Design a Stock Exchange Matching Engine
Sub-millisecond matching engine: in-memory order book, deterministic ordering, FIX gateways, market-data fan-out, and replay-based DR.
Intro
A modern equities exchange (NYSE, Nasdaq, NSE) clears millions of orders/sec at single-digit-microsecond latency. Architecture is dominated by a single-threaded in-memory matching engine per symbol, FIX/proprietary order gateways, deterministic replay logs for DR, and market-data publishers. This is the hardest 'consistency + latency' system most engineers will see.
Functional
- Submit / cancel / replace orders (limit, market, stop).
- Match orders against the book (price–time priority).
- Disseminate market data (top of book + full depth).
- Trade reporting + post-trade clearing handoff.
Non-functional
- Match latency p99 < 10 µs (microseconds, not milliseconds).
- 1 M+ orders/sec across symbols at peak.
- Strict ordering per symbol (price–time).
- Zero data loss; replay-based DR; recovery RTO < 1 s.
Components
Order gateway
FIX / proprietary protocol; serialises into binary.
Sequencer
Assigns global seq; broadcasts ordered stream.
Matching engine
Single-threaded per symbol; in-memory book.
Replay log
Append-only journal for DR + audit.
Market data publisher
Multicast top-of-book + depth.
Risk gateway
Pre-trade risk checks before sequencing.
Trade-offs
Single-threaded matcher vs. parallel
Pros
- Single-thread = deterministic ordering; lock-free.
Cons
- Throughput per symbol bounded by single core; need symbol partitioning.
FIX vs. binary protocol
Pros
- FIX: industry standard, widely supported.
- Binary: order of magnitude faster.
Cons
- FIX: text-heavy.
- Binary: proprietary, less interop.
Scale concerns
- GC pauses kill latency — pre-allocate, off-heap, or use Aeron/Disruptor.
- Network jitter — use kernel-bypass NICs (Solarflare).
- Failover correctness — primary + hot standby with state replay.
- Audit + regulatory replay — every event durable.