Cache Penetration and Four Effective Mitigation Strategies

The author introduces the issue of cache penetration in large‑scale websites, explaining how malicious or invalid requests can bypass caches and directly hit the database, potentially causing crashes under high traffic.

Cache penetration occurs when a request for data that does not exist bypasses the cache layer and reaches the underlying database, often seen in attacks such as mass requests for non‑existent keys.

When millions of such requests arrive per second, the database can become overloaded, leading to performance degradation or complete service outage.

Four common mitigation solutions are presented:

Solution 1: Cache Empty Objects – Store a short‑lived placeholder for missing data to prevent repeated database lookups, though this may increase cache space usage.

Solution 2: Rate Limiting – Apply throttling rules to high‑frequency endpoints, rejecting excess requests to protect the database, while carefully tuning thresholds to avoid harming legitimate users.

Solution 3: Blacklist Mechanism – Identify abusive IPs or clients that generate excessive invalid requests and block or limit them.

Solution 4: Bloom Filter – Use a memory‑efficient probabilistic data structure to quickly test whether a key might exist; if the filter indicates absence, the request is rejected without touching the cache or database, at the cost of a small false‑positive rate.

In practice, combining multiple methods often yields the best protection against cache penetration.

The article also promotes additional resources, such as a comprehensive collection of Alibaba architecture topics and extensive Java interview questions, available via the author’s WeChat public account.