...
- It does not modify the message decoding logic on the client. That is, the client is not trying to identify a failed SSL handshake by forward-reading a message. Indeed, doing so would affect the code path for all messages, thus would be likely introducing a better-avoided overhead;
- It introduces minimal change in the codebase. Because this functionality is already implemented server-side and the client uses the same network-level classes as the server, propagating the value of this new property is a minimal-impact, low-risk change. It is also fully transparent from a server perspective.
- It is intended to exhibit no change in behaviour for the existing clients, as long as the default value for the maximum allowed size is above that of any valid message (note: need to check this).
This proposal appears to come with multiple drawbacks, some of which may be considered as red flags.
Incorrect failure mode
As was experimented and as can be seen as part of the integration tests, when an invalid size is detected and the exception InvalidReceiveException
is thrown, consumers and producers keeps retrying until the poll timeout expires or the maximum number of retries is reached. This is incorrect if we consider the use case of protocol mismatch which motivated this change. Indeed, producers and consumers would need to fail fast as retries will prolonged the time to remediation from users/administrators.
Limited scope
The proposed change cannot provide an definite guarantee against OOM in all scenarios - for instance, it will still manifest if the maximum size is set to 100 MB and the JVM is under memory pressure and have less than 100 MB of allocatable memory.
Potential
...
confusing
- The name
max.response.size
intends to mirror the existingmax.request.size
from the producer's configuration properties. However,max.request.size
intends to check the size of producer records as provided by a client; whilemax.response.size
is to check the size directly decoded from the network according to Kafka's binary protocol. - On the broker, the property
socket.request.max.bytes
is used to validate the size of messages received by the server. The new property serves the same purpose, which introduces duplicated semantic, even if one property is characterised with the keyword "request" and the other with "response", in both cases reflecting the perspective adopted from either a client or a server.
...