As the largest provider of Internet products and services in China, Tencent serves billions of users and over a million merchants—and these numbers are growing fast! Tencent's enterprises generate a huge volume of financial transactions, placing a tremendous load on their billing service, which processes hundreds of millions of dollars in revenue each day.
Because Tencent had been unable to scale its current billing service to handle their rapidly growing business, the possibility of data loss had become an escalating concern. To ensure data consistency, the company decided to redesign their system's transaction processing pipeline. After evaluating the pros and cons of several messaging systems, Tencent chose to implement Apache Pulsar. As a result, Tencent can now run their billing service on a very large scale with virtually no data loss.
Tencent Holdings Limited is a multinational conglomerate holding company based in Shenzhen, China. It has hundreds of subsidiaries located in China and elsewhere around the globe. Tencent is considered to be one of the most innovative technology companies in the world specializing in internet-related products and services such as entertainment (gaming), financial services (e-commerce, payment systems), business services, a social networking platform (WeChat), and more.
Tencent uses an Internet billing platform internally known as Midas to handle the enormous volume of transactions that flow through all of its businesses. Midas integrates both domestic and international payment channels and provides various services such as account management, precision marketing, security risk control, auditing and accounting, billing analysis, and more. On a typical day, Midas processes hundreds of millions of dollars in revenue which amount to hundreds of billions of dollars per year. Midas handles more than 30 billion escrow accounts and provides comprehensive billing services for more than 180 countries (regions), 10,000+ companies, and over 1 million merchants doing business in a variety of industries (see Figure 1).
Tencent's enterprises continuously generate massive transaction volumes and their numbers are steadily growing. To handle this increased activity, the company needed a robust billing platform that could be scaled as their business grows.
Because Midas supports mission-critical services like billing and payments, the most essential challenges were to ensure data consistency and prevent data loss in transactions.
In addition, it was also very important to develop a solution that could handle high throughput with minimal delays in processing.
Figure 2 provides a high-level overview of Midas. This diagram illustrates the technical design of the entire platform and shows how the underlying layers work together to support the merchant side, the user side, and the various payment channels.
To meet its need for a more elastic and scalable billing platform, Tencent decided to redesign Midas's transaction processing pipeline. The company believed the problem could be solved by implementing a new messaging system, but which one?
Before evaluating the various available options, Tencent defined a set of requirements. To be a viable solution, the new messaging system would need to score high in all of the following areas:
Consistency: A billing service cannot tolerate data loss. This is a basic requirement—and the most essential one.
Availability: It must have failover capability. And, it must be able to recover from a failure automatically.
Massive storage: Mobile applications generate copious amounts of transaction data, so massive storage capacity is also a must.
Low latency: A payment service that handles billions of transactions per day must be able to process them with minimal delay (typically, less than 10 milliseconds per transaction).
With the above requirements in mind, Tencent evaluated several Apache open-source, streaming platforms for Midas—specifically, Kafka®, RocketMQ™, and Pulsar. Here's what they found.
Apache Kafka aims to provide a unified, high-throughput, low-latency platform for handling real-time data feeds. It is a popular choice for log collection and processing. However, Kafka can be unreliable when it comes to data consistency and durability (data loss). Therefore, Tencent deemed it unsuitable for mission-critical financial applications like Midas.
Apache RocketMQ is a distributed messaging and streaming platform with low latency, high performance and reliability, trillion-level capacity, and flexible scalability. Unfortunately, its application program interface (API) is limited in that there is no user-friendly way to delete invalid messages by topic. Moreover, RocketMQ's open-source version does not provide the needed failover capability, making it a poor choice for Midas.
Apache Pulsar is an enterprise-grade publish/subscribe (aka pub/sub) messaging system. Pulsar provides highly available storage through its Apache Bookkeeper service. Because Pulsar uses a decoupled architecture, its storage and processing layers can be scaled independently.
Message streaming and queuing are necessary for an event-driven system and Pulsar supports both of these consumption modes. Streaming is strictly ordered (that is, exclusive to one consumer) whereas queueing is unordered (shared by many).
Another key Pulsar feature, geo replication, helps improve application response time by adjusting the distribution of data across geographically distributed data networks.
Tencent ultimately chose Pulsar for its native high consistency, durability, low latency, scalability, and general flexibility.
