The Question

Scalable Distributed Tracing Infrastructure

Design an end-to-end distributed tracing system for a large-scale microservices environment. The architecture must handle millions of spans per second, ensure minimal instrumentation overhead on application services, and provide a reliable pipeline for trace collection, buffering, indexing, and visualization. Detail the mechanisms for context propagation, sampling strategies to manage cost, and the storage strategy for high-cardinality trace data.

OpenTelemetry

Kafka

Elasticsearch

gRPC

Protobuf

W3C TraceContext

Head-Based Sampling

ILM

Questions & Insights

Clarifying Questions

What is the expected scale of the system in terms of spans per second and total daily volume?

Assumption: The system handles 1 million spans per second at peak, with a 10% head-based sampling rate (100k spans/sec stored).

What are the data retention requirements for traces?

Assumption: Traces must be searchable for 7 days, after which they can be archived or deleted.

Do we need tail-based sampling (sampling based on the outcome of a trace, like errors or high latency)?

Assumption: For the MVP, we will implement fixed head-based sampling to minimize complexity and overhead on the application side.

What languages and frameworks need to be supported?

Assumption: We utilize OpenTelemetry (OTel), which provides vendor-neutral SDKs for most major languages (Java, Go, Python, Node.js).

What is the tolerable latency for a trace to be queryable after it occurs?

Assumption: Near real-time (within 30-60 seconds).

Thinking Process

Core Bottleneck: High-volume write throughput and storage costs associated with trillions of spans.

Progressive Approach:

How do we collect data without killing application performance? (Asynchronous OTel agents + UDP/gRPC export).

How do we ensure trace continuity across microservices? (Distributed context propagation via W3C TraceContext).

How do we handle ingestion spikes without losing data? (Kafka as a buffer/load-leveler).

How do we make traces searchable by service, operation, or tags? (ElasticSearch with time-series indices).

Bonus Points

Adaptive Sampling: Dynamically adjusting sampling rates based on traffic volume or service health to maintain a constant "data budget."

W3C TraceContext Adoption: Using standardized headers (traceparent, tracestate) to ensure interoperability across different vendors and legacy systems.

ClickHouse Alternative: While using ElasticSearch as requested, mentioning ClickHouse for 10x better compression and faster columnar aggregations for large-scale telemetry.

PII Masking at Source: Implementing attribute processors in the OTel Collector to scrub sensitive data (emails, tokens) before it ever leaves the network boundary.

Design Breakdown

Functional Requirements

Core Use Cases:

End-to-end trace visualization (Gantt chart view).

Search traces by Service Name, Operation, Duration, or custom tags (e.g., http.status_code: 500).

Automatic context propagation across HTTP/gRPC boundaries.

Scope Control:

In-Scope: Trace collection, buffering, indexing, and basic querying.

Out-of-Scope: Automated anomaly detection, profiling (Flame graphs), and long-term cold storage archival.

Non-Functional Requirements

Scale: Support for 100k ingested spans/second (8.6 Billion/day).

Latency: Trace collection overhead must be < 1ms on the critical path of the application.

Availability & Reliability: 99.9% availability for the ingestion pipeline; data loss is acceptable in extreme scenarios but should be minimized by Kafka.

Consistency: Eventual consistency for search (visible within seconds).

Security: Support for TLS in-transit and RBAC for viewing traces.

Estimation

Traffic Estimation:

1M spans/sec generated -> 10% Sampling -> 100k spans/sec ingested.

Storage Estimation:

100k spans/sec * 1KB/span

\approx

100 MB/s.

100 MB/s * 86,400s

\approx

8.6 TB/day.

7-day retention

\approx

60 TB total (raw, before replication/indexing overhead).

Bandwidth Estimation:

Ingress: ~800 Mbps.

Egress (Search): Highly variable, typically low compared to ingestion.

Blueprint

Concise Summary: A push-based architecture using OpenTelemetry SDKs for instrumentation, Kafka as a resilient message buffer, and ElasticSearch for indexed storage.

Major Components:

OTel SDK/Agent: In-process library that handles context propagation and asynchronous span exporting.

OTel Collector: Centralized service to receive, process (batch/mask), and export spans to Kafka.

Kafka: Distributed message queue that decouples high-speed ingestion from database indexing.

