Ticket Drop
Keep checkout stable during an on-sale surge when a dependency partially fails.
Kata overview
You do not need to be an expert to start. This kata keeps the stakes low so you can explore trade-offs, adjust the diagram, and see how the system responds.
Context for this system design kata
Keep checkout stable during an on-sale surge when a dependency partially fails. This system design kata keeps the stakes low so you can rehearse trade-offs before taking ideas into production reviews.
Scenario and practice focus
A high-demand event goes on sale and fans flood the site. The checkout must stay standing while preventing oversell and avoiding dependency collapse. During the surge, a critical dependency (e.g., payments or identity verification) enters a brownout: it slows down and intermittently fails. Fans refresh and retry aggressively. The platform must shed load under pressure and recover on its own.
Difficulty: Intermediate. Estimated time: 25–40 min. Domain: Consumer Internet.
Constraints to balance
Operational pressure
- No human in the critical path during an on-sale.
- Must prevent oversell (inventory correctness is non-negotiable).
Customer and product constraints
- A critical dependency can enter a brownout (slow + intermittent failures).
- Retry storms are expected; the system must resist amplification.
Scenarios to explore in the simulator
- Keep the on-sale experience stable and fair under extreme traffic.
- Prevent oversell and keep purchase outcomes trustworthy.
- Avoid retry storms and dependency collapse during brownouts.
- Drain the backlog after recovery without re-triggering failures.
- Keep costs controlled during on-sale windows.
Learning outcomes
- Design admission control that remains fast and fair under surge.
- Protect critical dependencies with backpressure and capped retries.
- Separate reservation from confirmation without creating “charged but no ticket” outcomes.
- Implement controlled recovery that drains the backlog at a rate the system can handle.
Give it a try!