Alipay’s LDC Architecture: High‑TPS Design, Unitization, and CAP Analysis

Alipay’s double‑eleven payment peaks have grown from 20 000 transactions per minute in 2010 to over 540 000 per second in 2019, forcing a redesign of its backend to break the traditional single‑machine bottleneck.

The solution is the Logical Data Center (LDC) built on a unit‑oriented model: RZone (regional units handling user‑specific data), GZone (global units for shared data), and CZone (city‑level units for data with a write‑read delay). By assigning each user ID range to a dedicated RZone, the system achieves near‑linear scalability and isolates traffic.

Traffic is first routed by a global load balancer (GLSB) to the appropriate IDC, then the request is handed to the matching RZone. If a unit fails, the flow‑diversion (cut‑flow) process re‑maps data partitions and user‑ID ranges to healthy units, allowing seamless disaster recovery across same‑site, same‑city, and cross‑city data centers.

To satisfy the CAP theorem, Alipay relies on OceanBase, a Paxos‑based distributed database. OceanBase requires only a quorum ((N/2)+1) to commit a transaction, providing partition tolerance and high availability while offering eventual consistency. The system therefore operates as an AP solution with final consistency guarantees.

Key takeaways include the importance of logical unitization for massive TPS, the use of Paxos to avoid split‑brain scenarios, and a traffic‑shifting strategy that keeps services available during failures.

RZ0* --> a
RZ1* --> b
RZ2* --> c
RZ3* --> d

[00-24] --> RZ0A(50%),RZ0B(50%)
[25-49] --> RZ1A(50%),RZ1B(50%)
[50-74] --> RZ2A(50%),RZ2B(50%)
[75-99] --> RZ3A(50%),RZ3B(50%)