The present application relates to data processing systems and, more particularly, to techniques for transaction or request processing in such data processing systems.
Market matching engines are data processing systems that process high rates of requests or transactions (also referred to herein as transaction processing systems), and are used by financial companies to trade items such as stocks and other commodities. Clients enter orders to either buy or sell an amount of an item. Scaling market matching engines to handle high request rates within guaranteed response times is critically important. High availability is also essential.
In the simplest case, a client will issue an order to buy or sell a fixed amount of an item. More complicated orders may include so-called “multiple leg” or “multileg” trades, in which an order includes multiple items to buy or sell and where there may be correlations and dependencies between different parts of the same order. Thus, a multileg trade is one in which two or more trades are contained in the same request. For example, a client might want to sell 100 shares of company A stock at $88 per share and, in the same order, buy 100 shares of company B stock at $88 per share. If the client can not execute both legs of the multiple leg trade, then the client prefers to execute neither leg.
The concepts behind multileg trading have existed for many years and were initially developed by traders who would notice they could buy commodities such as grains at different prices from various farmers in different towns. This eventually moved to the stock exchange floor where a trader would notice that the exchange rates of Platinum and Gold could have a small amount of price difference so that a profit could be made by selling off a larger quantity of perhaps Gold and buying a smaller quantity of Platinum. The faster the trader and the faster her ability to execute the trade without other traders noticing the arbitrage could mean the difference between making a big profit and getting no profit at all. Handling multileg trades of this nature on open exchange floors has been done by working with other traders. The trader would sell his Gold; as soon he received the hand signal the transaction had completed, he would signal another trader to execute his buy of Platinum.
Most mutileg trades would be between two symbols as an example (prices are per ounce): Gold at 653.45 and Platinum at 1292.34. The concept certainly could be extended to three or more items: Dollar to Euro 1.34 and Euro to British Pound 0.6734.
Current stock exchanges do not support electronic multileg trading. As indicated in the previous description, the concepts of signaling to make a trade and make it active would interrupt the standard flow of trades. Some brokerage companies do support the concept, and they determine the rules of how much risk they are willing to take if the sell and buy does not complete or completes with incorrect values. A key problem with current support of multileg transactions is that the level of coordination is insufficient to achieve precise matches in prices requested by clients. As a result, clients have to be willing to tolerate approximate price matches if they are to use multileg trades. Because of this, many customers are not using multileg trading.
Types of trades where multileg support would have significant impact are in the monetary (gold, silver, etc.) and foreign exchange trading (dollar, euro, pound, etc.). Other examples would be in specific stock groupings (technology, biotech, etc.).
There is thus a need to achieve automated multileg trading with greater precision in prices than offered by existing methods.
Principles of the invention provide automated techniques for coordinating request or transaction processing in a data processing system.
For example, in one aspect of the invention, a technique for handling requests in a data processing system comprises the following steps. A compound request comprising at least two individual requests of different types is received. An individual request r1 of the compound request is placed on a queue for requests of type t1, wherein t1 is the request type of r1. After r1 has reached the front of the queue, it is determined if at least one individual request of said compound request can execute. The compound request is executed if it is determined that all individual requests of the compound request can execute.
In another aspect of the invention, a technique for handling compound requests, in a system comprising multiple nodes for executing requests in which an individual request is associated with a particular node, comprises the following steps. A compound request comprising at least two individual requests associated with a same node is received. It is determined if both of the at least two individual requests are executable. The compound request is executed if it is determined that all individual requests of the compound request can execute.
Further, principles of the invention also provide automated techniques for minimizing communication between nodes in a system comprising multiple nodes for executing requests in which a request type is associated with a particular node.
For example, in such an aspect of the invention, a technique comprises the following steps. Information is maintained about frequencies of compound requests received and individual requests comprising the compound requests. For a plurality of request types which frequently occur in a compound request, the plurality of request types is associated to a same node.
In yet another aspect of the invention, a technique for minimizing communication between nodes, in a system comprising multiple nodes for executing a plurality of applications, comprises the steps of maintaining information about an amount of communication between said applications, and using said information to place said applications on said nodes to minimize communication among said nodes.
