MDP 3.0 - Conflated TCP Market Data Group Processing
This page outlines conflated TCP market data group processing.
The Conflated TCP Market Data Group schemas utilize appended template extension. With template extension, a template is extended as an appended extension, client systems can choose to continue process the prior template version or process the new data with the new schema version.
- 1 Session Attributes
- 2 Packet Structure
- 3 Conflated MDP TCP - Initialization and Unbinding
- 4 Conflated MDP TCP - Request Messages
- 4.1 TCP MDP Request Messages and Response Messages
- 5 Conflated MDP TCP - Mid-Week Join and Recovery
- 6 Conflated TCP Messaging Examples
- 6.1 Example 1 - Successful Negotiation and Client System Initiated Termination
- 6.2 Example 2 - Negotiation Reject and CME Initiated Termination
- 6.3 Example 3 - Subscriber Heartbeat
- 6.4 Example 4 - Incomplete Negotiation and Termination
- 6.5 Example 5 - Request Messages
- 6.6 Example 6 - Message Requests with Partial Acks
- 6.7 Example 7 - Mid-Week Entitlement Change
- 6.8 Example 8 - Unsubscribe Request
- 6.9 Example 9 - Subscription Example
- 6.10 Example 10 - Recovery
Session Attributes
The conflated TCP Market Data Group uses the FIX and SBE protocol to establish and manage bi-directional sessions. A MDP TCP session is defined as a bi-directional message stream between two parties. A session will be maintained by default on a weekly basis and represented with a Universally Unique ID (UUID), which is recommended to the current timestamp. A client system can Negotiate and Terminate multiple times intra-day or at the end of each day, with the same UUID, or Negotiate the new session with a new UUID.
BrokerTec Session Access Model
The same MDP TCP Sessions can be used for U.S. markets, U.S. Treasury Actives, and U.S. Repo. The same MDP TCP Sessions can be used for EU markets, EU Repo and EGBs. The following table outlines the session access model for BrokerTec.
Example Session ID | Session Entitlement | US Actives | US Repo | EU Repo | EGBs |
|---|---|---|---|---|---|
AB | US | Yes | Yes | No | No |
XY | EU | No | No | Yes | Yes |
EBS Session Access Model
The following table outlines the conflated TCP session market access model for the EBS Market on CME Globex.
Each channel will have separate login credentials, IP and ports.
Example Session ID | Credit Screened New York (532) | Credit Screened London (533) | EBS Ultra Russian Ruble - Non Credit Screened (538) | Credit Screened OFF SEF NDF (534) |
|---|---|---|---|---|
AB - credit screened session | Yes | Yes | No | Yes |
YZ - non-credit screened session | No | No | Yes | No |
Packet Structure
The encoded FIX transmission for the CME MDP Conflated TCP market data group is sent in a packet structured. The following diagram shows the structure of an SBE-encoded message for the conflated TCP market data group:
The following table outlines the packet concepts in the diagram above:
Packet Header (14 bytes) | Message Header (10 bytes) | SBE Message (Variable Length) |
|---|---|---|
Encoding Type: 2 bytes
| Message Size: 2 bytes
| Customer to CME Globex Messages Examples:
|
Sequence: 4 bytes
| Block Length: 2 bytes
| CME Globex to Customer Messages Examples:
|
Sending Time: 8 bytes
| TemplateID: 2 bytes
|
|
| SchemaID: 2 bytes
|
|
| Version: 2 bytes
|
|
Conflated MDP TCP - Initialization and Unbinding
Conflated MDP TCP uses the FIX protocol via Simple Binary Encoding (SBE) to establish and manage bi-directional sessions. A session is defined as a bi-directional stream of ordered messages between two parties. Conflated MDP TCP accepts one connection per session ID.
For more information regarding encoding and decoding SBE messages consult the MDP 3.0 - Simple Binary Encoding topic.
Conflated MDP TCP does not support session layer re-transmit request functionality.
TCP MDP Session Messages
TCP MDP session messages are summarized as follows.
