Sources

In the 2022 state of GraphQL study, we uncovered that Security is one of the top pain points developers face when using GraphQL. The number one pain point being error handling has caused many GraphQL APIs to leak sensitive information. Analyzing error messages is actually how our tool Graphw00f allows hackers to fingerprint your GraphQL APIs and uncover vulnerabilities.

### Authorisation I think this is the most widely understood risk of GraphQL, so I won’t go into too much depth here. TLDR: if you expose a fully self documenting query API to all clients, you better be damn sure that **every field** is authorised against the current user appropriately to the context in which that field is being fetched. Initially authorising **objects** seems like enough, but this quickly becomes insufficient. For example, say we are the ~~Twitter~~ X 🙄 API: … This is not a unique problem to GraphQL, and actually the strict GraphQL resolution algorithm has allowed most libraries to share a common solution: the Dataloader pattern. Unique to GraphQL though is the fact that since it is a query language, this can **become** a problem with no backend changes when a client modifies a query. As a result, I found you end up having to defensively introduce the Dataloader abstraction everywhere *just in case* a client ends up fetching a field in a list context in the future. This is a lot of boilerplate to write and maintain. … ``` class UserType < GraphQL::BaseObject field :handle, String field :birthday, authorize_with: :view_pii end class UserPolicy < ApplicationPolicy def view_pii? # Oh no, I hit the DB to fetch the user's friends user.friends_with?(record) end end ``` … This is actually trickier to deal with than our previous example, because authorisation code is not always run in a GraphQL context. It may for example be run in a background job or an HTML endpoint. That means we can’t just reach for a Dataloader naively, because Dataloaders expect to be run from within GraphQL (in the Ruby implementation anyway). … - GraphQL discourages breaking changes and provides no tools to deal with them. This adds needless complexity for those who control all their clients, who will have to find workarounds. - Reliance on HTTP response codes turns up everywhere in tooling, so dealing with the fact that 200 can mean everything from everything is Ok through to everything is down can be quite annoying.

joshstrange on May 30, 2024 With most tech that I screw up I assume that "I wasn't using it right" but with GraphQL I'm not sure how anyone could. The permissions/auth aspect alone is a nightmare. Couple that with potential performance issues (N+1 or just massive amounts of data) and I want nothing to do with GraphQL anymore. Everything we attempted to fix our permissions issues just caused more problems. It would break existing queries and debugging GraphQL sucked so much. … Again, fetching and updating data is easy until you need to handle edge cases. I have the same feelings about Firebase and friends. Feels like magic at the start but falls down quick and/or becomes way too complicated. GraphQL feels like DRY run amuck, "I have to keep writing CRUD, let me abstract that away", ok but now if you need special logic for certain use-cases you have a mess on your hands. Maybe GraphQL has ways to solve it but I'll bet my hat that it's overly complicated and hard to follow, like most of GraphQL once you get past the surface. … But GraphQL has everything in it to make such problems even harder. And both these projects had clear signs of "learning-on-the-go" with loads of bad practices (especially for the N+1 problem). Issue descriptions were much vaguer, harder to find in logs and performance issues popped up in the most random places (code that had been running and untouched for ages).

I thought this was really smart. Having a JSON Schema for every operation would allow us to easily generate clients, forms, and documentation. However, as time went on, I realized that this approach is not as practical as I initially thought. Most companies had adopted existing GraphQL tools and libraries, which rely on the GraphQL schema. Adding this additional JSON-RPC layer introduces complexity and unnecessary overhead. … ## Generated GraphQL APIs: Tight Coupling as a Service I said the following on generating GraphQL APIs in 2020: > - works well for small projects and prototyping > - lacks capabilities to design > - violates information hiding > - forces business logic onto API consumers > - doesn't abstract away storage > - is hard to evolve because of tight coupling … ## GraphQL's @defer and @stream Directives are overkill In February 2023, I served a sizzling side of spice: > I argued that the `@defer` and `@stream` directives are overkill. My point was that we could instead use a Backend For Frontend layer to achieve the same results with less complexity. This is, once again, a topic where I previously was in favor of a JSON-RPC layer in front of GraphQL. ... … From discussions with our customers, it's clear that latency of Subgraph responses can vary significantly depending on the underlying services. For many use cases, every millisecond counts in the battle to provide the best possible user experience. Providers of e-commerce platforms, for example, can measure the impact of a 100ms delay in the response time in terms of lost revenue. With the help of the `@defer` and `@stream` directives, it's possible to optimize critical rendering paths in a way that shows the most important data first while the rest of the data is fetched in the background.