While not intended to be limited thereto, the above techniques may preferably be implemented in accordance with market matching engines and financial exchanges.
These and other objects, features and advantages of the present invention will become apparent from the following detailed description of illustrative embodiments thereof, which is to be read in connection with the accompanying drawings.
While certain illustrative embodiments of the invention will be described herein from the perspective of financial transactions, it is to be understood that principles of the invention are not limited to use with any particular application or data processing system. Rather, principles of the invention are more generally applicable to any application and any data processing system in which it would be desirable to provide improved transaction processing.
As mentioned above, a multileg trade typically includes multiple legs each presenting a request to trade in a different instrument. The trade will typically be matched and executed only if all the legs can be matched and executed. Each leg typically executes in a specific valid order/sequence in the book defining trades in that symbol. Multileg trades typically are not reported executed back to the requester until all leg executions have been durably hardened in persistent storage so that state can properly be restored in the event of a failure. For scalability, a system handling multileg trades may consist of many nodes. Trade-matching venues preferably have multiple in memory copies with some fail over scheme and consistent sequencing enforcement between the copies. Trade-matching venues preferably stream matched requests to some set of logging servers, hardening executed trade reports (which allows them to be reconstructed after a failure) in order and indicating high water mark progress in writing these logs back to the execution venues to allow durable (logged) trades to be reported as executed back to the requester.
It is to be appreciated that “processing nodes” or, more simply, “nodes” in a data processing system such as the ones described herein may be logically allocated portions of processing resources (virtual machines) within one computing system, such as a mainframe computer. Alternatively, such processing nodes may be one or more types of computing devices, e.g., server, personal computer, laptop computer, handheld computing device, etc. However, principles of the invention are not limited to any particular type of computing device or computing architecture.
We first describe a general embodiment of our invention for coordinating request processing.
Multileg requests are examples of compound requests. In an illustrative embodiment of the invention, the data processing system either executes all of the individual requests in a compound request or it executes none of the individual requests. In order to execute a request, one or more preconditions must be satisfied. For example, in order to buy 30 shares of IBM stock at $105 per share, the shares must be available at that price on the market. A compound request contains two or more individual requests. The number of individual requests in a compound request may be up to an arbitrarily large number. While there is no limit to the number of individual requests in a compound request, the complexity and time for handling compound requests grows with the number of individual requests contained therein.
Principles of the invention realize that there is often an ordering for processing individual requests: For example, requests for IBM stock may have to be processed in the order in which they are received. These order constraints have to be observed in processing compound requests.
As shown, in step 10, the system receives a compound request which is a request comprised of a plurality of individual requests. For example, consider an individual request to sell 100 shares of Microsoft stock at $30 per share and another individual request to buy 30 shares of IBM stock at $105 per share. An example of a compound request would be to both sell 100 shares of Microsoft stock at $30 per share and to buy 30 shares of IBM stock at $105 per share. If we had a third individual request to buy 1 share of Google stock at $500 per share, then another compound request would be to sell 100 shares of Microsoft stock at $30 per share, to buy 30 shares of IBM stock at $105 per share, and to buy 1 share of Google stock at $500 per share.
In step 12, one of the individual requests, r1, making up a compound request is placed on a queue of requests for its type. For example, let r1 be a request to sell 100 shares of Microsoft stock at $30 per share. The financial exchange may process requests for a specific stock, in this case Microsoft stock, in the order in which the requests are received. In step 12, r1 would be placed on a queue for Microsoft stock.
In step 14, r1 reaches the front of this queue. At this point in time or shortly afterwards, the system determines in decision step 16 whether r1 can execute (a variation on this embodiment within the spirit and scope of the invention is to instead determine whether at least one of the other requests (not r1) within the compound request can execute). In order for r1 to be executable, some combination of clients must be willing to buy 100 shares of Microsoft stock at $30 per share.
If it is determined in step 16 that r1 can execute, it is determined in step 17 whether the other individual requests within the compound request can execute. For example, a request to buy 30 shares of IBM stock at $105 per share will only be executable if shares at this price are available on the market. If any request is found that can not execute, then step 17 can terminate. Otherwise, if all requests can execute, then processing continues to step 18 which causes the entire compound request to execute.