Stage | Message Name | Template Name | From | To | Purpose |
|---|---|---|---|---|
Initialization | Negotiate | Negotiate200 | Client System to CME Globex | Initiates connection |
Negotiation Response | NegotiationResponse202 | CME Globex to Client System | Accepts connection | |
Negotiation Reject | NegotiationReject201 | CME Globex to Client System | Rejects connection | |
Unbinding | Terminate | Terminate203 | Client System to CME Globex | Disconnect connection |
| ||||
CME Globex to Client System |
Universally Unique Identifier (UUID)
Each session established at the start of the week, intra-day, or at the beginning of each trading day is represented with a unique UUID value set by the customer as a 64-bit value. CME Group recommends using the system timestamp, which represents the number of microseconds since the epoch (Jan 1, 1970) as the timestamp.
Session Security
The customer will authenticate a TCP MDP session by digitally signing the Negotiate message using a hashed message authentication code (HMAC). In general, the customer interaction with CME will be as follows:
Customer logs into the CME Self Service Portal using 2-factor authentication over a secure channel (HTTPS).
CME generates a pair of cryptographically random keys—an Access Key and a Secret Key—for the customer. The keys are provided to the customer and also securely stored in a secure vault with CME.
Customer connects to MDP TCP and sends a digitally signed Negotiate message. The digital signature is generated using a hashed message authentication code (HMAC) based on the contents of the message and the Secret Key and is included in the Negotiate message sent to CME.
CME processes the Negotiate message and calculates the digital signature using the same HMAC-based process, and compares the calculated signature with the signature provided on the customer's Negotiate message. If the signatures match, the Negotiate message is authentic and validates that the sender has the Secret Key.
The details of calculating the digital signature are described below.
CME MDP Conflated TCP uses the same HMAC methodology as iLink 3.
Steps to Sign a Login Request to MDP TCP
Create the canonical Negotiate message
Create Signature Using the Secret Key and Canonical FIX Message
Populate Signature in the Credentials Field
Step 1 - Create the Canonical FIX Message
Concatenate these fields into a single String delimited by the newline character (ie. '\n');
The required fields in Negotiate message are:
RequestTimestamp
UUID
SessionID
FirmID
Step 2 - Create Signature Using the Secret Key and Canonical FIX Message
The signature is a hash (digest) of the canonical message created in Step 1 using the Secret Key provided by CME.
The Secret Key downloaded from Request Center is Base64 URL Encoded. Customers must decode the secret key first.
Example of Creating Signature Using HMAC SHA256 in Java 8+
The HMAC signature is populated in a fixed length string field (i.e. String32Req) since SHA-256 signature is always 32 bytes.
While real logic provides two options to encode this field—as a string and as a byte array—the byte array option should be used.
Encoding options for SHA-256 (256 bits long):
Base64URL encoding FIX ASCII: 6 bits per char = CHAR(44)including padding character
Hex: 4 bits per char = CHAR(64)
HEX example → 617633EFEF2F98DCA32DD3BD8407122B9B375CF4BC076930F24C1F7A0F930094
Binary: 8 bits per byte = BINARY(32)
Binary example → byte array:[97, 118, 51, -17, -17, 47, -104, -36, -93, 45, -45, -67, -124, 7, 18, 43, -101, 55, 92, -12, -68, 7, 105, 48, -14, 76, 31, 122, 15, -109, 0, -108]
The signature should be encoded as a byte array.
Signature calculation in Java:
public byte[] calculateHMAC(final String canonicalRequest, final String userKey) { byte[] hash = null;
try { // Init HMAC instance Mac sha256HMAC; sha256HMAC = Mac.getInstance("HmacSHA256");
// Initialize HMAC instance with the key // Decode the key first, since it is base64url encoded
byte[] decodedUserKey = Base64.getUrlDecoder().decode(userKey); SecretKeySpec secretKey = new SecretKeySpec(decodedUserKey, "HmacSHA256"); sha256HMAC.init(secretKey);
// Calculate HMAC hash = sha256HMAC.doFinal(canonicalRequest.getBytes("UTF-8"));
} catch (NoSuchAlgorithmException | InvalidKeyException | IllegalStateException | UnsupportedEncodingException e) { e.printStackTrace(); }
return hash; }
}
Step 3 - Populate Signature in the Credentials Field
Populate the Signature from Step 2 into the HMACSignature field.