Table 1 summarizes Tencent's comparison of Kafka, RocketMQ, and Pulsar.
|Kafka||RocketMQ(High Consistency Mode||Pulsar|
|Availability||Relatively high||Relatively high||High|
|Delayed retries||Not support||Support||Support since v2.4.0|
|Transaction||Support||Support||Support since v2.5.0|
|Replica synchronization strategy||Multi-machine asynchronism||Master-Slave synchronization||Multi-machine asynchronism|
|Operational Capability||Multi-tenancy||Partially supported||Partially supported||Supported|
|Dynamic expansion||Rebalancing must be done manually||Synchronized configuration required||Friendly immediate expansion|
|Failure recovery||Relatively friendly||Not friendly||Friendly|
|Data cleaning||Supports cleaning by topic but does not support TTL||Very unfriendly||Friendly and supports TTL|
|Usability||High—natively supports many frameworks||Average||Relatively high|
Tencent solved their scalability problem by integrating Pulsar into a distributed transaction framework called TDXA. TDXA leverages a message queue in both online transaction processing (OLTP) and real-time data processing to ensure consistency and prevent data loss. The message queue also handles, in a highly reliable way, any failures that might occur during transaction processing. Thus, the new solution is able to manage very high throughput with minimal delays.
Figure 3 gives examples of some of Tencent’s most common online transaction processing and real-time data processing activities.
In online transaction processing, the workflow associated with any given payment often involves multiple internal and external systems. This can lead to longer RPC chains (that is, communications) and more numerous failures—in particular, network timeouts (for example, when interacting with overseas payment services).
By integrating with a local transaction state, TDXA is able to recover automatically in the event of a failure. It then systematically resumes processing, thus ensuring the consistency of billions of transactions daily.
An automated teller machine (ATM) for a bank is an example of a commercial OLTP application. OLTP applications have high throughput and are insert- or update- intensive in database management. These applications are used concurrently by hundreds of users. The key goals of OLTP applications are availability, speed, concurrency, and recoverability. OLTP applications help simplify business in various ways—for example, by reducing paper trails and providing faster, more accurate forecasts for revenues and expenses.
To overcome the challenge of validating data consistency in Midas, Tencent implemented a reconciliation system to authenticate data. This enabled the company to shorten reconciliation time and detect problems much sooner
For mobile payments, real-time user experience is critical. For example, if a player purchases a hero in a mobile game like "King of Glory" and the hero is not delivered in a timely manner, it will inevitably affect the user's experience negatively and result in complaints.
With TDXA, Tencent can reconcile billing transactions in real time using a stream computing framework to process the transactions produced in the message queue.
During peak times (for example, a King of Glory anniversary celebration event), the transaction traffic in Midas can surge to more than ten times the average rate. The Pulsar message queue can buffer waves of high traffic to reduce the demand on the core transaction system for requests such as transaction inquiries, delivery notifications, and tips notifications.
Also, with the ability to process messages in a message queue in real-time, Tencent can offer real-time data analysis and provide precise marketing services to its customers and subsidiaries. Examples of typical services include transaction and balance reconciliation, fraud detection, and real-time risk control.
TDXA is a distributed transaction framework designed to solve the data consistency and durability problems associated with processing huge transaction volumes in the application layer. Figure 4 provides a technical diagram of Midas.
The TDF network manages the flow of traffic through the billing transaction system. These are the main components of the TDF network:
Distributed transaction manager(TM): The distributed transaction manager serves as the control center for TDXA. It uses a decentralized approach that will allow Tencent to scale the system as their business grows, offers necessary services, and ensures that systems are running and available 99.999% of the time. TM supports both the REST API-based Try-Confirm/Cancel (TCC) approach and hybrid DB transactions.
With TDF (which is an asynchronous coroutine framework and asynchronous transaction processing in TDSQL), TM is able to support the entire company's billing business in a highly efficient manner.
Configuration manager (CM): TDXA's configuration manager provides a flexible mechanism for registering, managing, and updating transaction processing flow at runtime. CM automatically checks the accuracy and completeness of the transaction flow. It also displays the transaction flow in a GUI console where users have the ability to manage it.
Distributed transactional database (TDSQL): A distributed transactional database which features high consistency, high availability, global deployment architecture, distributed horizontal scalability, high performance, enterprise-grade security support, and more. TDSQL provides a comprehensive distributed database solution.
Message queue (MQ): A highly consistent and available message queue that enables TDXA to handle various failure scenarios during transaction processing. A robust message queue plays a vital role in processing transactions for Midas.
In the process of adopting Pulsar, Tencent needed to make certain changes to Pulsar in order to meet their own unique requirements. In general, these changes provided support for the following:
Delayed messaging and delayed retries (supported in v2.4.0)
An improved management console
An improved monitoring and alert system
Each of these system enhancements is described in greater detail below.
Delayed message delivery is a common requirement in a billing service. This feature is used for handling timeouts in transaction processing. In the event of a service failure or timeout, it makes little sense to retry a transaction many times within a short period of time because it is likely to fail again. Instead, it is better to retry by leveraging Pulsar's delayed message delivery feature.
Delayed message delivery can be implemented in two different ways. One is by organizing messages by different topics based on the time delay interval (see Figure 5). Pulsar's internal broker checks those delay topics periodically and delivers the delayed messages accordingly.