When the compound request executes in step 18, all of the individual requests within the compound request execute. Step 18 may also write the results of the request execution to persistent storage, in a database management system (DBMS), for example. That way, after a failure, the results of the executed compound request would still be available from the persistent storage. After the request executes, the system might also notify the client that the compound request has executed.
If, in step 16 or step 17, it is determined that at least one individual request can not execute, one option would be for the system to reject the compound request and to execute none of the requests within the compound request. The system could optionally inform a client that the compound request has failed.
Another option in response to a negative determination from step 16 or 17 would be for the system to periodically re-determine whether it may be possible for all of the individual requests to execute and if this determination is eventually affirmative, executing the compound request.
Another option in response to a negative determination from step 16 or 17 would be for the system to only execute a subset of requests in the compound request for which each request in the subset can actually execute. The system could then inform a client of which requests have executed.
In this example, r1 can play a key role in determining whether to continue trying to satisfy the compound request. In step 16, the system can make a decision of whether to proceed with trying to satisfy the compound request based on whether r1 can execute. In order to minimize the number of individual transactions that need to be tested to reject a compound request which cannot be satisfied, one approach is to pick r1 in step 12 because it has a relatively low probability of being executable.
Each of the individual requests might have ordering constraints, not just r1. For example, requests to buy or sell IBM stock might have to be processed in the order in which they are received. Similarly, requests to buy or sell Google stock might have to be processed in the order in which they were received. Microsoft, IBM, and Google stocks might each have their own queues for ordering requests.
Therefore, a variation within the spirit and scope of this invention is to place one or more requests of the compound request, in addition to r1, on a queue corresponding to its request type. The system would then determine if the individual requests are executable only after the plurality of requests have reached the front of their respective queues. That way, no request corresponding to the compound request placed on a queue would be executed before an earlier request of the same type was received and placed on the same queue.
One option is to place all individual requests comprising the compound request on queues and wait for them to reach the front of their respective queues before seeing if they are executable.
As before, let r1 be a request to sell 100 shares of Microsoft stock at $30 per share. Just because r1 can execute at one point in time does not mean that it will be able to execute later. For example, Microsoft stock could be selling at $30 per share and the price could then drop to $25 per share.
In some (but not all) environments, it may be possible to reserve some resources to allow an executable individual request to continue to be executable for sometime into the future. If, in the meantime, the other individual requests become executable, then the entire compound request can execute. If it turns out that at least one other individual request is not executable, then the system may be able to release the resources reserved for the executable individual request and reject the compound request.
We now describe another embodiment of the invention in the context of a highly available system for financial exchanges. The following background information is important for understanding this embodiment.
Market matching is a core component needed to manage trading in a set of financial instruments. A market matching service typically maintains a set of order books. Different order books may be maintained for different financial instruments traded. The order books may be used for processing arriving orders to buy and sell those instruments. Requests arriving at the market matching service may be a mixture of new orders, cancellations and modifications of previous orders, etc. A simple order is a request to buy or sell a specific quantity of a specific instrument on behalf of a specific customer at a named price or limit price. Refinements such as mass-quote, stop loss and all-or-nothing orders require additional features but do not change the basic pattern of processing.
Within the market matching function, arriving orders may be added sequentially into an order book for an instrument it refers to. A market matching engine should then identify and execute one or more orders which can be traded immediately. It does this by matching a newly arrived order with other matching orders already in the book for that instrument. Orders to sell are matched with orders to buy for the same instrument at the same price and conversely.
Published business rules govern how this matching of orders is to be done. For example, orders might have to be processed fairly and in the sequence in which they are received. Orders might always have to be satisfied at the best matching price available and for as much of the quantity specified in the arriving order as is possible at that price and time. If there is a choice of matching orders at the best price, published allocation rules may govern which matching orders will be selected for trading.
A market matching function may also be responsible for generating acknowledgements when it has processed an order, reporting on successfully applying an order to the market book and on trades executed involving that order. A gateway function is to return these acknowledgements to the customer. The market matching function may also be responsible for generating and distributing market information describing the current market liquidity and recently executed trades anonymously.