Session Negotiation
An MDP TCP session connection is initiated by the customer using a Negotiation message. The UUID must be sent in the Negotiation message and that ID is used for the lifetime of the session. Negotiation is provided as a mechanism used for the customer to declare what ID they will be using. There is no concept of resetting a session. Instead of starting over a session, a new session is negotiated with a new UUID.
The following required string fields cannot contain empty bytes:
HMACSignature
AccessKeyID
Session
Firm
UUID
The following field will be checked for boundary conditions:
RequestTimestamp
The customer should send a Negotiate message to the exchange and await acknowledgment.
When Negotiate message from customer is accepted by CME, then CME will return a Negotiation Response.
When Negotiate message from customer is rejected by CME, then CME will return a Negotiation Reject.
If no response is forthcoming from the exchange after two 30 second heartbeat intervals have lapsed then Negotiation can be retried or out-of-band inquiry may be made to determine application readiness.
If a client system sends a message before a connection has been authenticated and an acknowledgment has sent, the client system will receive a Terminate message from the gateway.
Heartbeat
The client system must send a heartbeat within the heartbeat interval of 30 seconds via template SubscriberHeartbeat210. The Conflated MDP TCP Gateway will send a heartbeat via template AdminHeartbeat12 if there is no market activity. Client systems not sending a heartbeat after two heartbeat intervals will be disconnected.
Unbinding
Termination
The Terminate message is used to signal that the sender is going to disconnect the TCP socket connection. The Terminate message initiates the termination of a FIX session. Once a FIX connection has been terminated, Subscription requests and book states are reset.
Conflated MDP TCP - Request Messages
The following section outlines request message market data functionality provided by CME Globex. Once the client system has established a FIX session, client systems may send request messages. Subscription requests only apply to their respective channels.
TCP MDP Request Messages and Response Messages
Conflated MDP TCP payload messages are summarized as follows.
Message Name | FIX Tags | Template Name | From | To | Purpose |
|---|---|---|---|---|
Security List Request Message | 35-MsgType=x | SecurityListRequest208 | Client System to CME Globex | Allows late joiners to recover all instruments or to recover any new / updates to instruments that may have been missed in the event of a lost connection. |
Security Status Request Message | 35-MsgType=g | SecurityStatusRequest209 | Client System to CME Globex | Allows joiners to recover market status messages or to recover any new / updates to market status that may have been missed in case of the lost connection. |
Market Data Request Message | 35-MsgType=V | MarketDataRequest205 | Client System to CME Globex | Sent by client systems to recover the current state via the Market Data Snapshot Recovery Message (35=W) and receive all subsequent message type updates for the subscribed instruments or security groups. |
Request Acknowledgment | 35-MsgType=V | RequestAck206 | CME Globex to Client System | Indicates whether a client system request was fully or partially acknowledged. |
Request Reject | tag 35-MsgType=Y | RequestReject207 | CME Globex to Client System | Sent to client systems as a reply to any type of request that is fully rejected. |
Client System to CME Globex Request Messages
Request messages allow Conflated TCP client systems to recover and to subscribe to instruments or security groups. Specific request message ordering is not required. Client systems are required to be in Negotiated status before any requests are processed, otherwise the connection is Terminated. Subscription requests and book states are reset at session disconnection. Therefore, subscriptions and books must be rebuilt must be reestablished after TCP reconnection and successful Negotiation. Message responses to request messages maintain the original tag 60-TransactTime of when the message was initially sent.
EBS Conflated TCP subscription requests are subject to messaging controls. See MDP TCP Messaging Controls for more information.
Security List Request Message (tag 35-MsgType=x)
The Security List Request message (tag 35-MsgType=x) is a request message that allows client systems to recover all security definition (tag 35-MsgType=d) messages and to subscribe to any subsequent updates to security definition messages. All Security List Request messages must include a unique ID in tag 262-MDReqID. The MDReqID is used to identify the response message. On Conflated TCP market data groups, expired instruments will be removed after the market close.
The Subscription Request Type (tag 263-SubscriptionReqType) indicates the type of response expected:
Snapshot (tag 263-SubscriptionReqType=0) - Provides a current list of security definition (tag 35-MsgType=d) messages offered on the channel
Snapshot and updates (tag 263-SubscriptionReqType=1) - Provides a current list of security definition (tag 35-MsgType=d) messages offered on the respective channel and a subscription to subsequent security definition updates
Unsubscribe (tag 263-SubscriptionReqType=2) - Unsubscribes previous subscription.