## Why developers moved on from GraphQL to different solutions in 2024 ### GraphQL seems to be too complex for small projects My impression is that there's the general sentiment that GraphQL is too complex for small projects. Indeed, GraphQL adds complexity to your project, but this complexity also comes with some benefits. GraphQL forces you to have a Schema, either by defining it upfront (schema-first) or by deriving it from your code (code-first). But a Schema also gives you a lot of benefits, like being able to generate types for your frontend, and being able to generate documentation. It's worth noting that there's a lot of ongoing investment in making it easier to build GraphQL APIs. ... Now let's take a look at some considerations you have to make when rate limiting a GraphQL API. - You can rate limit based on the complexity of the query (depth, number of fields, etc.) - You can rate limit based on the number of Subgraph requests - You can rate limit based on the actual load on your origin server (but how do you measure that?) - How will a user know how much they can request? How can they estimate the cost of their query? - How can a client automatically back off when they're rate limited? … ### GraphQL creates a lot of security concerns GraphQL does indeed require you to think about security in a different way than REST. GraphQL inherits all security concerns from HTTP-based APIs like REST, and then adds some more on top of that because of the flexibility of the query language. As with rate limiting and caching, the GraphQL ecosystem is very mature and has solutions for security as well, but you can see that there's a theme here: A query-style API is fundamentally different from a URL-based API. The "Q" in GraphQL gives you a lot of power, and that comes at a cost. … ### Using GraphQL leads to unnecessary complexity I have empathy for this tweet. You use a technology that adds complexity to your project, and over time, it turns into a complete mess. We all have been there. What I've learned is that it's usually not the technology that's at fault, but the way we use it. You can mess up the architecture of a REST API just as much as you can mess up the architecture of a GraphQL API. When a team is incapable of building a good REST API, and then migrates to GraphQL, it'll surprise me if they suddenly build a good GraphQL API. … ### GraphQL makes projects slower, more complex, and more likely to fail This tweet carries a slightly negative sentiment, but we can take a look at the points made and see if they are valid. First, I think it's generally wrong to say that GraphQL makes projects slower, more complex, and more likely to fail. This is a very broad statement that's lacking specifics and is hard to prove. It goes on to say that 90% of GraphQL use cases can be handled by using a simple REST API. Why only 90%? There's almost no use case that you cannot model with REST. Lastly, it says that GraphQL is overused by engineers who prioritize their well-being over user value and time to market. I don't actually see this as criticism of GraphQL, but rather as criticism of engineers who prioritize their personal goals, e.g. using a technology they like, over the goals of the company. The last point is valid for any technology, not just GraphQL. We write software to solve problems for our users/customers (hopefully), not just to use the latest and greatest technology. That said, Engineers are also humans and want to enjoy their work. I think it's fine to use a technology that you enjoy as long as it doesn't hurt the company. … - GraphQL seems to be too complex for small projects - Rate limiting GraphQL APIs seems to be hard - Small teams don't benefit from the upsides of GraphQL - REST gets the job done - GraphQL doesn't play nice with the Web - GraphQL creates a lot of security concerns - You can just build a custom Endpoint for that - You don't need GraphQL when all use cases are known - Using GraphQL leads to unnecessary complexity - Server Actions, TypeScript and a Cache are all you need - GraphQL makes projects slower, more complex, and more likely to fail We can condense these reasons into one sentence: > GraphQL is too much overhead, and there are simpler alternatives like REST and RPC.

