The Question

Scalable Railway Reservation System

Design a high-concurrency railway booking system similar to IRCTC capable of handling 10 million daily users and extreme traffic surges (e.g., millions of concurrent users during a 1-hour window). The system must support train searches, real-time availability checks, and atomic booking transactions with strong consistency. Address how you would prevent overbooking, handle massive spikes in traffic, and ensure low-latency search results under load.

PostgreSQL

Redis

Kafka

CDN

WAF

Elasticsearch

Istio

Debezium

Questions & Insights

Clarifying Questions

What is the peak concurrency target? Does 10M represent total registered users or peak concurrent users (e.g., during the 10:00 AM/11:00 AM Tatkal window)? Assumption: We are designing for 1M+ peak concurrent users and 10M daily active users.

What is the consistency requirement for ticket booking? Can we afford overbooking? Assumption: Absolute strong consistency is required for inventory management; overbooking is not permitted.

What is the read/write ratio?Assumption: Highly read-heavy for search/availability (100:1), but writes are extremely bursty during specific windows.

Are we handling payments?Assumption: We integrate with external Payment Gateways but must handle the asynchronous callback and timeout logic.

Thinking Process

The Inventory Bottleneck: How do we manage thousands of users clicking "Book" on the same 72 seats in a carriage simultaneously?

The Thundering Herd: How do we prevent the system from collapsing at exactly 10:00:00 AM?

The "Waiting Room" Pattern: How do we protect the database from being overwhelmed while providing a fair user experience?

Data Partitioning: How do we shard the database to handle millions of PNRs without creating hot partitions on popular trains?

Bonus Points

Virtual Waiting Room (Queue-it Pattern): Implementing a pre-servicing layer that buffers incoming traffic and releases users to the booking service at a rate the DB can handle.

Optimistic Locking with Versioning: Using database-level version checks instead of heavy row-level locks to improve concurrency during seat selection.

Sidecar-based Rate Limiting: Using a service mesh (e.g., Istio) to enforce global and per-user rate limits to prevent bot-driven ticket cornering.

CDC (Change Data Capture): Using Debezium to stream successful booking events to a read-optimized PNR Search service (Elasticsearch).

Design Breakdown

Functional Requirements

Core Use Cases:

Search trains by source, destination, and date.

Check real-time seat availability across different classes.

Book tickets (Atomic transaction: payment + seat decrement).

PNR Status inquiry.

Cancel tickets and trigger refunds.

Scope Control:

In-scope: High-concurrency booking engine, seat inventory, and PNR generation.

Out-of-scope: Food catering, hotel booking, and complex route pathfinding (assume direct trains for MVP).

Non-Functional Requirements

Scale: Support 1M+ concurrent users during peak "Tatkal" hours.

Latency: Search results in < 500ms; booking confirmation (excluding payment) in < 2s.

Availability: 99.99% availability (crucial for a public utility).

Consistency: Strong Consistency for seat inventory; Eventual Consistency for PNR search/history.

Security: Bot protection (CAPTCHA/WAF) and encrypted PII.

Estimation

Traffic:

Peak Search QPS: 100,000 requests/sec.

Peak Booking QPS: 10,000 requests/sec.

Storage:

1M bookings/day * 1KB per PNR = 1GB/day.

5 years of data = ~1.8 TB (easily manageable with sharding).

Bandwidth:

Search response (10KB) * 100k QPS = 1GB/s (Requires heavy CDN and compression).

Blueprint

Concise Summary: A microservices architecture leveraging a Virtual Queue to throttle peak traffic, a Distributed Cache for seat availability reads, and a Sharded Relational Database for ACID-compliant booking transactions.

Major Components:

Virtual Waiting Room: Buffers users during peak hours to prevent backend saturation.

Search Service: High-throughput read service using Redis to serve availability.

Booking Service: Transactional service managing seat inventory and PNR generation.

Payment Gateway Orchestrator: Manages state machine for external payment flows.

Simplicity Audit: This design avoids complex graph databases for routing, focusing instead on the core scalability challenge of inventory management.

Architecture Decision Rationale:

Relational DBs are used for booking because ACID is non-negotiable for inventory.

Redis is used for availability to keep DB load low.

Kafka decouples non-critical paths like SMS/Email notifications.

High Level Architecture

Sub-system Deep Dive

Edge (Optional)

Content Delivery: Use CDN for static assets (Train schedules, UI) and GeDNS to route users to the nearest regional cluster.

Security: Mandatory WAF (Web Application Firewall) to filter out scraper bots that corner tickets. Implement CAPTCHA specifically at the "Book" button click to slow down automated scripts.

Rate Limiting: IP-based and User-ID based limits to prevent DDoS during Tatkal.

Service

Virtual Waiting Room: During peak (10 AM), all users are assigned a token. The service releases X tokens/minute based on DB health metrics (CPU/Connections).

Booking API:

POST /v1/bookings:

Request: {train_id, date, class, passenger_details}

Protocol: REST (JSON)

Idempotency: Required via idempotency_key (generated at form load).

Resilience: Use Circuit Breakers on the Payment Gateway integration. If the PG is slow, fail fast to prevent connection pool exhaustion.

Storage

Database Selection: PostgreSQL with logical sharding.

Schema (Booking Table):

pnr_id (PK, UUID)

train_id (Indexed)

journey_date (Indexed)

status (PENDING, BOOKED, CANCELLED)

seat_metadata (JSONB)

Sharding Strategy: Shard by train_id. Since bookings are train-specific, this ensures that high demand for "Train A" doesn't lock "Train B" rows.

Inventory Management: Use UPDATE seats SET count = count - 1 WHERE train_id = ? AND count > 0 to ensure atomic decrements.

Cache

Purpose: To handle the 100k QPS Search volume.

Implementation: Redis clusters storing train_id:date:class -> available_seats.

Consistency: The Booking service updates the DB first, then publishes an event to Kafka. A consumer updates Redis. Short TTL (30s) on cache entries ensures that even if an update is missed, the system self-corrects.

Messaging

Purpose: Decouple the booking completion from side effects.

Events: TICKET_BOOKED, PAYMENT_FAILED.

Consumers: Notification service (SMS/Email), Loyalty service, and Accounting/Refund service.

Technology: Kafka for high throughput and durability.

Infrastructure (Optional)

Observability: Prometheus for metrics (tracking "Booking Success Rate"). ELK stack for log analysis to detect fraud patterns.

Coordination: Use Redis-based distributed locks ONLY for critical seat allocation sections if logic becomes too complex for simple SQL updates.

Wrap Up

Advanced Topics

Consistency vs. Availability (CAP): We choose Consistency for the Booking Service. If the Database is down, we cannot book tickets. We choose Availability for the Search Service (users might see slightly stale seat counts but the system remains responsive).

Optimization (The "Hold" Pattern): When a user clicks "Book", we temporarily (2-5 mins) reserve the seat in a "PENDING" state. If payment isn't confirmed within the window, a cron job reverts the inventory.

Bottleneck Analysis: The primary bottleneck is the write-lock contention on the train_seats table.

Mitigation: Sharding by Train ID and using a Virtual Queue to flatten the spike.

Fraud/Bot Detection: During Tatkal, enforce a "cooling period" where a user can only book one ticket per IP/Account every 30 minutes.