Customers may interact with a market matching function of an exchange through sessions with a set of gateways—we also use the term gateway processing nodes. The gateways may handle the communication and client session processing for an individual client's electronic connection to the exchange. One client may be interacting with multiple trading products in an exchange and with multiple order books within each trading product. The gateway processing may be responsible for forwarding orders from customers to an appropriate market matching function and getting acknowledgements from the market matching function delivered back to the customer.
Since reliability may be a critical requirement on the market matching function, market matching processing may be organized so as to have secondary market matching capability prepared and ready to take over processing responsibility from primary market matching capability in the event of a market matching engine failure.
An electronic market matching engine may operate in a continuous loop executing a sequence of logical steps for received requests similar to the following:
In addition, a market matching system may provide operator facilities to start, stop, pause and monitor markets (sets of books). It may also provide facilities to allow operators to locate books within the matching engine and orders of a particular customer, and process them individually, or make manual corrections.
In order to satisfy high request rates, it is necessary to use multiple nodes in which different requests may be routed to different nodes. Multiple nodes would be different computers which do not necessarily share a memory. This will achieve much better performance than using a single node for handling requests. In previous examples using execution venues (EV), this would correspond to a scenario in which multiple execution venues are used, not just for high availability but for handling higher request rates as well.
In financial transactions, state information corresponding to buy and sell orders may be referred to as order book state. If IBM, Microsoft, and Google stock are being traded, then a separate order book containing buy and sell orders may exist for each of these stocks.
In
In
Thus, it should be clear that minimizing communication between nodes for handling compound requests is important for performance.
In step 42, the system determines if the individual requests which would execute on the same node (requests for IBM and HP in the example) are executable. As soon as the system finds an individual request which is not executable, one option is to reject the compound request. Another option is to see if the individual request becomes executable at some point in the future. The key advantage to this approach is that one is handling both the IBM and HP requests without extraneous communication to a remote node.
If it turns out that all individual requests on the same node are executable, the system determines whether the other individual request(s) comprising the compound request are executable in step 47. If all individual requests are executable, then the compound request may execute in step 48. If all individual requests are not found to be executable in step 47, then the system could reject the compound request. Alternatively, the system could determine if an unexecutable request becomes executable in the future. Note that step 47 does not always require that all requests be tested for executability. If any request is found to be unexecutable in step 47, then it is not necessary to keep testing remaining requests for executability.
If the system determines that all requests on node 1 can execute, then it consults the node with a next highest number of individual requests assigned to it and performs a similar procedure. As the system continues to find all examined requests being executable, it consults nodes in decreasing order of individual requests assigned to the node until a request which is not executable is found or all requests have been found to be executable. If it is determined in step 57 that all requests are executable, then the compound request executes in step 58.
In some cases, it will be desirable to assign one or more stocks (or more generally, request types) to a different node in order to minimize communication in compound orders. For example, in
A general heuristic that may be applied in step 62 is to group stocks on a same node which typically occur in a same compound request. For example, if requests for IBM stock and requests for Microsoft stock are frequently paired together in a compound request, it would be preferable to process requests for both IBM and Microsoft stock on a same node. Therefore, order books for both IBM and Microsoft stock should be stored on that same node.
One method is as follows. The system determines relative frequencies with which groups of stocks appear in a same compound request. The groups which most frequently appear in a same compound request are preferably assigned to the same node.
An example of this method is as follows. The system determines the relative frequencies with which pairs of stocks appear in a same compound request. Suppose that there are n stocks which can be indexed by stock[1], stock[2], . . . , stock[n]. Then f[i,j] represents the relative frequency with which both stock[i] and stock[j] appear in a same compound request. The higher the value of f[i,j], the more frequently stocks i and j appear in a same compound request.
