Distributed systems engineering has a set of hard-won principles that distinguish systems that remain operable at scale from systems that accumulate operational debt.
Design for partial failure
In a distributed system, partial failure is the normal case: some components are slow or unavailable while others are healthy. Systems that treat partial failure as exceptional (let it propagate up, crash the caller, return errors to users) compound failures. Systems designed for partial failure implement: timeouts on every external call, circuit breakers that prevent overloading failing services, bulkheads that limit the blast radius of a single dependency failure, and graceful degradation for non-critical features.
Make failure modes explicit
Every service interaction has failure modes. Making them explicit in code, runbooks, and operational procedures prevents the surprises that cause extended outages. The practice: for every external call, document the failure modes (timeout, connection refused, 5xx response, rate limiting) and the application's response to each. Code that handles these explicitly (not just a catch-all catch block that logs and re-throws) is more resilient and more debuggable.
Measure what matters
You cannot improve what you do not measure. For distributed systems: measure the end-to-end latency that users experience (not just the latency within each service), measure the error rate for each user-visible operation (not just internal error rates), and measure the correlation between internal system health and user experience. The measurements that matter are those that change when user experience changes.
Prefer simplicity in distributed protocols
Complex distributed protocols (two-phase commit, complex consensus algorithms) are difficult to implement correctly and expensive to debug. Prefer simpler protocols with well-understood semantics: at-most-once delivery with explicit idempotency at the application layer, at-least-once delivery with application-level deduplication, or asynchronous messaging with poison message handling. The simplest protocol that meets the requirements has the fewest failure modes.