but beginner to mid level developers are lead down the path of USE GRAPHQL especially on youtube... and this is just unfair and wrong. The good: - It makes working with describing the data you want easy - It can save you bandwidth. Get what you ask for and no more - It makes documentation for data consumers easy - It can make subscription easier for you to use - Can let you federate API calls The bad - It is actually a pain to use, depending on the backend you are using you'll have to manage two or more type systems if there are no code first generates in your language - It doesn't support map/tables/dictionaries. This is actually huge. I get that there might be some pattern where you don't want to allow this but for the majority of situations working with json api's you'll end up with a {[key: string] : T} somewhere … please any senior dev's drop your wise words so that any new dev's can avoid tarpits ... The more fine-grained nature of boring REST calls makes it more easy to control client impact on the system. If you want to see the kind of work you actually need to put in to make a graphql API, look at Shopify. They have rate limits based on quantity of data returned. Cursors and pagination. The schema is a huge ugly mess with extra layers that never show up in the pretty examples of GraphQL on the internet. … Not saying people should use GraphQL for everything though. It’s kind of overkill for a lot of apps. PragmaticPulp on Aug 7, 2022 I worked with a team that was going down a similar path. At some point it felt like they were reinventing REST on top of GraphQL with a strict set of predefined queries and result shapes. … ryanbrunner on Aug 6, 2022 GraphQL falls into the same trap that a lot of things do IMO - it assumes that because 5% of things are complex, that you need a solution that can deal with that complexity for 100% of your API, which needlessly complicates everything else. … - Front end devs save time by.... sharing queries. So component B ends up fetching records it has no use for because its sharing GQL with component A. - Backenders never optimise column selection. You may think you are really optimising by sending a GQL query for one column, but the backend will go ahead and collect ALL the columns and then "filter" down the data that was asked for. - Backenders can also forget to handle denormalisation. If you query related many to many records but the GQL only asks for related ids of implementations will go ahead and do a full join instead of just returning results from the bridge table. - Frontenders aren't even aware you can send multiple graphql GraphL requests simultaneously. … Compare it to a database, what if you couldn't use random queries with SQL, but only had the option to call stored procedures? The problem is when genericity diffuses its way into a large system it becomes impossible to maintain. How do you refactor a code base when everything everywhere is just SQL queries. If you want to change the schema how do you know you're not breaking anything? The short answer is you don't and so the software becomes incredibly brittle. The common workaround is testing but you can never test everything and now your tests also become coupled to everything else making things even more difficult to change. … For example, field-level security pretty much means every field could be null at any time. Depending on your graphql server implementation, this might cause an entire request to fail rather than just that field to be omitted, unless you change your schema to where everything is nullable. Checking every field can also easily lead to performance issues, because it’s not uncommon for a large, complex graphql request to have hundreds or thousands of fields (particularly when displaying lists of data to a user). … The limitations of the query language make code size explode the moment you step outside simple toy examples. It doesn't have any concept of a JOIN, or of the actual relationships between your types (graphql has no concept that me == me.parent.child). You end up writing data loaders for every type so that loops in your schema can be resolved efficiently. … - Makes caching more challenging since there are now more possible permutations of the data depending on what query the client uses. A hacker could just spam your server's memory with cache entries by crafting many variations of queries. - Makes access control a lot more complicated, slower and error-prone since the query needs to be analyzed in order to determine which resources are involved in any specific query in order for the server to decide whether to allow or block access to a resource. It's not like in REST where the request tells you exactly and precisely what resource the client wants to access.

