You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Status

Current state: Under discussion.

Discussion thread: here  (Not happening yet)

JIRA: here

Motivation

Currently, clients would fail if DNS resolution fails. The application owner will either need to implement retry logic or manually restart the application. This is inconvenient and hard to handle because:

  1. Failed DNS resolution throws a ConfigException, which is not descriptive of the actual problem (the message is fine, but the exception type is misleading); unless the developer tries to parse and match the error message.

  2. It can take minutes before the bootstrap server is registered to the DNS server, and it is reasonable to allow clients to continue to retry.

Public Interfaces

  • Users can catch a NetworkException and retry. (Remove the ConfigException)
  • Several logging (warn) around failing DNS resolution will be removed.
  • DNS lookup will happen on the first poll.

Proposed Changes

Remove the DNS lookup in the client constructor and delegate this task to the NetworkClient poll method, which means the clients won't attempt to resolve for DNS upon starting.

Changes

  • Client Constructor: Only parse the bootstrap config and validate its format there

  • Bootstrap Connection Timeout: A timeout configuration for connecting to the bootstrap server.

  • NetworkClient:

    • Bootstrapping should now occur in the poll method before attempting to update the metadata. This includes resolving the addresses and bootstrapping the metadata.

    • Logs an error message with failed bootstrap process

    • If the timeout exceeds, throw a BootstrapConnectionException, which is non-retriable 

Configuration Change

bootstrap.connection.timeout.ms

The amount of time clients can try to establish a connection to the bootstrap server and resolve for the IP address. If the time exceeds this value, a BootstrapConnectionException will be thrown.

Note: the default value is up for discussion. It can be 0, which is the same as the current behavior.  Exit upon the first retry.

Type:long
Default:300000 (5 minutes)
Valid Values:0 - LONG_MAX
Importance:high

New Error Type

Name: BootstrapConnectionException extends KafkaException

Message: "Unable to establish a connection to the bootstrap server in {}ms."

Type: Non-retriable.

Compatibility, Deprecation, and Migration Plan

  • Client Behaviors

    • Clients won’t attempt to resolve the bootstrap addresses upon initialization.

    • Clients won’t exit fatally if DNS resolution fails.

    • KafkaConsumer: Users must poll to retry the lookup if it fails.

    • KafkaAdminClient: Users will need to resend the request if failing.

    • KafkaProducer: The sender loop should already be polling continuously.

    Exception Handling

    • Failed DNS resolution will result in NetworkException

Case Study

To help illustrate the proposed changes, we provide some examples of how clients might behave in different scenarios.

KafkaConsumer

Case 1: Unable to connect to the bootstrap (For example: misconfiguration)

Suppose the user instantiates a KafkaConsumer with an invalid bootstrap config. When the user invokes assign() and starts poll(), the poll() method will continue to return empty ConsumerRecords and log a warning message.

The user can continue to retry for the configured duration. After the bootstrap timeout expires, the client will throw a BootstrapConnectionException.

Case 2: Transient Network Issue (For example: transient DNS failure)

Now, suppose the user instantiates a KafkaConsumer with a valid bootstrap config, but there is a transient network issue, such as slow DNS resolution.

When the user starts poll(), the poll() method will return an empty ConsumerRecord and log a warning message.

The user can continue to retry, and the network issue will be successfully resolved after some time. The KafkaConsumer will then continue to function normally.

KafkaProducer

Case 1: Unable to connect to the bootstrap (For example: misconfiguration)

  1. The user instantiated the client with an invalid bootstrap config.
  2. As the sender thread starts running, a WARN message is logged.
  3. If the user tries to produce messages:
    1. The producer callback may be completed with TimeoutException until the bootstrap timeout runs out.
  4. A WARN message will be log every time the sender tries to bootstrap.
  5. Eventually, a BootstrapConnectionException is thrown.

Case 2: Transient Network Issue (For example: transient DNS failure)

  1. The user instantiated the client.
  2. As the sender thread starts running, a WARN message is logged upon trying to bootstrap the client.
  3. Suppose the network issue is resolved before the user tries to produce a message. Only the WARN messages will be logged.
  4. If the user tries to produce a message before the issue is resolved:
    1. The sender callback will be completed with TimeoutException if the network issue persists.
    2. The send is completed normally if the issue is resolved before exhausting the max.block.ms.

AdminClient

Case 1: Unable to connect to the bootstrap (For example: misconfiguration)

  1. The user instantiates a new admin client.
  2. If the user makes admin client API calls:
    1. If the API timeout before the bootstrap timeout expires, a TimeoutException will be thrown upon invoking .get()
    2. If the bootstrap timeout expires, a BootstrapConnectionException will be thrown.
    3. Any API calls will not be completed.

Case 2: Transient Network Issue (For example: transient DNS failure)

  1. The user instantiates a new admin client.
  2. If the API timeout before the connection is resolved, a TimeoutException will be thrown upon invoking .get() for the API call results
  3. Eventually, the API calls should go through.

Test Plan

  1. NetworkClient

    1. Test DNS resolution upon its initial poll

    2. Test if the right exception type is thrown

  2. Existing clients (Consumer, Producer, AdminClient)

    1. Test successful bootstrapping upon retrying

Rejected Alternatives

  1. Allow the application owner to specify a retry period. The clients will fail after exceeding the timeout. The default set to 0s, which makes retry an opt-in config.

    1. Pros: Allows users to have more control over how long to retry

    2. Cons: Require a new config; client instantiation can block.

  2. No retry. Let the application owner handle the DNS resolution exception. This means we would still throw a DNSLookupException upon failing.

    1. Pros: No additional config is needed

    2. Cons: This is a behavioral change, and the application owner might need to rewrite the exception handling, i.e. catching the DNS failure logic.

  3. Not throwing an exception but letting NetworkClient retry on poll.
    1. Pros: No compatibility break. No additional exception handling logic, the network client will just log the error and continue to retry upon the next poll
    2. Cons: The discussion thread mentioned that it wouldn't fail upon starting.
  • No labels