CAP Theorem Explained: The System Design Interview Guide
- CAP consistency means linearizability, not ACID consistency — every read must return the most recent write across all replicas.
- Partition tolerance is mandatory in any real distributed system; the only real choice is CP vs AP when a partition occurs.
- "CA systems" don't exist in real distributed deployments — a single-node database is not a distributed system.
- CP systems (ZooKeeper, etcd) refuse to respond rather than return stale data; AP systems (Cassandra, DNS) respond even if data lags behind.
- Tunable consistency in Cassandra and DynamoDB means most systems aren't purely CP or AP — the dial adjusts per query.
- PACELC extends CAP to normal operation: during a partition choose availability or consistency, else choose latency or consistency on every write.
- Anchor any CP vs AP decision to a business consequence, not a database brand, to signal architectural maturity.
Most engineers can recite the CAP theorem in ten seconds. It takes about twelve to misapply it and make an interviewer quietly update their mental tally of "no hires." The theorem is simple enough to memorize in a lunch break and subtle enough to embarrass you in front of a staff engineer. This guide covers the precise definitions, the misconceptions that sink candidates, and how to bring CAP up in a way that signals architectural maturity instead of flashcard regurgitation.
What CAP Actually Claims
Eric Brewer proposed CAP as a conjecture at PODC 2000. Seth Gilbert and Nancy Lynch at MIT proved it formally in 2002. The proof uses an asynchronous network model, where message delays have no upper bound, which is a realistic model for any real wide-area network. (Also a realistic model for any Slack workspace on a Friday afternoon.)
The theorem says: in a distributed system with replicated data, during a network partition, you cannot simultaneously guarantee both consistency and availability. That is the whole claim. Not "pick any two properties you like forever." Not "CA systems exist but are less popular." During a partition, you make a choice. The network does not care about your feelings.
Getting the Definitions Wrong Will Sink You
The properties are more specific than most tutorials admit. Most engineers learn the wrong definitions and then wonder why system design interviews feel like a trap.
Consistency (C) in CAP means linearizability. Every read returns the value of the most recent write, as if all nodes share a single atomic register. Operations appear to execute instantaneously at some point between their invocation and their response. This is not ACID consistency. ACID consistency means your transaction doesn't violate database constraints. CAP consistency means all replicas agree on the latest value across a distributed network. Conflating the two is one of the most common interviewer red flags, and the most awkward given how different the concepts actually are.
Availability (A) means every request to a non-crashed node receives a response. Not a correct response. Not the most recent data. Just a response. A node returning stale data is available under the CAP definition. A node that times out to maintain consistency is not. Your node can technically lie to you and still count as "available." Great system we have here.
Partition Tolerance (P) means the system continues operating despite arbitrary message loss between nodes. Links drop, routers fail, whole data centers go dark. The system handles this without crashing. Or at least without crashing in any new and interesting ways.
"Pick 2 of 3" Is the Wrong Frame
You have probably seen the Venn diagram with CP, AP, and CA in the circles. It shows up in every system design tutorial, every distributed systems blog post, and every deck someone made in 2015 that's still being used as interview prep. It is misleading in at least two ways.
First, partition tolerance is not optional. Any distributed system running across real network hardware will experience partitions. At scale, they happen regularly. A partition isn't a rare disaster. It's Tuesday. The real choice is not which two properties to keep, but what to sacrifice during a partition when one does occur.
Second, "CA systems" sounds like it means something. It doesn't. A single-node relational database is consistent and available, but it's not a distributed system. Once you replicate data across nodes, you have to decide what happens when those nodes can't talk to each other. The CA bucket in the diagram is essentially empty for any real distributed deployment. If you see someone claim a distributed system is CA, ask them what happens when a partition occurs and watch the expression on their face.
Brewer himself walked this back in his 2012 piece "CAP Twelve Years Later," where he called the "pick 2 of 3" framing overly simplistic and noted that properties exist on a spectrum, not as binary switches. The inventor of the theorem said the popular framing of it is wrong. We kept using it anyway. Tradition.
CP vs AP: What Each Actually Costs
| CP Systems | AP Systems | |
|---|---|---|
| Sacrifice | Availability during partitions | Strong consistency during partitions |
| Behavior when partitioned | Reject or stall requests | Respond with potentially stale data |
| Examples | ZooKeeper, etcd, HBase, Redis (sync replication) | Cassandra, DynamoDB, CouchDB, DNS |
| Consistency model | Strong (linearizable) | Eventual |
| Use when | Correctness cannot be compromised | Downtime is more costly than stale reads |
CP systems refuse to lie. ZooKeeper uses ZAB (ZooKeeper Atomic Broadcast) to ensure all nodes see the same state. If a quorum isn't reachable, ZooKeeper stops responding rather than return data that might be stale. etcd does the same with Raft consensus. You get the right answer or no answer. This is a surprisingly principled stance for software.
AP systems refuse to go silent. Cassandra will happily return a value from its local replica even if the rest of the cluster is unreachable. That value might be seconds or minutes behind. But the node is up, it responds, and the system keeps running. DNS is the classic AP example: a resolver might return a cached IP address that's already been updated, but it never simply refuses to answer. DNS has been confidently wrong about IP addresses for decades and nobody loses sleep over it.
The Dial Moves
Most production systems are not purely CP or AP. They sit somewhere on a spectrum, and the position can change per operation and per configuration.