1. **Versioning is a lie** – No clean way to retire old fields without breaking clients. 2. **Relational mapping breaks down** – N+1 queries everywhere unless you hand-optimize. 3. **Pagination is inconsistent** – Multi-dimensional trees, different needs at different levels, no standard pattern. 4. **Deep queries go unchecked** – Clients can crater performance without guardrails. 5. **Filtering gets messy** – Complex filters require awkward nested input types, often forcing you to restructure your whole query. 6. **Repeated nodes + inconsistent shapes** – No normalization, tons of duplication, and brittle client logic. 7. **Backend logic is hidden** – Seemingly “cheap” fields might hit expensive services or timeouts. 8. **Federation = Fragile** – Stitching systems across domains is complex, slow, and hard to secure. 9. **Rigid structures** – Can’t return associative data, groupings, or CTE-style responses without workarounds. … What was once sold as a lean, client-customizable API becomes a fragile dance: every component defines its own ad hoc query shape, even when 90% of those queries are identical across the app. Instead of encouraging reuse and consistency, GraphQL enables a kind of **fragmented chaos**, where the same resource is requested in a dozen ever so slightly different structures by different consumers. … So instead of saving effort, GraphQL often forces developers to **reinvent the schema at the point of use**—adding mental overhead, duplication, and inconsistency across teams. And when it comes time to refactor? Good luck—because every query is shaped differently, there’s no unified contract to update. What started as elegance has, in many cases, devolved into a structural free-for-all. … Combine this with the fact that AND/OR logic, range filters, fuzzy matches, and custom operators all require bespoke design, and your filter inputs balloon in complexity. You end up duplicating logic across `UserFilterInput`, `OrderFilterInput`, `GroupFilterInput`, etc., with no cross-schema reuse unless you manually abstract it. It’s verbose, inconsistent, and hard to test. And unless you’re building your schema on top of a query builder library (like Prisma or Hasura), **you’re hand-authoring most of it anyway—and debugging it when it goes wrong**. ... GraphQL is often praised for its flexibility—but that flexibility only goes one way: the client gets to shape the query, but the back-end must rigidly conform to the types, fields, and structures defined in the schema. And as soon as your data doesn’t neatly fit into GraphQL’s strict trees of objects and lists, you start running into walls that are surprisingly hard to get around. Take a common scenario: You want to return a collection of results, but you want them keyed by a meaningful identifier—something like an object in PHP or a dictionary in Python or JavaScript. GraphQL doesn’t support that. If you try to return an associative array or a map-like object keyed by IDs, GraphQL’s schema validation will reject it unless you wrap it in a custom scalar or convert it into an array of key/value objects—adding **unnecessary complexity** to both the schema and the client logic. You can alias fields, but you can’t change the structure of a list to suit your data modeling needs. You also can’t express “dynamic keys” cleanly. If your data comes in keyed by dynamic values—like locales, timestamps, user IDs, or anything non-static—you’re forced to hack around it with custom types, nested lists, or pre-transformed responses. The end result is awkward and repetitive. Instead of letting the structure adapt to your data, you’re stuck bending your data to fit the rigid schema. And once you do that, you’ve already **sacrificed both readability and usability** for the sake of staying schema-compliant. … And again, this isn’t just a back-end annoyance—it bleeds into the client. Developers often expect the shape of the data to match their component needs. But since GraphQL only deals in nested objects and flat arrays, they frequently have to **reshape the response manually**, writing post-processing logic just to turn lists into dictionaries, flatten hierarchies, or collapse duplicates. You’re duplicating work that a database or ORM would have done for you—except now you’re doing it on the client, every time. … > The biggest issue is the false sense of completeness The biggest issue isn’t even the technical limitations—it’s the **false sense of completeness**. GraphQL solves the surface problems. Over-fetching, under-fetching, rigid endpoints? Fixed. But behind that are deeper concerns: inconsistent pagination, broken filtering, leaky abstractions, performance bottlenecks, deeply nested N+1 bombs, unpredictable back-end behavior, rigid schema structures, federation chaos, and client-side cartwheels just to shape the data how you actually need it.

