You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Status

Current state: Under Discussion

Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]

JIRA: here [Change the link from KAFKA-1 to your own ticket]

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Kafka brokers support quotas that enforce rate limits to prevent clients saturating the network or monopolizing broker resources. Fetch/Produce quotas can be configured to limit network bandwidth usage and Request quotas can be configured to limit CPU usage (network and I/O thread time). Client quotas may be configured at <user, client-id>, <user> or <client-id> levels and defaults may be defined at each level. For any request, the most specific quota configuration that matches the (user, client-id) of the request is applied.

Quotas are configured using the tool kafka-configs.sh, which persists quotas in ZooKeeper. Brokers watch quota configuration in ZooKeeper and enforce the currently configured quota for each request. All brokers use the same quota configuration.

Kafka currently does not support customization of quota allocation. In some scenarios, customization of quota limits will be useful.

Scenarios

  1. Kafka brokers currently group clients based on user principal and/or client-id for quota enforcement. If quotas are configured at <user, client-id> level, all requests that share the user principal and client-id will share the quota. If quotas are configured at <user> level, all requests that share the user principal share that quota (and similarly for <client-id>). In some scenarios, it is useful to define a quota group that combines multiple user principals and/or client-ids. All the requests from the group may then share a single quota.
  2. Some clients may have access only to a few topics which are hosted on a subset of brokers. The load from these clients will be mostly on the subset of brokers that are leaders of that subset of topic partitions. Rather than allocate a fixed quota for these clients on each broker, it will be useful to have quotas that are proportional to the number of partitions used by the client that are hosted on the broker. Since partition leaders may change dynamically, it will be better to compute quotas at runtime rather than update ZooKeeper with new quotas whenever partition leaders change.

Goals

  • Enable quotas to be customized using a configurable callback.
  • Ensure that the callback interface will not prevent us from adding new levels of quotas in future. For example, we may want to introduce the concept of user groups. It should be possible to handle groups in a consistent way for ACLs as well as quotas using the Authorizer interface and the new quota callback interface respectively.
  • Enable custom callbacks to access quotas configured in ZooKeeper easily so that existing tools can be used to manage persisted quota configuration if required.
  • Enable custom callbacks to track partition leaders easily to support partition-based quotas so that callbacks dont need access to ZooKeeper.

Public Interfaces

Broker Configuration Option

A new broker property will be added to configure a callback for determining client quotas (Fetch/Produce/Request quotas). This will be a dynamic broker configuration option that can be updated without restarting the broker. This KIP does not propose to add custom callbacks for replication quotas, but we could add one in future if a requirement arises.

  • Name: client.quota.callback
  • Type: CLASS
  • Description: The fully qualified name of a class that implements the ClientQuotaCallback interface, which is used to determine quota limits applied to client requests. By default, <user, client-id>, <user> or <client-id> quotas stored in ZooKeeper are applied. For any given request, the most specific quota that matches the user principal of the session and the client-id of the request is enforced by every broker.

New Interfaces

 

The following new public classes/traits will be introduced in the package kafka.quota (in the Kafka core project).

The quota types supported for the callback will be Fetch/Produce/Request.

 

 

Quota types
object ClientQuotaType  {
  case object Fetch extends ClientQuotaType
  case object Produce extends ClientQuotaType
  case object Request extends ClientQuotaType
}
sealed trait ClientQuotaType

 

 ClientQuotaCallback must be implemented by custom callbacks. It will also be implemented by the default quota callback.

Client Quota Callback
trait ClientQuotaCallback extends Configurable {

  /**
    * Quota callback invoked to determine the quota limit to be applied for a request.
    * 
    * @param session The session for which quota is requested
    * @param clientId The client id associated with the request
    * @param quotaType Type of quota requested
    *                  
    * @return the quota including the limit and metric tags that indicate which other entities share this quota
    */
  def quota(session: Session, clientId: String, quotaType: ClientQuotaType): ClientQuota

  /**
    * Metadata update callback that is invoked whenever UpdateMetadata request is received from
    * the controller. This is useful if quota computation is takes partitions into account.
    * 
    * @param partitions Partitions and their metadata including partition leader
    */
  def updatePartitionMetadata(partitions: Map[TopicPartition, PartitionMetadata]): Unit

  /**
    * Quota configuration update callback that is invoked whenever quota configuration in ZooKeeper
    * is updated. This is useful to track configured quotas if the built-in quota configuration tools
    * are used.
    * 
    * @param quotaEntity The quota entity for which quota is being updated.
    * @param quotaType Type of quota being updated.
    * @param newValue The new quota value. If None, the quota configuration for `quotaEntity` is deleted.
    */
  def updateQuota(quotaEntity: ClientQuotaEntity, quotaType: ClientQuotaType, newValue: Option[Double]) : Unit

  /**
    * Closes this instance.
    */
  def close(): Unit
}

 

The quota returned by the callback should include the quota limit as well the metric tags to be used. These tags determine which entities share the quota.

