CAP Theorem

The CAP theorem, first conjectured by Eric Brewer in his 2000 PODC keynote and formally proven by Seth Gilbert and Nancy Lynch in 2002, establishes a fundamental impossibility result for distributed data stores. It states that any networked shared-data system can provide at most two of three guarantees simultaneously: Consistency (C), Availability (A), and Partition Tolerance (P). Because network partitions are inevitable in any distributed system, the practical choice during a partition is between consistency and availability.

Consistency in CAP means linearizability -- every read receives the most recent write or an error. This is stronger than the 'C' in ACID, which refers to database invariants. Availability means every request to a non-failing node receives a response, without guaranteeing it contains the latest write. Partition Tolerance means the system continues to operate despite arbitrary message loss or delay between nodes. A partition is not a theoretical edge case; it is a routine event in any system spanning multiple machines, racks, or data centers. Network cables are cut, switches fail, and cloud availability zones lose connectivity to each other.

The most common misconception about CAP is treating it as a permanent architectural choice -- 'pick 2 of 3.' In reality, partitions are rare events. When the network is healthy, a well-designed system can provide both consistency and availability. The theorem only forces a choice during an active partition. A CP system (like ZooKeeper) will reject writes or reads it cannot guarantee are consistent during a partition, sacrificing availability. An AP system (like DynamoDB in its default configuration) will continue serving requests during a partition, but different nodes may return different values for the same key, sacrificing consistency. After the partition heals, AP systems must reconcile divergent state, typically through conflict resolution strategies like last-writer-wins, vector clocks, or application-level merge functions.

The PACELC extension (proposed by Daniel Abadi in 2012) refines CAP by addressing system behavior when there is no partition. PACELC states: if there is a Partition, choose Availability or Consistency; Else, choose Latency or Consistency. This captures the reality that even in normal operation, replicating data synchronously (for consistency) adds latency compared to asynchronous replication (for lower latency). PACELC explains why systems like DynamoDB (PA/EL) and Cassandra (PA/EL) optimize for availability and latency, while Spanner (PC/EC) pays a latency cost for global consistency using TrueTime. Understanding PACELC helps designers make informed trade-offs for the 99.99% of the time when there is no partition, not just the rare failure scenarios CAP addresses.

Imagine a bank with two ATMs connected by a network, both accessing the same account with a $500 balance. The network cable between them is cut (partition). A customer tries to withdraw $400 from ATM-A. The bank has two choices: (1) Allow the withdrawal -- the customer gets their money (available), but ATM-B still thinks the balance is $500, and a second $400 withdrawal there would overdraft the account (inconsistent). (2) Reject the withdrawal until the network is restored -- the account stays consistent, but the customer is denied service (unavailable). There is no option that gives both correct balances and uninterrupted service during the partition.