The system assigns stocks to nodes by scanning through f[i,j] in order of decreasing values. It uses information monitored in step 60 to estimate how much request traffic each stock is expected to incur. As stocks are assigned to nodes, the system maintains an estimate of the capacity the node still has despite request traffic to stocks already assigned to the node. The system starts with a highest value of f[i,j]. It scans through values of f[i,j] in decreasing order until a value of 0 is reached. If both stock[i] and stock[j] have already been assigned to nodes, no further assignments are made. If neither stock[i] nor stock[j] has been assigned to a node, both stock[i] and stock[j] are assigned to a node, nh, with a highest amount of estimated capacity not used up provided nh has sufficient capacity; if this assignment would cause the estimated load of nh to exceed a maximum, stock[i] and stock[j] are not assigned to a node until some point in the future. If only one of stock[i] and stock[j] has been assigned to a node n1, the system assigns the other stock to node n1 if and only if doing so would not cause the estimated load of n1 to exceed a maximum. If this assignment would cause the estimated load of n1 to exceed a maximum, the other stock is not assigned to a node until some point in the future.
Scanning through values of f[i,j] in decreasing order continues until either all stocks have been assigned to nodes or a value of f[i,j]=0 is reached. If a value of f[i,j] 0 is reached, the remaining unassigned stocks are assigned to nodes in another fashion. For example, they could be assigned to nodes by scanning through each unassigned stock and assigning it to the node with the highest estimated remaining capacity.
Updating the partitioning of requests in step 62 can be done when the system is offline. For example, the system may be taken offline for maintenance purposes, including optimizing the assignment of stocks to nodes. In another scenario, the markets might shut down at the end of business hours, allowing the assignment of stocks to nodes to be optimized before the markets are next re-opened.
Another option is to dynamically reassign stocks to different nodes while the system is still running. Since the reassignment process incurs overhead and can potentially disrupt normal execution, it is not desirable to perform reassignments too frequently. Instead, the system can monitor the overhead from internode communication due to compound requests. When this overhead gets too large, the system can then move one or more stocks to other nodes to reduce internode communication; this would be done while the system would continue to serve requests.
Note that the methods depicted in
In this scenario, the monitoring techniques corresponding to step 60 in
We now describe another embodiment in the context of
In the following embodiment, multileg requests correspond to compound requests described in the earlier embodiments.
It is to be appreciated that certain characteristics may be realized in accordance with illustrative principles of the invention. For instance:
At a given point in time, typically only one leg of the multileg trade is being considered for active matching. At a point in time, there are a set of legs of the multileg trade which have been provisionally matched and have appropriate specific trades defined and waiting to see if all legs of the multileg can be matched. There is a “next leg” which is the leg in process for which we are trying to find a match allowing this to be added to the set of provisionally matched legs. There are waiting legs being held outside the books where they are available for matching by incoming market requests. In principle, we do not want to allow more than one “next leg” to be sitting on books available for matching by incoming requests.
The “least likely to trade immediately” leg of the “not yet provisionally matched legs” is the one which should preferably be actively matched or should be sitting in a book available to be actively matched by new incoming requests to trade on its instrument.
An efficient mechanism is provided for a venue which has provisionally matched a leg of a multileg trade to signal to other execution venues of the next-least likely-to-trade-immediately leg, asking them to now actively seek an execution for that leg as their next (high priority). The execution venue (EV) sites can interact with a shared facility such as a coupling facility (CF) to determine the next request to match in a way compatible with peer matching engines for this instrument.
If in processing a non-primary leg of a multileg trade, no match is found, this provides new information on likelihood of immediate tradability: specifically we know that this leg is not immediately executable (and by implication the overall multileg is not immediately executable). Hence, provisionally matched legs should be undone and released so that trading on those instruments with other requests can continue; furthermore, the leg which is not executable should become the primary. We describe this as “Inversion” for a two leg trade. In the general case, it is a change making the leg the one which continues to be actively matched.
There is a new hardening principle: the logging service should report as its high water mark of trades durably logged the furthest point in its log such that:
In the event of an execution venue (EV) failure, the exact sequence of executed trades must be replicated identically on a replacement or takeover book processor at least up through:
Now we want to execute “all or nothing two leg trades” against the full liquidity on single leg books with minimal latency loss, assured logged execution, etc.
The objective is to provide maximally scalable, minimal latency handling of both single leg and multileg trades, with multileg trades being disadvantaged with respect to single leg trades when this is necessary to minimize the disruption of single leg only traffic.
This is not a well posed problem for exchange recovery schemes based on total request preordering scheme, which by definition requires the run behind delay of the slowest book to be propagated to any other books connected to it via chains of multileg trades.