By default the tags "user" and "client-id" will be used for all quota metrics. When <user, client-id> quota config is used, user tag is set to user principal of the session and client-id tag is set to the client-id of the request. If <user> quota config is used, user tag is set to user principal of the session and client-id tag is set to empty string. Similarly, if <client-id> quota config is used, the user tag is set to empty string. This ensures that quotas are shared by all requests that match the quota config.

ClientQuota
/**
  * Client quota returned by `ClientQuotaCallback`.
  *
  * @param quotaLimit The quota bound to be applied
  * @param metricTags The tags to be added to the quota metric for this request. All entities
  *                   which share `metricTags` share the `quotaLimit`
  */
case class ClientQuota(quotaLimit: Double, metricTags: Map[String, String])

 

When quota configuration is updated in ZooKeeper, quota callbacks are notified of configuration changes. Quota configuration entities can be combined to define quotas at different levels.

ClientQuotaEntity
object QuotaConfigEntityType  {
  case object User extends QuotaConfigEntityType
  case object ClientId extends QuotaConfigEntityType
  case object DefaultUser extends QuotaConfigEntityType
  case object DefaultClientId extends QuotaConfigEntityType
}
sealed trait QuotaConfigEntityType

trait QuotaConfigEntity {
  def name: String
  def entityType: QuotaConfigEntityType
}

/**
  * The metadata for an entity for which quota is configured. Quotas may be defined at
  * different levels and `configEntities` gives the config entities that define the level.
  * For example, if quota is configured for <userA, clientB>, `configEntities` will be
  * List(userA, clientB). For <clientC> quota, 'configEntities` will be List(clientC).
  */
trait ClientQuotaEntity {
  def configEntities: List[QuotaConfigEntity]
}

 

When partition leaders change, controller notifies brokers using UpdateMetadata request. Quota callbacks are notified of metadata changes so that callbacks that base quota computation on partitions have access to the current metadata.

Partition Metadata
/**
  * Partition metadata that may be used in quota computation. This is provided
  * by the broker when UpdateMetadata request is received from the controller.
  */
trait PartitionMetadata {
  def leader: Int
}

 

Proposed Changes

ClientQuotaManager and ClientRequestQuotaManager will be updated to move quota configuration management into a new class DefaultQuotaCallback class that implements ClientQuotaCallback. If a custom callback is not configured, DefaultQuotaCallback will be used.

If a custom callback is configured, it will be instantiated when the broker is started. DynamicBrokerConfig will be updated to handle changes to the callback. KafkaApis will invoke quotaCallback.updatePartitionMetadata when UpdateMetadata request is received from the controller. This will be ignored by the default quota callback. When ConfigHandler invokes ClientQuotaManager.updateQuota to process dynamic quota config updates, quotaCallback.updateQuota will be invoked. The existing logic to process quota updates will be moved to the default quota callback.

Compatibility, Deprecation, and Migration Plan

  • What impact (if any) will there be on existing users?

None, the current behaviour will be retained as default.

Rejected Alternatives

Introduce new quota management options instead of a callback

We could implement different quota algorithms in Kafka and support quota groups, partition-based quotas etc. But this would require Kafka to manage these groups, mapping of users to partitions etc, increasing the complexity of the code. Since it will be hard to include support for all possible scenarios into the broker code, it will be simpler to make quota computation configurable. This also enables the computation to be altered dynamically since the new option will be a dynamic broker config.

Enable management of client quotas and replication quotas using a single callback interface

The configuration and management of replication quotas are completely separate in the broker. Since the configuration entities are different, it will be simpler to keep them separate. It is not clear if there are scenarios that require custom replication quotas, so this KIP only addresses client quotas.

 

  • No labels