Versions Compared

Old Version 3

changes.mady.by.user Rajini Sivaram

Saved on

compared with

New Version 4

changes.mady.by.user Rajini Sivaram

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.

Status

Current state[One of "Under Discussion", "Accepted", "Rejected"]

Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]

JIRA: here [Change the link from KAFKA-1 to your own ticket]3492

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Describe the problems you are trying to solve.

Public Interfaces

Briefly list any new interfaces that will be introduced as part of this proposal or any existing interfaces that will be removed or changed. The purpose of this section is to concisely call out the public contract that will come along with this feature.

A public interface is any change to the following:

KIP-13 introduced client quotas in Kafka 0.9.0.0. Rate limits on producers and consumers are enforced to prevent clients saturating the network or monopolizing broker resources. The current implementation allocates quotas to client-ids. This works well in single user clusters or clusters that use PLAINTEXT where all users have the same identity. But since client-id is unauthenticated and can be set to any value by the client, multi-user secure installations require quotas to be enforced for authenticated principals to guarantee fair allocation of resources and prevent denial-of-service.

This KIP addresses the following extensions to the existing implementation:

  1. The option to apply quotas based on authenticated principal instead of client-id. This prevents users generating heavy traffic from monopolizing resources and impacting the performance of other users in a multi-user cluster.
  2. Sub-quotas for clients of an authenticated user.  Like the current client-id implementation, this enables a user to rate-limit some producers or consumers to ensure that they don’t impact other more critical clients.  For instance, users may be able to rate-limit an auditing client running in the background, leaving resources always available for a critical event processing client.


Public Interfaces

Configuration Options

A configuration option quota.secure will be added to choose between the existing client-id based implementation and the new authenticated-principal based implementation.  The default value will be false to be consistent with Kafka 0.9.0.x.

The default quota configs will apply to authenticated users if quota.secure is true.

  • quota.producer.default: If quota.secure=false, this is the default producer quota for each unique client- id. Otherwise, this is the default quota for each authenticated principal.
  • quota.consumer.default: If quota.secure=false, this is the default consumer quota for each client-id. Otherwise, this is the default quota for each authenticated principal.

Metrics

When quota.secure=true, quota related metrics will be generated for the authenticated principal rather than client-ids.

Tools

kafka-configs.sh will be extended to support authenticated user quotas and sub-quotas for users of a client.  A new entity type “users” will be added.  The key-value pairs supported for users will be:

  • producer_byte_rate=p : The total rate limit for the user’s producers set to p MB/sec
  • consumer_byte_rate=c : The total rate limit for the user’s consumers set to c  MB/sec
  • client_producer_byte_rates=clientA:pA,clientB:pB : The rate limit for the user’s producers with client-id clientA is set to pA MB/sec
  • client_consumer_byte_rates=clientA:cA,clientB:cB : The rate limit for the user’s consumers with client-id clientA is set to cA MB/sec

  • Binary log format

  • The network protocol and api behavior

  • Any class in the public packages under clientsConfiguration, especially client configuration

    • org/apache/kafka/common/serialization

    • org/apache/kafka/common

    • org/apache/kafka/common/errors

    • org/apache/kafka/clients/producer

    • org/apache/kafka/clients/consumer (eventually, once stable)

  • Monitoring

  • Command line tools and arguments

  • Anything else that will likely break existing users in some way when they upgrade

Proposed Changes

Describe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.

...