Getting Started
Architecture
Service Platform
NServiceBus
Transports
Persistence
ServiceInsight
ServicePulse
ServiceControl
Monitoring
Modernization
Shape the future
Samples

Transport Transactions

Component: NServiceBus
NuGet Package: NServiceBus (9.x)

This article covers various levels of consistency guarantees with regard to:

  • receiving messages
  • updating user data
  • sending messages

It does not discuss the transaction isolation aspect. Transaction isolation applies only to the process of updating the user data, it does not affect the overall coordination and failure handling.

Transactions

Four levels of guarantees with regard to message processing are offered. A level's availability depends on the selected transport.

Transaction levels supported by NServiceBus transports

The implementation details for each transport are discussed in the dedicated documentation sections. They can be accessed by clicking the links with the transport name in the following table:

Transaction scope (Distributed transaction)Transport transaction - Sends atomic with ReceiveTransport transaction - Receive OnlyUnreliable (Transactions Disabled)
Learning Transport
MSMQ
SQL Server
RabbitMQ
Amazon SQS
Azure Storage Queues
Azure Service Bus
PostgreSQL

Transaction scope (Distributed transaction)

In this mode the transport receive operation is wrapped in a TransactionScope. Other operations inside this scope, both sending messages and manipulating data, are guaranteed to be executed (eventually) as a whole or rolled back as a whole.

If required, the transaction is escalated to a distributed transaction (following a two-phase commit protocol coordinated by MSDTC) if both the transport and the persistence support it. A fully distributed transaction is not always required, for example when using SQL Server transport with SQL persistence, both using the same database connection string. In this case, the ADO.NET driver guarantees that everything happens inside a single database transaction and ACID guarantees are held for the whole processing.

Transaction scope mode is enabled by default for the transports that support it (i.e. MSMQ and SQL Server transport). It can be enabled explicitly with the following code:

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport(new TransportDefinition
{
    TransportTransactionMode = TransportTransactionMode.TransactionScope
});

Atomicity and consistency guarantees

When the TransportTransactionMode is set to TransactionScope, handlers will execute inside a System.Transactions.TransactionScope created by the transport. This means that all the data updates and queue operations are committed or rolled back.

A distributed transaction between the queueing system and the persistent storage guarantees atomic commits but guarantees only eventual consistency.

Consider a system using MSMQ transport and RavenDB persistence implementing the following message exchange scenario with a saga that models a simple order lifecycle:

  1. OrderSaga receives a StartOrder message
  2. A new OrderSagaData instance is created and stored in RavenDB.
  3. OrderSaga sends VerifyPayment message to PaymentService.
  4. NServiceBus completes the distributed transaction and the DTC instructs MSMQ and RavenDB resource managers to commit their local transactions.
  5. The StartOrder message is removed from the input queue and VerifyPayment is immediately sent to PaymentService.
  6. RavenDB acknowledges the transaction commit and begins writing OrderSagaData to disk.
  7. PaymentService receives a VerifyPayment message and immediately responds with a CompleteOrder message to the originating OrderSaga.
  8. OrderSaga receives the CompleteOrder message and attempts to complete the saga.
  9. OrderSaga queries RavenDB to find the OrderSagaData instance to complete.
  10. RavenDB has not finished writing OrderSagaData to disk and returns an empty result set.
  11. OrderSaga fails to complete.

In the example above the TransactionScope guarantees atomicity for the OrderSaga: consuming the incoming StartOrder message, storing OrderSagaData in RavenDB and sending the outgoing VerifyPayment message are committed as one atomic operation. The saga data may not be immediately available for reading even though the incoming message has already been processed. OrderSaga is thus only eventually consistent. The CompleteOrder message needs to be retried until RavenDB successfully returns an OrderSagaData instance.

Transport transaction - Sends atomic with Receive

Some transports support enlisting outgoing operations in the current receive transaction. This prevents messages from being sent to downstream endpoints during retries.

Use the following code to use this mode:

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport(new TransportDefinition
{
    TransportTransactionMode = TransportTransactionMode.SendsAtomicWithReceive
});

Consistency guarantees

This mode has the same consistency guarantees as the Receive Only mode, but additionally, it prevents the occurrence of ghost messages since all outgoing operations are atomic with the ongoing receive operation.

Transport transaction - Receive Only

In this mode, the receive operation is wrapped in a transport's native transaction. This mode guarantees that the message is not permanently deleted from the incoming queue until at least one processing attempt (including storing user data and sending out messages) is finished successfully. See also recoverability for more details on retries.

Use the following code to use this mode:

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport(new TransportDefinition
{
    TransportTransactionMode = TransportTransactionMode.ReceiveOnly
});

Consistency guarantees

In this mode some (or all) handlers might get invoked multiple times and partial results might be visible:

  • partial updates - where one handler succeeded in updating its data but the other didn't
  • partial sends - where some of the messages have been sent but others not

When using this mode all handlers must be idempotent, i.e. the result needs to be consistent from a business perspective even when the message is processed more than once.

See the Outbox section below for details on how NServiceBus can handle idempotency at the infrastructure level.

Unreliable (Transactions Disabled)

Disabling transactions is generally not recommended, because it might lead to message loss. It might be considered if losing some messages is not problematic and if the messages get outdated quickly, e.g. when sending readings from sensors at regular intervals.

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport(new TransportDefinition
{
    TransportTransactionMode = TransportTransactionMode.None
});

Outbox

The Outbox feature provides idempotency at the infrastructure level and allows running in transport transaction mode while still getting the same semantics as Transaction scope mode.

When using the Outbox, any messages resulting from processing a given received message are not sent immediately but rather stored in the persistence database and pushed out after the handling logic is done. This mechanism ensures that the handling logic can only succeed once so there is no need to design for idempotency.

Avoiding partial updates

In transaction modes lower than TransactionScope there is a risk of partial updates because one handler might succeed in updating business data while another handler fails. To avoid this configure NServiceBus to wrap all handlers in a TransactionScope that will act as a unit of work and make sure that there are no partial updates. Use the following code to enable a wrapping scope:

Copy code|Copy usings|Edit
var unitOfWorkSettings = endpointConfiguration.UnitOfWork();
unitOfWorkSettings.WrapHandlersInATransactionScope();

Controlling transaction scope options

The isolation level and timeout for transaction scopes are configured at the transport level.

Feedback