systems are now the hard part to scale, because they can't just be cloned. Scaling stateless app servers is almost trivial; scaling the stateful database underneath them is the genuinely difficult problem, and it gets its own treatment in the next lesson. :::

Load balancing: spreading the work

Once you have many app servers, something must distribute incoming requests across them. That's a load balancer (you met it briefly in Chapter 2's networking): a single front door that receives all traffic and forwards each request to one of the healthy servers behind it, spreading the load and routing around any server that's down (it health-checks them).

UsersLoadbalancer\n(singlefrontapp server1\n(stateless)app server2\n(stateless)app server3\n(stateless)("Shared DB +cache\n= where thestate lives")

Load balancers come in two flavors, and the distinction is a common interview topic:

  • Layer 4 (L4) load balancing operates at the transport layer — it routes raw TCP/UDP connections by IP and port, without looking inside the traffic. It's extremely fast and protocol-agnostic, but it can't make decisions based on the content of a request.
  • Layer 7 (L7) load balancing operates at the application layer — it understands HTTP, so it can route based on the URL path, headers, cookies, or hostname (e.g. send /api to one pool and /images to another, or terminate HTTPS). It's smarter and more flexible, at a small performance cost.

("Layer 4" and "Layer 7" refer to the OSI networking model; you don't need to memorize all seven layers — just that L4 = fast and dumb, by IP/port; L7 = smart, understands HTTP.) Kubernetes' Service is L4-ish and its Ingress (Chapter 4) is L7 — the same two ideas you already met.

Caching: don't redo expensive work

The fastest request is the one you never make. A cache is a fast, temporary store that holds the result of an expensive operation so you can serve it again without redoing the work. If 10,000 users request the same homepage, you don't run the same database queries 10,000 times — you compute it once, cache the result, and serve the cached copy.

Caching shows up at every layer of a system:

  • A CDN (content delivery network) caches static assets (images, JS, CSS) at edge locations physically close to users.
  • An application cache (Redis, Memcached) holds query results, computed values, or sessions in fast memory.
  • The database caches frequently-read pages itself.

Caching is one of the highest-leverage scaling tools there is — it can cut load by orders of magnitude. But it has a famous catch: cache invalidation. When the underlying data changes, the cached copy is now stale (out of date), and deciding when to refresh or discard it is genuinely hard. (Hence the old engineering joke: the two hard problems in computer science are cache invalidation, naming things, and off-by-one errors.) The durable lesson: caching trades freshness for speed, and you must consciously decide how stale is acceptable for each piece of data.

Queues and async: absorb spikes, decouple work

Some work doesn't need to happen right now, while the user waits. Resizing an uploaded video, sending a confirmation email, generating a report — making the user's request hang until that finishes is slow and fragile. The durable pattern is to make it asynchronous using a queue.

A message queue (e.g. SQS, RabbitMQ, Kafka) is a buffer that holds units of work. Instead of doing the slow task inline, the web server drops a message ("resize video X") onto the queue and immediately responds to the user ("we're processing it"). Separately, a pool of worker processes pulls messages off the queue and does the actual work at its own pace.

User uploads\nvideoWebserver\n(respondsinstantly)["Messagequeue\n(buffer ofwork)workerworkerworkerenqueue 'resize X'

This buys you three durable wins:

  • Spike absorption. A sudden flood of uploads just makes the queue longer; workers drain it steadily instead of the whole system collapsing under simultaneous load. The queue is a shock absorber.
  • Decoupling. The web tier and the worker tier scale independently and don't have to be up at the same instant. If workers are briefly down, messages wait safely in the queue.
  • Resilience. If a worker crashes mid-task, the message goes back on the queue and another worker retries it.

That last point introduces a subtlety — retrying work means a task might run more than once — which is exactly why idempotency matters, covered in the next lesson.

Designing for failure

The deepest durable shift in mindset for scaling is this: at scale, failure is not an exception — it is the normal, constant background condition. With one server, a crash is a rare event. With a thousand servers, something is always broken: disks fail, networks blip, a machine reboots. You cannot prevent this. So you design assuming components will fail and ensuring the system as a whole survives anyway.

This is why everything above exists: stateless servers so any one can die without losing data; load balancers that health-check and route around dead backends; queues that re-deliver failed work; multiple copies of everything so there's no single point of failure. The goal is never "nothing breaks" — it's "things break constantly and users don't notice." The reliability patterns in the next lesson — redundancy, graceful degradation, multi-AZ — are all elaborations of designing for failure.

Why it matters

There are two ways to add capacity: vertical (a bigger machine — simple, but capped and a single point of failure) and horizontal (more machines — unlimited and resilient, but complex). Real scale lives in scaling out, and the unlock for it is statelessness: push session and persistent state out of the app servers into shared caches, databases, and object storage so every server is an identical, disposable worker. A load balancer (L4 = fast, by IP/port; L7 = smart, understands HTTP) spreads traffic across them and routes around failures. Caching avoids redoing expensive work (trading freshness for speed), and queues make slow work asynchronous to absorb spikes and decouple components. Underlying all of it is the durable mindset that failure is the normal condition at scale — you design so the system survives constant component failures invisibly. The hard part that remains is the stateful layer underneath, which the next lesson takes head-on.

Next: 11.2 Distributed-systems realities & reliability →