Requests can be made at the security group (tag 1151-SecurityGroup) level or the instrument (tag 48-SecurityID) level. The security repeating group (tag 37022-NoSecurityGroups) should be equal to zero when a subscription is requested for all groups on the segment or individual Security IDs. The instrument repeating group (tag 146-NoRelatedSym) is the number of instruments requested. When NoSecurityGroups is greater than zero, the NoRelatedSym should be zero. If both NoSecurityGroup and NoRelatedSym are equal to zero then the request will be for all entitled groups.
After sending a Snapshot (tag 263-SubscriptionReqType=0) or Snapshot and updates (tag 263-SubscriptionReqType=1) message, the gateway will mark the End of Event (bit 7 equal to 1 via tag 5799-MatchEventIndicator) on the last message. After the End of Event is received, client systems may expect to receive heartbeats or further messaging related to the subscription. For Security List Requests, the original 60-LastUpdateTime denotes when the instrument added or an update was last sent.
Example Security List Request Message (tag 35-MsgType=x)
Tag | FIX Name | Tag Value |
|---|---|---|
262 | MDReqID | 679 |
263 | SubscriptionReqType | 1 (Snapshot and updates) |
Repeating Group 1 (NoSecurityGroups=0) | ||
Repeating Group 2 (NoRelatedSym=4) | ||
48 | SecurityID | 30027 |
48 | SecurityID | 141645 |
48 | SecurityID | 228219 |
48 | SecurityID | 467123 |
Security Status Request Message (tag 35-MsgType=g)
The Security Status Request message (tag 35-MsgType=g) allows client systems to recover all security status (tag 35-MsgType=f) messages and to subscribe to any subsequent updates to security status messages. All Security Status Request messages must include a unique ID in tag 262-MDReqID. The MDReqID is used to identify the response message.
The Subscription Request Type (tag 263-SubscriptionReqType) indicates the type of response expected:
Snapshot (tag 263-SubscriptionReqType=0) - Provides a current list of security status messages (tag 35-MsgType=f) offered on the channel
Snapshot and updates (tag 263-SubscriptionReqType=1) - Provides a current list of security status messages (tag 35-MsgType=f) offered on the channel and a subscription to subsequent security status updates
Unsubscribe (tag 263-SubscriptionReqType=2) - Unsubscribes previous subscription.
Requests can be made at the security group (tag 1151-SecurityGroup) level or the instrument (tag 48-SecurityID) level. The security repeating group (tag 37022-NoSecurityGroups) should be equal to zero when a subscription is requested for all groups on the segment or individual Security IDs. The instrument repeating group (tag 146-NoRelatedSym) is the number of security status messages requested. When NoSecurityGroups is greater than zero, the NoRelatedSym should be zero. If both NoSecurityGroup and NoRelatedSym are equal to zero then the request will be for all entitled groups.
After sending a Snapshot (tag 263-SubscriptionReqType=0) or Snapshot and updates (tag 263-SubscriptionReqType=1) message, the gateway will mark the End of Event (bit 7 equal to 1 via tag 5799-MatchEventIndicator) on the last message. After the End of Event is received, client systems may expect to receive heartbeats or further messaging related to the subscription.
Example Security Status Request Message (tag 35-MsgType=g)
Tag | FIX Name | Tag Value |
|---|---|---|
262 | MDReqID | 8 |
263 | SubscriptionReqType | 0 (Snapshot) |
Repeating Group 1 (NoSecurityGroups=0) | ||
Repeating Group 2 (NoRelatedSym=3) | ||
48 | SecurityID | 9201 |
48 | SecurityID | 368213 |
48 | SecurityID | 577121 |
Market Data Request Message (tag 35-MsgType=V)
The Market Data Request message (tag 35-MsgType=V) is a request message that allows client systems to recover the current state of Market By Price (MBP) books in the Snapshot Full Refresh message (tag 35-MsgType=W) and subscribe to all subsequent messages applicable to the session. The Snapshot Refresh Message is sent via SBE template SnapshotRefreshTopOrders59.
How was your Client Systems Wiki Experience? Submit Feedback
Copyright © 2024 CME Group Inc. All rights reserved.