Hence the multileg design presented here presumes and is based on a partially ordered reliable recovery scheme for single leg trading which handles all single leg requests in the order in which they are received. This could be a system using primary-secondary pairs or a peer coupled system using a Coupling Facility (CF) to provide coordinated ordering of trades across peer matching venues.
We first outline here how to implement a processing and recovery algorithm assuming high performance low latency messaging between nodes but no Coupling Facility (CF). The following section will show how we can improve the algorithm exploiting the synchronizing reliable coupling facility.
It is to be appreciated that we present the multileg processing and recovery algorithm as a set of deltas on the partially ordered primary-secondary availability scheme.
An overview of the major steps in processing multileg trades is shown in
We illustrate and discuss multileg-trades with examples which are two leg trades. The same principles apply to multileg trades with orders greater than two.
Gateways (GWs) are where trades arrive from customers and enter the trading system. Gateway processing of a multileg trade differs from the processing of a single leg trade in that it is submitted for Multileg Processing (MLP). This additional processing may be collocated with the gateway where the multileg trade request arrived or could be located in a separate node in the scalable trading system.
The multileg trade processing algorithm breaks up the multileg trade requests into separate requests which can be routed independently to each venue trading its leg. Furthermore, an initial “order of processing” of the legs is selected. For a two leg trade this involves an ALeg intended to be initially matched first, and a BLeg matched second.
The heuristic used in ordering the legs of a multileg trade is that legs less likely to execute immediately are matched before legs more likely to execute immediately. This heuristic decision will not affect the outcome of the multileg trade but can improve the efficiency with which multileg trades are matched. Recent market price and market liquidity history is used as the basis for the heuristic order assignment. There is no requirement for the ordering to be based on exact or current information.
The multileg processing publishes the separate requests for each leg to the topic which will deliver the leg request to all venues (primary secondary or peer) performing market matching for the target of that leg. The leg request messages include:
The effects of this are illustrated in
When the leg requests arrive at the market matching venues, they are enqueued along with the single trades in the stream of requests arriving at that venue from all gateways. In this way, we ensure that no multileg trade unfairly “overtakes” a single leg request because one of its legs has a short queue. This stage is illustrated in
The queues are managed in a primary-secondary failover market matching scheme with the primary setting the order in which requests from different gateways will be handled. In a peer scheme, the peer market matching nodes coordinate through a coupling facility to ensure each handles requests from different gateways in exactly the same order.
When the secondary leg (Secleg) request reaches the front of the request queue at the secondary node, rather than being matched it is “saved aside” in a bag. This prevents there being more than one leg of a multileg trade concurrently available in books for matching and hence suppresses possible race conditions.
When the primary leg (PriLeg) reaches the front of the queue of the primary node handling matching for its target book or, in the case of peer-peer failover schemes, is agreed to be the “next order” to be handled:
When the potential primary leg trade information arrives at a matching node for the next leg in the leg sequence for the multileg trade:
If, at the secondary node, the secondary leg has not arrived and is not available in the bag, this is handled like a secondary match failure except that a record is left that when this secondary leg arrives—it is to be handled as a primary since the decision was to invert the multileg.
For multileg trades involving more than two legs, if the secondary matches correctly then the algorithm proceeds recursively publishing to the third leg (or subsequent leg) that potential matches for legs 1, 2, etc. have been found and performing the critical test on the next leg in the leg order.
Processing of these reports back at the primary leg nodes is as follows:
A critical requirement in single leg trading is that no trade completion message goes back to the request issuing gateway until the log in some durable history recorder for the book where the trade has been matched has progressed to a point at which that executed trade is known to be on disk and hence completely recoverable. Hence, there is a list of processed but not confirmed trades sitting at the primary waiting to be confirmed back to their gateways when an appropriate history persisted (HP) report is received.
For a multileg trade involving book1 and book2, we need a corresponding degree of assurance—namely that:
The logger persisting book1 has got beyond the book1 leg
And before the persisting book 2 has got beyond the book2 leg
Before any execution confirmations go back to a gateway.
This is a sufficient condition because neither book will fail back and undo trades which have been persisted and potentially reported back to clients. So if each book has hardened beyond its leg, neither leg of the trade is at risk and the entire trade can be reported.