## # GraphQL pain points and solutions Despite its numerous benefits, using GraphQL in production comes with several challenges. This is reflected in the 2024 GraphQL survey. These issues range from performance to security concerns, and they require thoughtful solutions to ensure that these drawbacks do not overshadow the benefits of GraphQL in enabling versatile and efficient APIs. Let’s explore them. ### Query complexity As the scope of a project grows, GraphQL queries can become increasingly complex, affecting execution time and resource consumption. In the context of GraphQL, query complexity refers to the assessment of the computational resources that a server would need to fulfill a request. The complexity of a query increases with the number of fields and the depth of the query. Assessing query complexity is important because, if high, it can lead to performance issues. Here are reasons that can cause complexity and how to overcome them: **1. Deeply nested queries:** GraphQL allows clients to use a single request for nested data in a single query. This can lead to deeply nested queries, which may result in poor performance, extensive database joins, or complex data fetching logic — increasing the execution time. For example, a complex query might request books, their authors, the author's other books, and reviews for those books; this creates a deeply nested structure: … **2. Over-fetching of fields:** One of the primary advantages of GraphQL is its ability to mitigate over-fetching, where clients receive more data than they need. Despite this, it's still possible to encounter over-fetching if the queries are not carefully constructed. Over-fetching can lead to increased processing time and slower response rates, as unnecessary data is processed and transmitted over the network. … **3. Pagination for large lists:** Queries that return large lists of data can be slow to execute, especially if each item in the list requires additional database lookups to resolve related fields. To overcome this problem, you can implement pagination using `first`, `last`, and `after` arguments. Suppose you want to fetch a list of the first ten books with pagination. The query can look like this: … ### Exposing sensitive data A single GraphQL endpoint can inadvertently expose sensitive data due to its highly flexible query structure, allowing clients to request exactly what they need. Without stringent authentication and authorization checks, an unauthorized user could potentially query sensitive information they shouldn't have access to. This risk stems from GraphQL's nature of providing a unified interface to all data, requiring careful implementation of robust authentication and authorization security measures to restrict access based on user roles and permissions. … ### Backward compatibility and schema changes Maintaining backward compatibility and managing schema changes in GraphQL can be challenging, especially as the application and its data requirements evolve. The schema defines the data structure and operations available to clients, including queries, mutations, and subscriptions. When changes are made to the schema—such as adding, renaming, or removing fields—they can have significant implications for existing clients that rely on those schema definitions. … This change breaks existing queries that expect `author` to be a string, which leads to backward compatibility issues. Schema stitching and federation are two strategies designed to handle schema evolution and distributed systems in GraphQL. They help maintain backward compatibility and extend schemas in a scalable manner for improved performance. Schema stitching allows for the merging of multiple GraphQL schemas into one. ... … However, the GraphQL ecosystem operates differently. It typically uses a single endpoint and HTTP POST method for all requests, and it returns a `200 OK` status code for most GraphQL responses, even if the query contains errors. This behavior means clients can't rely on HTTP status codes to understand what went wrong. Instead, GraphQL includes any errors in the response body alongside any data that could be retrieved. The lack of standardized error handling can make it difficult for clients to programmatically determine the nature of an error and decide how to handle it. … This response indicates that the query failed partially (trying to fetch a `user` that doesn't exist) but doesn't follow a standard error code system. The client needs to parse the error message string, which can be fragile and not standardized across different GraphQL services. Since GraphQL does not enforce a specific error-handling mechanism, developers are encouraged to implement their custom error-handling logic. This involves defining status fields, error codes, and error messages within the GraphQL schema to make error responses more predictable and useful. … Each time you change the `$userId`, the server considers it a unique query, making it hard for traditional caching mechanisms to recognize and cache the response effectively. To mitigate this, several strategies can be employed: **1. Client-side caching:** Client-side libraries like Apollo Client offer built-in caching capabilities, storing the results of queries for reuse without needing to return to the server.

