Hardik Joshi
Reputation: 1
How to Block Clients with Invalid Certificates from Overloading Kafka Brokers?
I have a situation where my Kafka brokers are bombarded by clients with expired/no certificates.
There are 100s of messages every minute that keeps Kafka brokers busy. And since IPs are dynamic pinpointing them is another task.
INFO [SocketServer listenerType=ZK_BROKER, nodeId=1] Failed authentication with /<IP> (SSL handshake failed) (org.apache.kafka.common.network.Selector)
I am relatively new to Kafka and need some guidance on how exactly I can block these floods. There is no load balancer or any such external network configuration who can help.
Is there any way I can stop it using Kafka configuration?
I have checked the configurations on my system and that are near default. Kafka brokers are enabled with SSL certificate validation. No SASL implemented. No load balancing and going to network team for rate limiting will gain take a long time.
Upvotes: 0
Views: 53
Answers (0)
Related Questions
- Unexpected Kafka request of type METADATA during SASL handshake when connecting to kafka server by a consumer
- How to use different load balancer ports for Kafka bootstrap and brokers created by Strimzi?
- Filebeat Kafka client failing SSL handshake with AWS MSK
- Configuring kafka connect with multi brokers
- Kafka2.2.0 with SASL-SCRAM - SSL peer is not authenticated, returning ANONYMOUS instead
- Confluent REST proxy API SSL handshake fails
- How to find the root cause of high CPU usage of Kafka brokers?