The simplest way of ensuring this is to impose on history recorders (e.g., HR in
History recorders write out arriving streams of single leg and multileg orders as fast as they arrive and test for progress of unbroken complete sequences on to the disk.
They report progress in logging history using reports with a pair of values:
Maximal disk progress=x1 for a logger recording book1 means that:
As an illustration of these concepts:
Book1 will handle confirmed progress reports and release completion notices exactly as it handled disk progress reports from history recorder previously. No trades in a book following a multileg will be reported back to the requesting gateway until both legs of all preceding multilegs are written into the appropriate book logs and the additional single legs trades on this book up to this one have all made it to disk.
At this point, the leg1 primary is in a position to report completion of the multileg to the requesting gateway. The leg2 primary can assume that the completion has been sent and move on to confirming following (single or other multileg trades on its book).
One refinement is needed to handle history recorder failover. The history recorder must have a valid list of unconfirmed multileg trades which it is watching for disk progress reports from other history recorders on to step forward. The history recorder can always get this list after a failover by reading its log, but a question to be determined is how far back must it go. To address this question, each history recorder may keep a “no unconfirmed multilegs beyond” indicator and periodically checkpoint these into the log. Then, when reading the log in history failover (backwards), the history recorder can stop at the first of these.
We now explain the problems associated with replay in multileg recovery. The question here is what happens when a trade matching node fails and multileg trades are being supporting introducing trader ordering dependencies between books.
In single leg trade only recovery using a primary-secondary failover scheme, the basic algorithm on a matching node failure is as follows:
The problem with this scheme in the presence of multileg trades is that if book1 processes trades {x1, x2, (x3,y3), x4} but then fails before x1 is persisted, book1 secondary with the basic single leg trade rules may see the arrival order as {x1, x4 (x3,y3), x2}. But, if it proceeds to execute this unilaterally, the results of the mutileg (x3,y3) are now invalid. If that gets re-executed as (x3′,y3′) or not executed at all, book 2 will have to replay its market progress from the (x3′y3′) point.
This is possible in principle (since nothing has been confirmed back to gateways using the logic of the preceding section)—but is a huge risk in terms of being able to keep up with the stream of arriving requests in real time.
The principle for avoiding replay in the presence of multileg trades is that in the event of a primary failover, the secondary taking over book1 recaptures the exact ordering of all trades persisted into the book1 log. In addition, for a multileg environment, if there are multileg trades on which book1 interacted with other books before it crashed, then the secondary taking over book1 must recreate the sequence of orders previously processed by the book1 primary through subsequent multileg trades. The secondary taking over book1 is free to reorder the tail of single leg only trades beyond the primaries history log and beyond the last multileg.
If the previous primary ordering of all multileg trades is recreated, then these can be repeated by the secondary taking over the book. The ongoing processing at other books related through multileg trades is now valid. There is no risk of having to modify trades previously seen as handled at other books.
We describe first an implementation of this which uses cross-logging. We shall see subsequently that this can be significantly simplified by use of a reliable synchronous Coupling Facility (CF) environment.
This replay requirement is illustrated graphically in
Essentially the scheme is that when the primaries for book1 and book2 interact on multileg trades involving book1 and book 2, they exchange in their messages the current sequence of previously processed requests from the current back through the persistence progress point on each book. This sequence cross-logging will be included in the history record which each book primary sends to its history recorder.
Now suppose the book1 primary fails after processing a sequence:
{x1, x2, (x3,y3), (x4,z4), (x5,w5), x6, x7}
none of which have made it to its log, where y3 was on Book2, z4 on book3, w5 on book5.
Also suppose that (x4,z4) is available either from a live primary handling book3 or from the persisted book3 log but, for any subsequent multilegs, the primary on the partner book failed without persisting them. Then, the ordering sequence {x1, x2, (x3,y3), (x4,z4)} is recoverable. The secondary taking over book1 is required to replay this exact sequence. Since there is no available record of any subsequent multileg in any log or book, that is effectively lost and may or may not be recreated on replay—as would have been true for single leg trades in the tail beyond the log in single leg trade recovery today.
