FM6 — Hotspotting
Without virtual nodes, consistent hashing produces uneven distribution. A three-node ring will, by the random placement of three points on a circle, almost certainly have one arc that is substantially larger than the others. The node responsible for the large arc handles more traffic. Virtual nodes fix this by creating many more points, averaging out the distribution.
The failure mode is silent: the system works correctly, but one node is overloaded. Monitor per-node request rates and connection counts. If one node consistently handles 40% of traffic in a three-node pool, you have hotspotting.
FM9 — Silent Data Corruption
Git’s use of SHA-1 has a known weakness: SHA-1 is theoretically broken for collision resistance (demonstrated by the SHAttered attack in 2017). An attacker who can construct two different files with the same SHA-1 hash can substitute one for the other in a repository. Git has migrated to SHA-256 for new repositories for this reason. The failure mode (two different objects with the same address) would corrupt the DAG silently.