How Alibaba Guarantees System Stability for Double 11: Large‑Scale Operations Lessons

Why Double 11 Is Alibaba’s Biggest Technical Challenge

Every year the 11‑November shopping festival generates unprecedented traffic, making it the most demanding stability event for Alibaba. The technical risk leader is responsible for guaranteeing that the system can handle millions of orders per second without failures.

Key Stability KPIs

Transaction rate‑limit commitment – the system must limit orders to a promised QPS and gracefully handle excess traffic.

Zero‑fault target – any system error counts as a fault; the goal is no faults during the event.

Seamless user experience – even if the first order is throttled, the second attempt must succeed and payment amounts must be exact.

Full‑link pressure test – 100% success in a realistic online load test before the event.

1 Organization and Operation

A dedicated technical task force is formed, headed by a group leader, a technical commander, and BU‑level technical captains. Planning starts in July, covering PRD, marketing, development, and testing. By August‑September the teams finalize the operation manual and verify thousands of pre‑degradation switches, each with a human check.

2 Preparation Plans and Technology

Early incidents (e.g., 2011 functional bugs that forced merchants to take down products) highlighted the need for rigorous functional testing, SKU validation, and price accuracy. From 2012 onward, Alibaba introduced systematic capacity planning, offline “shrink‑capacity” tests, and later full‑link online pressure testing that simulates real traffic using CDN nodes across thousands of locations.

Full‑link testing required building shadow databases, tagging traffic, and modifying middleware and core services—affecting thousands of applications and millions of database instances.

3 Day‑of Assurance

On the event day, a centralized command center (cloud‑top) collects issues from DingTalk, routes them to the responsible BU, and escalates critical incidents (P2+) for immediate decision‑making. Network isolation, cloud‑product controls, and automated rollback mechanisms protect the system from accidental releases.

Red‑blue team attack‑defense drills simulate hardware failures, network outages, and container crashes, enforcing a 5‑10‑minute recovery SLA for any service.

4 Review and Knowledge Transfer

After each Double 11, a promotion command center archives BU‑level post‑mortems, enabling new leaders to learn from past failures. Annual training camps ensure that incoming technical captains inherit best practices and system‑level safeguards.