Advantageously, the cross-logging scheme described above reduces replay to the tail of transactions which are beyond the recoverable sequencing from any log or memory record of any book processing the complex. That is an acceptable replay burden requiring no more cross node coordination than the original replay of tail single leg transactions.
All of the above algorithms presume extremely fast reliable low latency communication for which exploitation of CF Sysplex Hypersockets is natural. Assumption:
CF (list server) provides a facility
Sharable among all book processing nodes
Allowing synchronous data interaction with millisecond response time
100,000 s interactions per second
Stability/recoverability of written information may be equivalent to that on disk
So now have each primary book processing node write its request sequencing into CF synchronously after processing them against the book and before it request persisting of the trade results by the history recorder. On multileg trades, LegA say book1 writes an “in doubt” before interacting with LegB at book2. Book2 processes its leg and writes a definitive Yes/no+results into CF before messaging back to book1. On a primary failover, the primary can now replay the information in the CF which is guaranteed to repeat correctly all trades through the last one.
If the last trade is single leg, that can be ignored—secondary is free to replace it with an alternate ordering. In the last trade for this (failed book) is a multileg and this book—book1 was the A Leg—then the Bleg will have written a record into the coupling facility before sending back the confirmation to this node. If that can be retrieved from the coupling facility, then book2 has proceeded including this trade; the secondary taking over book1 is required to replay it as recorded in the CF. If there is no book2 record of the multileg trade in the CF, then neither book has a stable record of this trade. Either it did not reach book2 or book2 failed before executing it and writing a persistent record. The secondary taking over book1 is free to attempt the trade again and can accept success or failure as the result, or on the basis of its received order, execute some different trade.
Basically use of the CF substantially simplifies the retrieval of information from multiple logs by writing the critical replay sequencing information into a stable sharable place. Also, cross-logging may be chosen for disk based recovery as well as using the CF.
If there are concerns about the stability of CF held information on trades relative to dual disk logging of trades, one embodiment is to choose to have the cross-logging information there for additional (disaster) disk-based recovery.
Referring lastly to
Thus, the computer system shown in
As shown, the computer system includes processor 161, memory 162, input/output (I/O) devices 163, and network interface 164, coupled via a computer bus 165 or alternate connection arrangement.
It is to be appreciated that the term “processor” as used herein is intended to include any processing device, such as, for example, one that includes a CPU and/or other processing circuitry. It is also to be understood that the term “processor” may refer to more than one processing device and that various elements associated with a processing device may be shared by other processing devices.
The term “memory” as used herein is intended to include memory associated with a processor or CPU, such as, for example, RAM, ROM, a fixed memory device (e.g., hard drive), a removable memory device (e.g., diskette), flash memory, etc. The memory may be considered a computer readable storage medium.
In addition, the phrase “input/output devices” or “I/O devices” as used herein is intended to include, for example, one or more input devices (e.g., keyboard, mouse, etc.) for entering data to the processing unit, and/or one or more output devices (e.g., display, etc.) for presenting results associated with the processing unit.
Still further, the phrase “network interface” as used herein is intended to include, for example, one or more transceivers to permit the computer system to communicate with another computer system via an appropriate communications protocol.
Accordingly, software components including instructions or code for performing the methodologies described herein may be stored in one or more of the associated memory devices (e.g., ROM, fixed or removable memory) and, when ready to be utilized, loaded in part or in whole (e.g., into RAM) and executed by a CPU.
In any case, it is to be appreciated that the techniques of the invention, described herein and shown in the appended figures, may be implemented in various forms of hardware, software, or combinations thereof, e.g., one or more operatively programmed general purpose digital computers with associated memory, implementation-specific integrated circuit(s), functional circuitry, etc. Given the techniques of the invention provided herein, one of ordinary skill in the art will be able to contemplate other implementations of the techniques of the invention.
Although illustrative embodiments of the present invention have been described herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various other changes and modifications may be made by one skilled in the art without departing from the scope or spirit of the invention.
This patent application is related to the concurrently-filed U.S. patent application identified by attorney docket no. YOR920070280US1 entitled “Methods and Systems for Coordinated Transactions in Distributed and Parallel Environments,” the disclosure of which is incorporated by reference herein.