THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Current state: Under Discussion
Discussion thread: Not yet started https://lists.apache.org/thread/hox43cslkps2mqtqo1yy441g1yo4nrjd
JIRA: https://issues.apache.org/jira/projects/KAFKA/issues/KAFKA-16081
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
For Kafka, an SSL connection occupies approximately 100KB of memory, while a plaintext connection occupies around 250 bytes, resulting in a memory footprint ratio of approximately 400:1. Therefore, there should be a limitation for SSL connections in broker wide to prevent potential OOM situations caused by an excessive number of SSL connections.
Currently, we have max.connections configuration at both the broker and listener levels, which allows allowing us to limit the maximum number of active connections on each listener and the overall broker.
However, the current implementation presents a challenge in how to effectively controlling the number of SSL connections. For example, if If we have a broker supporting 10,000 SSL connections with two SSL listeners, how to configure limit of each listener becomes an issue. For example, if how should we determine the appropriate connection limit for each listener? Should we set the connection count to 5,000 for each listener, or allocate 3,000 connections for listener A and 7,000 connections for listener B?
In other words, we cannot precisely control the total SSL connections count to be 10,000, especially if one listener is heavily used while the other has fewer connections. Furthermore,
The new configuration could work together with max.connections to control ssl and non-ssl connections. For examplemexample, set max.connections to 10000, max.ssl.connections to 5000, which means non-ssl connection radio is set at connections is litmit to 5000.
Public Interfaces
No new interfaces or will be added.
...