Cassandra lets you tune consistency per query with CONSISTENCY settings. Setting it to ALL means every replica must respond before the read succeeds, which is CP behavior. Setting it to ONE means you read from the nearest replica without checking others, which is AP behavior. The system hands you both levers and lets you decide based on what you're reading. Some engineers spend entire careers turning this dial and calling it architecture work.
DynamoDB offers strongly consistent reads alongside eventual consistency. The strongly consistent read costs twice as many read capacity units and adds latency. The tradeoff is explicit and priced. AWS will literally charge you more to know the truth.
A distributed cache like Redis in standalone mode with asynchronous replication behaves like AP: the primary accepts writes and replicates asynchronously, so if the primary fails before replicating, a few writes might be lost. Switch to synchronous replication with Redis Sentinel and you get CP-style behavior at the cost of write latency.
The tunable nature of these systems is what makes CAP interesting in interviews. Labeling a database CP or AP tells you less than knowing which dial to turn and why.
CAP Only Covers Disasters. PACELC Covers Everything Else.
CAP only describes what happens during a partition. Which sounds important until you realize partitions, while painful, are not your most common operating condition. Most days the network works. What then?
Daniel Abadi proposed PACELC in 2012 to fill the gap: what about normal operation, when there's no partition at all?
During a Partition (P), choose between Availability (A) or Consistency (C). Else (E), during normal operation, choose between Latency (L) or Consistency (C).
Partitions are rare events. The latency/consistency tradeoff is every single operation. If you replicate a write to three nodes synchronously before acknowledging it to the client, you get strong consistency but add the latency of two extra round trips. If you acknowledge immediately and replicate asynchronously, you cut write latency but open a window for stale reads. Neither is free. There is no free lunch. There is no free anything in distributed systems.
DynamoDB and Cassandra are PA/EL: they prioritize availability during partitions and low latency in normal operation. Google Spanner is PC/EC: it maintains consistency always, accepting higher latency from synchronous global replication. Google has their own atomic clocks to pull this off. Most companies use NTP and hope.
Mentioning PACELC briefly and correctly in an interview signals that you understand the theorem in context rather than as a textbook formula.
How to Use CAP Theorem in a System Design Interview
The wrong way: "We should use Cassandra because it's an AP system." This sounds memorized, not reasoned. Interviewers have heard this sentence 400 times. It lands like a Wikipedia summary read aloud.
The right way: build toward it from requirements.
Start with the failure scenario. "When nodes can't communicate, what should happen? Should the system reject writes to avoid inconsistency, or should it keep accepting writes and reconcile later?" That's the CP/AP question in plain language, without the jargon.
Then anchor to the use case. "For a payment ledger, stale reads can mean double-charging a customer, so we want the system to reject writes during a partition rather than accept them and reconcile. That's why we'd lean toward a CP store like etcd or a PostgreSQL cluster with synchronous replication."
Then, if you have bandwidth, mention the normal-operation tradeoff. "Even outside of partitions, synchronous replication adds write latency. For this volume that's acceptable. For a social feed with billions of writes per day, it probably isn't."
The interviewer is listening for evidence that you know partition tolerance is mandatory, that you understand the tradeoff is about failure behavior, and that you can justify CP vs AP with a business reason, not just a database label. For a deeper look at how system design rounds are scored, see what system design interviews actually test.
You don't need to say "CAP theorem" at all. The reasoning is what matters.
What Does Your System Actually Need?
Two questions narrow the choice fast.
What is the cost of stale data? A social feed showing posts from 200ms ago is fine. A bank balance showing a deposit that was rolled back is not. A distributed lock returning two nodes as the leader simultaneously is catastrophic. These scenarios look similar on a whiteboard. They are not similar at 3am when an incident is paging.
What is the cost of downtime? A payment system that rejects transactions during a partition loses revenue. A coordinate service doing leader election that returns wrong data corrupts the whole cluster. Sometimes a moment of unavailability is cheaper than a moment of inconsistency. Sometimes the reverse. This is the actual engineering judgment the interviewer wants to see you make.
Systems where wrong data causes financial harm, data corruption, or security failures generally need CP behavior. Systems where brief inconsistency is invisible or easily self-correcting benefit from AP behavior.
Practicing how to verbalize this reasoning out loud, under time pressure, is harder than it sounds. If you want to sharpen that specific skill, SpaceComplexity puts you through real-time system design interviews with rubric-based feedback, so you can hear yourself reason through tradeoffs before the actual interview.
Key Takeaways
- CAP consistency is linearizability, not ACID consistency.
- Partition tolerance is not optional. The real choice is CP vs AP during failures.
- "CA systems" don't exist in real distributed deployments.
- Most systems are tunable. Cassandra, DynamoDB, and Redis all let you adjust the dial.
- PACELC extends CAP to normal operation. The latency/consistency tradeoff matters on every write.
- In interviews, anchor your CP/AP choice to a business consequence, not a database brand.
- Brewer himself called "pick 2 of 3" an oversimplification. Use it as a starting frame, then go deeper.
Further Reading
- Brewer's Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services (Gilbert & Lynch, 2002)
- CAP Twelve Years Later: How the "Rules" Have Changed (Brewer, 2012)
- CAP Theorem (Wikipedia)
- PACELC Design Principle (Wikipedia)
- The Limits of the CAP Theorem (CockroachDB Engineering Blog)