Unfortunately, though, Redis key-value stores don't always work the way they should. You may run into issues like slow performance due to low hit rates and poorly sharded data. Problems like these must be identified and fixed, otherwise, what's the point of paying for an in-memory key-value store if it's not living up to its full potential? … ### Large JSON keys Using large JSON keys instead of Redis hashes is another common Redis issue. It happens when you use a single key to hold a JSON value as a string, causing lookups in your apps to be very inefficient. A simple solution is to hold the data in a hash so you get a full lookup using a single field in O(1) complexity. … ### Poorly sharded data Redis clusters spread their data across many nodes. When you use a Redis cluster with a general-purpose hash instead of using multiple keys, your cluster can suffer a performance hit. This happens because the key is stored on a single node, and in a high-scale environment, the pressure will fall on that node instead of being distributed between all of the nodes in the cluster. The result is that the node becomes a performance bottleneck. As a real-world example, consider a cluster that stores user data in a hash, where the key is the user ID. An authentication server that performs a lot of lookups on the user ID will place heavy pressure on the node that stores the key. A solution would be to spread the hashed data to multiple keys across nodes, letting Redis's sharding algorithm distribute the pressure. … Here, we perform pipelined requests on three individual keys. The requests execute on a single node, and if one of the keys is not on that specific node, the commands with the keys that are on that node will return a response while the others will return the MOVED error. A quick fix is to use hashtags in the key structure, which means simply adding curly brackets around the part of the key that we want to hash by will cause the sharding algorithm to direct the values to the same node: … - **Multiple points of failure**: When something goes wrong in Redis, there are typically multiple potential causes. For example, high latency could stem from increased system load, lack of available memory, or poorly structured requests, to name just a few possibilities. To monitor and troubleshoot effectively, you need to be able to explore each potential root cause quickly. This requires the ability to correlate and analyze a variety of data points.

### 1. Memory Limitations As an in-memory data store, Redis is limited by the amount of RAM available on the server. This can lead to challenges when dealing with large datasets. If the memory limit is reached, Redis can either evict keys based on configured policies or return errors for new writes. Developers must carefully plan their memory usage and consider strategies such as data expiration or key eviction policies. ``` CONFIG SET maxmemory 256mb CONFIG SET maxmemory-policy allkeys-lru ``` ### 2. Data Persistence Challenges While Redis offers persistence options, they come with trade-offs. RDB snapshots can lead to data loss if a failure occurs between snapshots, while AOF can impact performance due to the overhead of logging every write operation. Developers must choose the right persistence strategy based on their application’s tolerance for data loss and performance requirements. ### 3. Network Latency Redis operates over a network, which can introduce latency, especially in distributed environments. Network issues can lead to increased response times or even timeouts. To mitigate this, developers should consider deploying Redis closer to their application servers or using Redis Sentinel for high availability. ### 4. Complexity in Scaling Scaling Redis can be complex, particularly when dealing with sharding and partitioning. While Redis Cluster provides a way to distribute data across multiple nodes, it requires careful planning and management. Developers must ensure that their application logic can handle the complexities of a distributed cache. ### 5. Lack of Built-in Security Features Redis does not come with robust security features out of the box. By default, it is accessible to anyone who can connect to the server. Developers must implement security measures such as firewalls, access control lists, and SSL/TLS encryption to protect sensitive data. ## Conclusion Redis cache technology offers significant advantages in terms of speed and flexibility, making it a popular choice for developers. However, it is essential to be aware of the potential issues that can arise, including memory limitations, data persistence challenges, network latency, scaling complexities, and security concerns. By understanding these challenges, developers can better leverage Redis in their applications and ensure optimal performance. For those looking to implement Redis in a reliable environment, consider exploring USA VPS Hosting solutions that can provide the necessary resources and support for your caching needs.

