Current state"Accepted"

Discussion thread: here

JIRA: here

Released: 2.1.0

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).


KIP-226 added support for dynamic update of  broker configuration.  In this KIP, we propose to extend the support to dynamic update of max.connections.per.ip/max.connections.per.ip.overrides configs. This will be useful  in the situations where a particular host (or set of hosts) is causing some trouble for the brokers.  Administrators can dynamically update these configs to restrict the connections coming from faulty hosts (or)  enable connections only from allowed hosts.

Proposed Changes

Use case: To restrict the connections coming from faulty clients/hosts  (or) to configure IP-based filtering of incoming connections (max.connections.per.ip  = 0 and valid max.connections.per.ip.overrides config value)

Config scope: Default for whole cluster (/configs/brokers/<default>)

Config options:


Dynamic update changes:

SocketServer ConnectionQuotas will be updated with the new values. Existing connections will not be affected, restrictions will be applied on
new connection creations.

Compatibility, Deprecation, and Migration Plan

  • There won't be any impact on existing users.
  • There won't be any change of current behavior.
  • No migration tool required

Rejected Alternatives

  • No labels