Ingest Processor: Stateless worker group that consumes spans from Kafka and bulk-writes to ElasticSearch.

ElasticSearch: Search and analytics engine providing fast retrieval of trace data via indices.

Query API/UI: Interface for developers to search and visualize traces.

Simplicity Audit: This design avoids complex stream processing (like Flink) by using the OTel Collector for basic transformations and ElasticSearch for direct indexing.

Architecture Decision Rationale:

Why this architecture?: Kafka provides the "shock absorber" needed for microservice systems where traffic spikes are common. ElasticSearch is the industry standard for full-text and tag-based searching of semi-structured logs/traces.

Functional Satisfaction: Meets all end-to-end tracking and root-cause analysis needs.

Non-functional Satisfaction: Horizontally scalable at every layer (Collector, Kafka, Ingestors, ES).

High Level Architecture

Sub-system Deep Dive

Service

Topology & Scaling

OTel Collector: Deployed as a Sidecar (per pod) or a DaemonSet (per node) to minimize network latency. It scales horizontally based on CPU/Memory.

Ingest Processor: Stateless Go/Java workers. Scaling signal is "Kafka Consumer Lag."

API Schema Design

OTLP (OpenTelemetry Protocol): Uses Protobuf over gRPC for efficient binary serialization.

Trace Search API:

GET /api/v1/traces?service=XYZ&start=...&end=...&tags=error:true

Returns a list of Trace IDs and summary metadata.

Resilience & Reliability

Load Leveling: Kafka prevents ElasticSearch from crashing during a 10x traffic spike.

Circuit Breaker: If the OTel Collector is overwhelmed, it drops spans rather than slowing down the application (fail-open strategy).

Security

Context Propagation: Standardized traceparent header (version-traceId-spanId-flags).

mTLS: Required between OTel Collector and Kafka.

Storage

Access Pattern

Write-Heavy: 100k writes/sec.

Read-Light: Manual debugging queries, but queries are complex (filtering by tags).

Database Table Design (ElasticSearch Document)

trace_id: Keyword (Indexed).

span_id: Keyword.

parent_span_id: Keyword.

operation_name: Keyword.

service_name: Keyword (Indexed).

timestamp: Date (Primary sort/partition).

duration_nano: Long.

attributes: Flattened nested object for tags.

Technical Selection

ElasticSearch: Selected for its powerful query DSL and native support for time-series data using Index Lifecycle Management (ILM).

Distribution Logic

Sharding: Daily indices (e.g., traces-2023-10-27).

Routing: Use trace_id as the routing key to ensure all spans for a single trace reside on the same shard for faster "get trace by ID" queries.

Messaging

Purpose & Decoupling: Kafka buffers spans to protect ElasticSearch and allows for multiple consumers (e.g., one for indexing, one for real-time alerting).

Throughput & Partitioning:

Topic: traces-raw.

Partitioning: Partition by trace_id to maintain span order for a single request if necessary (though generally not required for tracing).

Technical Selection: Kafka. High throughput and durability are critical here.

Data Processing

Processing Model: Mini-batch processing. The Ingest Processor aggregates spans from Kafka into batches of 1,000-5,000 before sending a _bulk request to ElasticSearch.

Scalability: Consumer groups allow for easy horizontal scaling as traffic grows.

Technical Selection: Custom Go-based Ingester for low memory footprint and high concurrency handling.

Infrastructure (Optional)

Observability

Monitor the monitor: Use Prometheus to track Collector drop rates and Kafka consumer lag.

Distributed Coordination

Kafka manages its own consumer group offsets (no external Zookeeper/Etcd required for the tracing logic itself).

Wrap Up

Advanced Topics

Trade-offs: We chose Head-based Sampling (sampling at the start) over Tail-based Sampling (sampling based on result). Head-based is simpler (YAGNI) but might miss rare errors. Tail-based requires a complex intermediate stateful layer (like OTel Collector Contrib's tail-sampling processor) to hold all spans of a trace in memory until it completes.

Reliability: If ElasticSearch goes down, Kafka retains data for 24 hours, providing a massive buffer for recovery.

Optimization: Use Zstd compression in Kafka and OTLP to reduce bandwidth by up to 50%.

Storage Efficiency: Use ElasticSearch's synthetic source or best_compression settings to minimize the 60TB footprint.