Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can I use kafka over Internet?

Tags:

authentication

apache-kafka

cluster-computing

nat

wan

Is kafka suitable for Internet-use?

More precisely, what I want is to expose kafka topics as "public interface", then external consumers (or producers) can connect to it. Is it possible?

I hear there are problems if I want to use the cluster in both internal and external networks, because it is then hard to configure advertised.host.name. Is that true?

And do I have to expose zookeeper as well? I think the new consumer/producer api no longer need that.

like image 283
ntysdd Avatar asked Sep 05 '17 02:09

ntysdd

1 Answers

I would personally not expose the Kafka server directly to clients via TCP for these reasons, only to name a few:

  • If a bad client opens too many connections this may affect the stability of the Kafka platform and may affects other clients too
    • Too many open files on the Kafka server, HW/SW settings and OS tuning is needed to limit uncontrolled clients
  • If you need to add a Kafka server to increase scalability, you may need to go through a lot of low level configuration (firewall, IPs visibility, certificates, etc.) on both client and server side. Other product address these problems using gateways or proxies: Coherence uses extend proxy clients, tibco EMS uses routed destinations, other SW (many JMS servers) use Store&Forward mechanisms, etc.
  • Maintenance of the Kafka nodes, in case of clients attached to the Kafka servers, will have to consider also the needs of clients and the SLA (service level aggreement) that have been defined with the client (ex. 24*7*365)
  • If you use Kafka also as a back end service, a multi layered architecture should be taken into consideration: FE gateways and BE services, etc.
  • Other considerations require to understand what exacly you consider to be an external (over the internet) consumer/producer in your system. Is it a component of your system that needs to access the Kafka servers? Are they internal or external to your organization, etc. ...

Naturally all these considerations can be correctly addressed also using a TCP direct connection to the Kafka servers, but I would personally use a different solution.

  • HTTP proxies
  • Or at least I would use a dedicated FE Kafka server (or couple of servers for HA) dedicated for each client that forward the messages to the main Kafka group of servers
like image 170
Mario Stefanutti Avatar answered Sep 23 '22 07:09

Mario Stefanutti
Sign in to Comment

Related questions

How do I get permitAll in Spring Security to NOT throw AuthenticationCredentialsNotFoundException in @Controller object?
Authentication with a Web farm
pyramid AuthTktAuthenticationPolicy secret parameter
Logged in users still see login page (django auth)
Pentaho BI server report without Log in
Laravel 5.2 auth change 'users' table
How to combine the windows authentication and JWT with .Net Core 2.1
Flutter: generate release SHA1 fingerprint
How to calculate PCKE's code_verifier?
Why does aspnet_users use guid for id rather than incrementing int? bonus points for help on extending user fields
Basic and Form Authentication with Mechanize (Ruby)
Testing basic http authenticaation with digest using curl
How to get the role that a user logged in with in my controller using Spring Security
No AuthenticationProvider found on refresh token - Spring OAuth2 java config
Vuex persisted state doesn't remove state after closing tab
How can I override the django AuthenticationForm input css class?
How to Remember username or password for login form [duplicate]
Handling Game Center authentication
Spring Security for URL with permitAll() and expired Auth Token
X11 forwarding of a GUI app running in docker

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!