Help Center

Distributed Message Service (Kafka)

Product Introduction
Billing
Getting Started
User Guide
API Reference
Best Practices
Developer Guide
FAQs
Agreements

Connection

2024-05-10 02:08:32

1.1.1         FAQs for Connection

What Can I Do if One or More IP Addresses Are Not Displayed?

On the Broker Monitoring page, three IP addresses with port numbers are displayed if the three nodes are working properly. If one IP address is missing, the node of the IP address is abnormal. Contact the administrator to check the abnormal node and rectify the problem as soon as possible.

descript

Is Cross-VPC Access Supported?

Yes. You can create a VPC peering connection to connect two VPC networks for access across VPCs.

How Do I Access a Kafka Instance by Using a Proxy?

You cannot access a Kafka instance by using a proxy.

The following items describe the working mechanism for a client to access a broker: Step 1: The client uses bootstrap.servers to access a broker and obtain the metadata. Step 2: The client uses the IP address that is obtained from the metadata to send and receive messages. After you configure a proxy, your client can obtain the metadata. However, the client cannot use the IP address that is obtained from the metadata to send or receive messages. This means if you access a Kafka instance by using a proxy, the network cannot be fully connected.

How Many Connections to the Broker Can a Producer Establish?

Each producer usually establishes two TCP connections to the broker. One TCP connection is used to update metadata and the other is used to send messages.

What Is the Difference Between a VPC Instance and a Public Network/VPC Instance?

VPC instance: Only provides VPC endpoints and supports access from a VPC.

Public network/VPC instance: Provides public network and VPC endpoints and supports access from a VPC or a public network.

Does a Kafka Instance Support Access Over a Public Network?

Yes, a Kafka instance supports access over a public network. For details, see section 4.3.2 Setting a Public Network IP Address.

Does a Kafka Instance Support Access Across Regions?

Yes. You can access a Kafka instance across regions over a public network or by using Express Connect.

Do Kafka Instances Support Cross-Subnet Access?

Yes. If the client and the instance are in the same VPC, cross-subnet access is supported. By default, subnets in the same VPC can communicate with each other. For details, see related VPC sections.

Does Kafka Support Authentication With Kerberos?

No, Kerberos authentication is not supported. Kafka supports endpoint access using SASL_PLAINTEXT.

How Do I Obtain the Public Access Address After Public Access Is Enabled?

In the window for Setting Public IP addresses in the Instance list, you can view the public IP addresses bound to each node.

Does Kafka Support Authentication on Clients by the Broker?

Kafka supports authentication on clients by the broker through authentication mechanisms such as Simple Authentication and Security Layer (SASL). SASL is a communication security framework that allows authentication and authorization between clients and brokers.

Is There a Limit on the Number of Connections for a Single IP Address on the Client?

Currently, Kafka does not have a limit on the number of connections for a single IP address. It depends on the number of instance connections. For details, see section 8.3.5 Is there a limit on the number of client connections to a Kafka instance?

Can I Change the Private Network Addresses of a Kafka Instance?

After an instance is created, its private network connection addresses cannot be modified.

1.1.2         What Can I Do if an Exception Occurs When a Client Connects to Kafka for the First Time?

If an exception occurs when a client connects to Kafka for the first time, you can check the following items to troubleshoot the exception:

l  Network connectivity: In most cases, network connectivity issues are caused by one of the following reasons:

(1) The ECS instance (client) is not located in the same VPC as the Kafka instance. For information about how to access a Kafka broker through a VPC, see the section of VPC connection.

(2) The client connects to a VPC-connected Kafka instance. The exception occurs because you did not access the Kafka broker over the Internet.

l  Client version: Exceptions may occur if the client version is outdated. We recommend that you upgrade the client to a version that matches the version of the broker.

l  Configuration: Access may fail if the configuration of the default endpoint is invalid. To check the information about configurations, see Quick Start.

1.1.3         How Many Connection Addresses Does a Kafka Instance Have by Default?

The number of connection addresses of a Kafka instance is the same as the number of nodes of the instance.

The following table lists the number of nodes for each specification.

Host Type

Available Node Specifications

Available Number of Nodes

Storage Space

General-purpose

4-core 16 GB

8-core 32 GB

16-core 64 GB

3, 5, 7 or 9

Select storage type and   space as needed

Computing-plus

4-core 8 GB

8-core 16 GB

16-core 32 GB

3, 5, 7 or 9

Select storage type and   space as needed

1.1.4         How to Configure a Security Group

A client can only be deployed on an elastic cloud server (CT-ECS) that is located in the same VPC and the same subnet as the Kafka instance.

In addition, the client can access the Kafka instance only when the security groups are configured with proper rules.

l  You are advised to configure the same security group for the ECS and instance. After a security group is created, network access in the group is not restricted by default.

l  If different security groups are configured, you may need to refer to the following configurations:

Note:

Assume that security groups sgs-CT-ECS and sgs-Kafka are configured respectively for your ECS and Kafka instance.

Kafka access port 9098 is used as an example; the access port for any other instance should be subject to the actual situation.

You can specify a security group or IP address as the remote end in the following rules.

Configuring security group for the CT-ECS. To ensure that your client can access the Kafka instance, add the following outbound rule to the security group configured for the CT-ECS instance. Skip this rule if there are no restrictions on the outbound traffic.

descript

Configuring security group for the Kafka instance. To ensure that your client can access the Kafka instance, add the following inbound rule to the security group configured for the Kafka instance

descript

1.1.5         Is There a Limit on the Number of Client Connections to a Kafka Instance?

Yes. The maximum allowed number of client connections varies by instance specifications. If the bandwidth is 100 MB/s, a maximum of 3,000 client connections are allowed.

If the bandwidth is 300 MB/s, a maximum of 10,000 client connections are allowed.

If the bandwidth is 600 MB/s, a maximum of 20,000 client connections are allowed.

If the bandwidth is 1,200 MB/s, a maximum of 20,000 client connections are allowed.

If the instance specification is s7.xlarge.4 (general-type, 4U16G), a maximum of 1,000 client connections are allowed for each broker.

If the instance specification is s7.2xlarge.4 (general-type, 8U32G), a maximum of 2,000 client connections are allowed for each broker.

If the instance specification is s7.4xlarge.4 (general-type, 16U64G), a maximum of 4,500 client connections are allowed for each broker.

If the instance specification is c7.xlarge.2 (computing-plus, 4U8G), a maximum of 4,500 client connections are allowed for each broker.

If the instance specification is c7.2xlarge.2 (computing-plus, 8U16G), a maximum of 6,000 client connections are allowed for each broker.

If the instance specification is c7.4xlarge.2 (computing-plus, 16U32G), a maximum of 10,000 client connections are allowed for each broker.


The previous article -  Instances
The next article -  Operation
Z79zggCIObf3