### 1. Consistency Issues #### Relaxed Consistency Guarantees Redis implements asynchronous replication by design, introducing potential consistency gaps between master and replica nodes. During normal operations, these inconsistencies may be negligible, but they become particularly significant during failover scenarios. When a master node fails and a replica is promoted, the recovered system state may not reflect the most recent transactions, potentially compromising data integrity and application consistency. #### Split-Brain Scenarios Network partitions present a particular challenge for Redis clusters. In these scenarios, nodes may experience communication disruptions that lead to multiple nodes simultaneously assuming the master role. This "split-brain" condition results in divergent write operations and data inconsistencies across the cluster, requiring careful monitoring and resolution protocols. ### 2. Data Loss Risks #### Incomplete Propagation The asynchronous replication model introduces a vulnerability window where committed writes may not have propagated to replica nodes. During failover events, these uncommitted transactions can be permanently lost, potentially impacting system reliability and data durability guarantees. … ### 3. Potential for Higher Failover Latency Redis employs a gossip protocol and majority voting mechanism for failure detection and master election, contrasting with the formal consensus algorithms (such as Raft or Paxos) used by other distributed systems. While this approach reduces implementation complexity, it can introduce increased latency during failover operations compared to consensus-driven architectures. ### 4. Lack of Strong Consistency #### Transactions Across Nodes A significant limitation of Redis Cluster is its inability to execute multi-key transactions when keys are distributed across different nodes. This architectural constraint can substantially impact applications requiring atomic operations across multiple keys, necessitating careful key distribution strategies or alternative solutions. #### Atomic Guarantees Redis provides limited guarantees for atomic writes in distributed scenarios, particularly during replication and failover events. This limitation can significantly impact applications requiring strict transactional integrity, especially in financial or mission-critical systems. … ### Conclusion Redis's architectural decisions reflect a deliberate prioritization of performance and operational simplicity over strong consistency guarantees. While this makes Redis an excellent choice for specific use cases, particularly those prioritizing low latency and high throughput, it introduces notable trade-offs in data consistency and reliability. When evaluating Redis for your architecture, carefully assess your system's requirements against these trade-offs. For applications demanding strong consistency guarantees and robust fault tolerance, consider consensus-based alternatives like etcd or Zookeeper, which provide stronger consistency guarantees at the cost of increased complexity and latency.

Five signs you’ve outgrown Redis 3 Introduction Many firms find Redis easy to use when their data volumes and workloads are modest, but that changes quickly as their needs grow. High total cost of ownership (TCO), poor performance at scale, and operational complexity can lead to budget overruns, service level agreement (SLA) violations, and delayed application rollouts. … Five signs you’ve outgrown Redis 4 1. You need scalability and elasticity Having a scalable, elastic, real-time database is increasingly critical as data volumes grow and application demands evolve. Redis struggles on both counts, largely because it was initially designed as a single-instance, single-threaded system for in-memory caching. While recent releases and optional offerings provide some relief, Redis users still find themselves required … challenges. Although some automation of resharding is provided, the process still requires multiple steps from a system operator. ROF doesn’t solve Redis’ scalability problems because it keeps metadata and indexes in memory, caches “hot” data for performance, and relies on memory-hungry RocksDB processes behind the scenes. Speedb (a RocksDB-compatible engine) … loss. In this case, Redis falls short. Redis users often turn to Redis Sentinel or Redis Cluster to improve availability. The former monitors cluster status, alerting users if a primary node fails and assists with failover. However, Sentinel suffers from scalability issues: it’s not a clustering solution, all writes go to the master, and sharding isn’t supported. Although Redis Cluster is a clustering solution, it doesn’t have … server sprawl. Redis works well as a cache because of its in-memory performance, but users often complain of excessive DRAM consumption and inordinate growth in cluster size as data volumes increase. Built to work on commodity servers, Redis features a predominantly single-threaded design, so it cannot effectively support today’s modern multi-core processors. Furthermore,