Question
Design the replication layer for a small but critical financial ledger: append-only double-entry transactions, strict serializability required, zero tolerance for lost or reordered committed entries, deployed across 3 availability zones in one region. Throughput is modest (~10k tx/sec) but every committed transaction must survive the loss of any single AZ with no data loss, and writes must remain available as long as a majority of AZs are up. Reads must be linearizable. Describe the consensus/replication protocol, how commit and leader failover work, and the central trade-off.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.