Hello Jack, Jun, Luke, and all! Thank you for your messages.
Let me first address some of Jun’s comments. > First, it degrades the durability. > For each partition, now there are two files being actively written at a > given point of time, one for the data and another for the metadata. > Flushing each file requires a separate IO. If the disk has 1K IOPS and we > have 5K partitions in a broker, currently we can afford to flush each > partition every 5 seconds, achieving an RPO of 5 seconds. If we double the > number of files per partition, we can only flush each partition every 10 > seconds, which makes RPO twice as bad. As I understand, you’re speaking about locally materialized segments. They will indeed consume some IOPS. See them as a cache that could always be restored from the remote storage. While it’s not ideal, it's still OK to lose data in them due to a machine crash, for example. Because of this, we can avoid explicit flushing on local materialized segments at all and let the file system and page cache figure out when to flush optimally. This would not eliminate the extra IOPS, but should reduce it dramatically, depending on throughput for each partition. We, of course, continue flushing the metadata segments as before. It’s worth making a note on caching. I think nobody will disagree that doing direct reads from remote storage every time a batch is requested by a consumer will not be practical neither from the performance nor from the economy point of view. We need a way to keep the number of GET requests down. There are multiple options, for example: 1. Rack-aware distributed in-memory caching. 2. Local in-memory caching. Comes with less network chattiness and works well if we have more or less stable brokers to consume from. 3. Materialization of diskless logs on local disk. Way lower impact on RAM and also requires stable brokers for consumption (using just assigned replicas will probably work well). Materialization is one of possible options, but we can choose another one. However, we will have this dilemma regardless of whether we have an explicit coordinator or we go “coordinator-less”. > Second, if we ever need this > metadata somewhere else, say in the WAL file manager, the consumer needs to > subscribe to every partition in the cluster, which is inefficient. The > actual benefit of this approach is also questionable. On the surface, it > might seem that we could reduce the number of lines that need to be changed > for this KIP. However, the changes are quite intrusive to the classic > partition's code path and will probably make the code base harder to > maintain in the long run. I like the original approach based on the batch > coordinator much better than this one. We could probably refactor the > producer state code so that it could be reused in the batch coordinator. It’s hard to disagree with this. The explicit coordinator is more a side thing, while coordinator-less approach is more about extending ReplicaManager, UnifiedLog and others substantially. > Thanks for addressing the concerns on the number of RPCs in the produce > path. I agree that with the metadata crafting mechanism, we could mitigate > the PRC problem. However, since we now require the metadata to be > collocated with the data on the same set of brokers, it's weird that they > are now managed by different mechanisms. The data assignment now uses the > metadata crafting mechanism, but the metadata is stored in the classic > partition using its own assignment strategy. It will be complicated to keep > them collocated. I would like to note that the metadata crafting is needed only to tell producers which brokers they should send Produce requests to, but data (as in “locally materialized log”) is located on partition replicas, i.e. automatically co-located with metadata. As a side note, it would probably be better that instead of implicitly crafting partition metadata, we extend the metadata protocol so that for diskless partitions we return not only the leader and replicas, but also some “recommended produce brokers”, selected for optimal performance and costs. Producers will pick ones in their racks. > I am also concerned about the removal of the object compaction/merging > step. We should have mentioned this explicitly, but this step, in fact, remains in the form of segments offloading to tiered storage. When we assemble a segment and hand it over to RemoteLogManager, we’re effectively doing metadata compaction: replacing a big number of pieces of metadata about individual batches with a single record in __remote_log_metadata. We could create a Diskless-specific merging mechanism instead if needed. It’s rather easy with the explicit coordinator approach. With the coordinator-less approach, this would probably be a bit more tricky (rewriting the tail of the log by the leader + replicating this change reliably). > I see a tendency toward primarily optimizing for the fewest code changes in > the KIP. Instead, our primary goal should be a clean design that can last > for the long term. Yes, totally agree. Luke, > I'm wondering if the complexity of designing txn and queue is because of > leaderless cluster, do you think it will be simpler if we only focus on the > "diskless" design to handle object compaction/merging to/from the remote > storage to save the cross-AZ cost? After some evolution of the original proposal, leaderless is now limited. We only need to be able to accept Produce requests on more than one broker to eliminate the cross-AZ costs for producers. Do I get it right that you propose to get rid of this? Or do I misunderstand? Let’s now look at this problem from a higher level, as Jack proposed. As it was said, the big choice we need to make is whether we 1) create an explicit batch coordinator; or 2) go for the coordinator-less approach, where each diskless partition is managed by its leader as in classic topics. If we try to compare the two approaches: Pluggability: - Explicit coordinator: Possible. For example, some setups may benefit from batch metadata being stored in a cloud database (such as AWS DynamoDB or GCP Spanner). - Coordinator-less: Impossible. Scalability and fault tolerance: - Explicit coordinator: Depends on the implementation and it’s also necessary to actively work for it. - Coordinator-less: Closer to classic Kafka topics. Scaling is done by partition placement, partitions could fail independently. Separation of concerns: - Explicit coordinator: Very good. Diskless remains more independent from classic topics in terms of code and workflows. For example, the above-mentioned non-tiered storage metadata compaction mechanism could be relatively simply implemented with it. As a flip side of this, some workflows (e.g. transactions) will have to be adapted. - Coordinator-less: Less so. It leans to the opposite: bringing diskless closer to classic topics. Some code paths and workflows could be more straightforwardly reused, but they will inevitably have to be adapted to accommodate both topic types as also discussed. Cloud-nativeness. This is a vague concept, also related to the previous, but let’s try: - Explicit coordinator: Storing and processing metadata separately makes it easier for brokers to take different roles, be purely stateless if needed, etc. - Coordinator-less: Less so. Something could be achieved with creative partition placement, but not much. Both seem to have their pros and cons. However, answering Jack’s question, the explicit coordinator approach may indeed lead to a more flexible design. The purpose of this deviation in the discussion was to receive a preliminary community evaluation of the coordinator-less approach without taking on the task of writing a separate KIP and fitting it in the system of KIP-1150 and its children. We’re open to stopping it and getting back to working out the coordinator design if the community doesn’t favor the proposed approach. Best, Ivan and Diskless team On Mon, Oct 20, 2025, at 05:58, Luke Chen wrote: > Hi Ivan, > > As Jun pointed out, the updated design seems to have some shortcomings > although it simplifies the implementation. > > I'm wondering if the complexity of designing txn and queue is because of > leaderless cluster, do you think it will be simpler if we only focus on the > "diskless" design to handle object compaction/merging to/from the remote > storage to save the cross-AZ cost? > > > Thank you, > Luke > > On Sat, Oct 18, 2025 at 5:22 AM Jun Rao <[email protected]> wrote: > > > Hi, Ivan, > > > > Thanks for the explanation. > > > > "we write the reference to the WAL file with the batch data" > > > > I understand the approach now, but I think it is a hacky one. There are > > multiple short comings with this design. First, it degrades the durability. > > For each partition, now there are two files being actively written at a > > given point of time, one for the data and another for the metadata. > > Flushing each file requires a separate IO. If the disk has 1K IOPS and we > > have 5K partitions in a broker, currently we can afford to flush each > > partition every 5 seconds, achieving an RPO of 5 seconds. If we double the > > number of files per partition, we can only flush each partition every 10 > > seconds, which makes RPO twice as bad. