Return-Path: X-Original-To: apmail-kafka-dev-archive@www.apache.org Delivered-To: apmail-kafka-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AB2D2F8C2 for ; Wed, 20 Mar 2013 00:59:15 +0000 (UTC) Received: (qmail 6995 invoked by uid 500); 20 Mar 2013 00:59:15 -0000 Delivered-To: apmail-kafka-dev-archive@kafka.apache.org Received: (qmail 6922 invoked by uid 500); 20 Mar 2013 00:59:15 -0000 Mailing-List: contact dev-help@kafka.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kafka.apache.org Delivered-To: mailing list dev@kafka.apache.org Received: (qmail 6882 invoked by uid 99); 20 Mar 2013 00:59:15 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2013 00:59:15 +0000 Date: Wed, 20 Mar 2013 00:59:15 +0000 (UTC) From: "Jonathan Creasy (JIRA)" To: dev@kafka.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (KAFKA-656) Add Quotas to Kafka MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/KAFKA-656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13607129#comment-13607129 ] Jonathan Creasy commented on KAFKA-656: --------------------------------------- Obviously a work in progress. https://cwiki.apache.org/confluence/display/KAFKA/KAFKA-656+-+Quota+Design > Add Quotas to Kafka > ------------------- > > Key: KAFKA-656 > URL: https://issues.apache.org/jira/browse/KAFKA-656 > Project: Kafka > Issue Type: New Feature > Components: core > Affects Versions: 0.8.1 > Reporter: Jay Kreps > Labels: project > > It would be nice to implement a quota system in Kafka to improve our support for highly multi-tenant usage. The goal of this system would be to prevent one naughty user from accidently overloading the whole cluster. > There are several quantities we would want to track: > 1. Requests pers second > 2. Bytes written per second > 3. Bytes read per second > There are two reasonable groupings we would want to aggregate and enforce these thresholds at: > 1. Topic level > 2. Client level (e.g. by client id from the request) > When a request hits one of these limits we will simply reject it with a QUOTA_EXCEEDED exception. > To avoid suddenly breaking things without warning, we should ideally support two thresholds: a soft threshold at which we produce some kind of warning and a hard threshold at which we give the error. The soft threshold could just be defined as 80% (or whatever) of the hard threshold. > There are nuances to getting this right. If you measure second-by-second a single burst may exceed the threshold, so we need a sustained measurement over a period of time. > Likewise when do we stop giving this error? To make this work right we likely need to charge against the quota for request *attempts* not just successful requests. Otherwise a client that is overloading the server will just flap on and off--i.e. we would disable them for a period of time but when we re-enabled them they would likely still be abusing us. > It would be good to a wiki design on how this would all work as a starting point for discussion. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira