Return-Path: X-Original-To: apmail-kafka-dev-archive@www.apache.org Delivered-To: apmail-kafka-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EA61DEE16 for ; Tue, 26 Feb 2013 19:44:16 +0000 (UTC) Received: (qmail 23791 invoked by uid 500); 26 Feb 2013 19:44:16 -0000 Delivered-To: apmail-kafka-dev-archive@kafka.apache.org Received: (qmail 23741 invoked by uid 500); 26 Feb 2013 19:44:15 -0000 Mailing-List: contact dev-help@kafka.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kafka.apache.org Delivered-To: mailing list dev@kafka.apache.org Received: (qmail 23586 invoked by uid 99); 26 Feb 2013 19:44:15 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Feb 2013 19:44:15 +0000 Date: Tue, 26 Feb 2013 19:44:15 +0000 (UTC) From: "Jonathan Creasy (JIRA)" To: dev@kafka.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (KAFKA-656) Add Quotas to Kafka MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/KAFKA-656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13587447#comment-13587447 ] Jonathan Creasy commented on KAFKA-656: --------------------------------------- That makes sense. Thinking about this last night, we probably need to keep the quota stats in ZK in order to enforce them across the cluster, so that would make using Metrics harder also. > Add Quotas to Kafka > ------------------- > > Key: KAFKA-656 > URL: https://issues.apache.org/jira/browse/KAFKA-656 > Project: Kafka > Issue Type: New Feature > Components: core > Affects Versions: 0.8.1 > Reporter: Jay Kreps > Labels: project > > It would be nice to implement a quota system in Kafka to improve our support for highly multi-tenant usage. The goal of this system would be to prevent one naughty user from accidently overloading the whole cluster. > There are several quantities we would want to track: > 1. Requests pers second > 2. Bytes written per second > 3. Bytes read per second > There are two reasonable groupings we would want to aggregate and enforce these thresholds at: > 1. Topic level > 2. Client level (e.g. by client id from the request) > When a request hits one of these limits we will simply reject it with a QUOTA_EXCEEDED exception. > To avoid suddenly breaking things without warning, we should ideally support two thresholds: a soft threshold at which we produce some kind of warning and a hard threshold at which we give the error. The soft threshold could just be defined as 80% (or whatever) of the hard threshold. > There are nuances to getting this right. If you measure second-by-second a single burst may exceed the threshold, so we need a sustained measurement over a period of time. > Likewise when do we stop giving this error? To make this work right we likely need to charge against the quota for request *attempts* not just successful requests. Otherwise a client that is overloading the server will just flap on and off--i.e. we would disable them for a period of time but when we re-enabled them they would likely still be abusing us. > It would be good to a wiki design on how this would all work as a starting point for discussion. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira