Defining the Steady State and Building Experimental Hypotheses

Chaos engineering is often misunderstood as the practice of breaking things in production to see what happens. In reality, it is a highly disciplined scientific approach designed to build confidence in a system by identifying weaknesses before they lead to outages. The first and most critical step in this discipline is not the failure itself, but the establishment of a steady state baseline.

A steady state represents the normal behavior of your system under a variety of conditions. Without a clear understanding of how your services interact during routine operations, you cannot objectively measure the impact of an injected fault. Your baseline acts as the control group in your experiment, providing a reference point for every metric you intend to observe.

To define this baseline, you must look beyond simple infrastructure metrics like CPU utilization or memory consumption. While these are useful, they do not always correlate with the health of the business or the satisfaction of the end user. Instead, focus on system throughput, error rates, and latency distribution across different percentiles.

• Request Latency: Specifically monitoring the P95 and P99 percentiles to capture the experience of users in the long tail.
• Error Rate: The percentage of requests that result in 5xx errors or failed background processing jobs.
• System Throughput: The total volume of transactions or requests handled per second during peak and off-peak hours.
• Business Success Metrics: High-level indicators such as the number of completed checkouts or successful logins.

Once you have identified these metrics, you need to collect data over a sufficient period to account for daily and weekly cycles. A system might behave differently on a Monday morning than it does on a Sunday night. Capturing these fluctuations ensures that your baseline is representative of reality rather than a snapshot of a single moment in time.

A chaos experiment is only as valuable as the hypothesis that drives it. After defining your steady state, you must formulate a specific, testable statement about how you expect the system to respond to a particular failure. This prevents experiments from becoming aimless and ensures that every test results in actionable data.

A strong hypothesis follows a simple if-then structure that links a failure event to an expected outcome. For example, if we inject 200ms of latency into the authentication service, then the checkout service should continue to function normally using cached credentials. This format forces you to explicitly state your assumptions about your system's resilience mechanisms.

When crafting these hypotheses, it is helpful to consult with the engineers who built the services. They often have insights into where the architectural seams are and which failure modes were considered during the design phase. These conversations frequently reveal hidden assumptions, such as a reliance on a single database node or a lack of timeouts on an external API call.

The goal of chaos engineering is not to prove that the system is broken, but to confirm that our mental model of how the system handles failure is accurate.

If the experiment results in a deviation from your hypothesis, you have discovered a vulnerability. This is a successful outcome, as it provides a clear path for remediation before the failure occurs naturally. Conversely, if the system behaves as expected, you have successfully verified a resilience pattern and can move on to more complex or high-impact scenarios.

Once you have a baseline and a hypothesis, you must design the implementation details of the experiment. This involves choosing the right tools and techniques to inject faults in a way that is controlled and measurable. The objective is to apply enough stress to reveal weaknesses without causing a catastrophic outage.

Fault injection can take many forms, including network partitioning, resource exhaustion, or process termination. The method you choose should be directly related to the hypothesis you are testing. If you are testing the impact of a slow third-party API, injecting packet loss at the network level is more appropriate than killing a container instance.

Safety must be the primary concern during the execution of any chaos experiment. You should have a predefined set of conditions, known as abort criteria, that will trigger an immediate cessation of the experiment. If the error rate exceeds a certain threshold or if latency spikes beyond a recoverable limit, the experiment must be rolled back automatically.

1const chaosLibrary = require('chaos-provider');
2const monitoring = require('./monitoring-service');
3
4async function runChaosExperiment() {
5    const experimentConfig = {
6        target: 'payment-gateway-service',
7        action: 'inject-latency',
8        params: { duration: '30s', delay: '500ms' }
9    };
10
11    console.log('Initiating experiment...');
12    const job = await chaosLibrary.start(experimentConfig);
13
14    // Monitor health every 2 seconds
15    const monitorInterval = setInterval(async () => {
16        const health = await monitoring.getHealthScore('payment-gateway-service');
17        
18        // Abort criteria: If health score drops below 80%
19        if (health < 0.8) {
20            console.error('Abort criteria met. Rolling back failure injection.');
21            await chaosLibrary.stop(job.id);
22            clearInterval(monitorInterval);
23        }
24    }, 2000);
25}
26
27runChaosExperiment();

It is also important to communicate the timing and scope of experiments to all relevant stakeholders. While chaos engineering eventually moves toward automated, continuous testing, initial experiments should be coordinated activities. This ensures that the operations team is aware that any alerts they receive are part of a planned test rather than an organic incident.

The conclusion of an experiment marks the beginning of the most important phase: analysis and remediation. Simply running tests is useless if the findings are not integrated back into the development lifecycle. You must compare the data gathered during the experiment against your initial baseline and hypothesis.

Analysis involves looking for discrepancies between predicted and actual behavior. If the latency increased more than expected, you need to investigate why your scaling policies or timeout settings did not mitigate the impact. This often involves deep diving into distributed traces to identify the exact point where the request slowed down.

Every chaos experiment should result in a post-mortem report, regardless of whether it was successful. This report should document the experiment's parameters, the observed impact, and any architectural improvements that were identified. These documents serve as a historical record of the system's evolving resilience and help justify future investments in reliability engineering.

Remediation tasks should be prioritized alongside feature development in the product backlog. Treating reliability issues as first-class bugs ensures that the system becomes progressively more robust over time. If a failure revealed a single point of failure in the infrastructure, that weakness must be addressed before the same experiment is run again.

Finally, chaos engineering should be treated as a continuous cycle rather than a one-off project. As the codebase changes and new features are added, the system's behavior will shift, and previous assumptions may no longer hold true. Regularly revisiting baselines and rerunning experiments is the only way to maintain high availability in a rapidly evolving software ecosystem.