This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • KIP-308: Support dynamic update of max.connections.per.ip/max.connections.per.ip.overrides configs
Skip to end of metadata
Go to start of metadata


Status

Current state"Accepted"

Discussion thread: here

JIRA: here

Released: 2.1.0

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

KIP-226 added support for dynamic update of  broker configuration.  In this KIP, we propose to extend the support to dynamic update of max.connections.per.ip/max.connections.per.ip.overrides configs. This will be useful  in the situations where a particular host (or set of hosts) is causing some trouble for the brokers.  Administrators can dynamically update these configs to restrict the connections coming from faulty hosts (or)  enable connections only from allowed hosts.

Proposed Changes

Use case: To restrict the connections coming from faulty clients/hosts  (or) to configure IP-based filtering of incoming connections (max.connections.per.ip  = 0 and valid max.connections.per.ip.overrides config value)

Config scope: Default for whole cluster (/configs/brokers/<default>)

Config options:

max.connections.per.ip
max.connections.per.ip.overrides

Dynamic update changes:

SocketServer ConnectionQuotas will be updated with the new values. Existing connections will not be affected, restrictions will be applied on
new connection creations.

Compatibility, Deprecation, and Migration Plan

  • There won't be any impact on existing users.
  • There won't be any change of current behavior.
  • No migration tool required

Rejected Alternatives


  • No labels