The above approach satisfies most requirements, except when you want to specify an arbitrary time delay. An arbitrary time delay can be implemented using a time wheel, which can support a finer level of granularity. However, for this approach, the system needs to maintain an index for the time wheel, thus rendering this method unsuitable when there is a large volume of delayed messages.
While keeping Pulsar's internal storage unchanged, Tencent implemented both of the above approaches to support bargaining activities in the King of Glory game.
To ensure security across the tens of thousands of businesses it supports, Midas must synchronize transaction flow for each business.
Suppose you were to create a unique topic for each business. You would need to create tens of thousands of topics. This would greatly increase the burden of topic management. For example, if a consumer needed to consume messages from all the businesses involved in a given transaction flow, Midas would have to maintain tens of thousands of subscriptions.
To solve this problem, Tencent introduced an attribute called "Tag" to the metadata associated with a Pulsar message. Users can set multiple tags while producing a message. When messages are consumed, the broker filters out the desired tags.
The example below illustrates how the tags "King of Glory," "Wechat Payment," and "Successful Payment" could be used in a payment message. Here, the tags indicate where the transaction originated from (King of Glory game vs. Wechat Payment) and what the status of the transaction is (success vs. failure).
You need to have a robust management console if you plan to use message queues on a large scale. Tencent needed the Midas management console to be able to handle the following requests from its users.
What is the content of this message?
Who produced this message?
Will this message be consumed? If so, by whom?
To service these types of requests, Tencent added life-cycle-related information to Pulsar's message metadata. Doing so enabled Midas to track messages throughout their entire life cycle (from production to consumption). The numbered arrows in Figure 7 show the various stages in the life cycle of a message.
Figure 8 shows how Tencent uses Pulsar to monitor and alert on various metrics. Monitoring is accomplished using a series of user-defined alert rules. The metrics are collected and stored in Midas's Eagle-Eye monitoring platform.
Tencent monitors and alerts on the following key metrics:
Backlog: If a massive amount of information accumulates for online services, it means that consumption has become a bottleneck. When this happens, the system provides a timely alert so the appropriate personnel can deal with the problem.
Delay: The system should be able to search a purchase record within one second. By matching the production flow and consumption flow collected by the monitoring component, Tencent can calculate the end-to-end latency of each message.
Failure: The Midas Eagle-Eye platform maintains statistics of errors in the pipeline, monitoring and alerting from various dimensions such as business, IP, and others.
After making the enhancements described above, Tencent deployed Apache Pulsar with the architecture shown in Figure 9.
Pulsar has greatly enhanced Midas by providing the following components and capabilities:
Broker, the message queue proxy layer, is responsible for message production and consumption requests. Broker supports horizontal scalability and rebalances partitions automatically by topic based on the throughput.
BookKeeper serves as the distributed storage for message queues. You can configure multiple replicas of messages in BookKeeper. BookKeeper is enabled with automatic failover capability under exceptional circumstances—for example, when a storage node has broken disks.
ZooKeeper serves as the metadata and cluster configuration for message queues.
In addition, Pulsar lets Tencent designate how each subscription is to consume messages. A subscription is a consumer group associated with a topic. Three types of subscriptions can be used in streaming:
A shared subscription allows you to scale consumption beyond the number of partitions.
A failover subscription works well for stream processing in transaction cleanup workflow.
An exclusive subscription is used when only one consumer in a subscription is allowed to consume a topic partition at any given time.
After successfully adopting Pulsar, Tencent can now run their billing and transaction framework on a very large scale. With Pulsar's help, Midas now efficiently supports the following:
More than 80 payment channels with various characteristics
More than 300 different business processing units
Up to 8 clusters
More than 600 topics
Throughput rates of 50w+ queries per second
Data consumption rates averaging 10T+ per day
As a result of implementing Pulsar, Tencent can now:
Handle tens of billions of transactions during peak time.
Guarantee data consistency in processing transactions.
Provide 99.999% availability for the services it supports.
In summary, Pulsar's high consistency, availability, stability, and flexible framework have solved Tencent's biggest transaction processing challenges. By redesigning their transaction processing pipeline, Tencent can now scale Midas to handle the increased billing volume demands associated with their growing business.
Apache Pulsar is a young open-source project with attractive features. The Apache Pulsar community is growing rapidly with new adoptions in a variety of industries. We look forward to further collaborations with the Apache Pulsar community. We like to share advances with the greater community, and work with other users on making continuous improvements to Pulsar.
Tencent is a trademark of Tencent Holdings Limited.
Apache and Kafka are registered trademarks of The Apache Software Foundation.
Pulsar and RocketMQ are trademarks of The Apache Software Foundation.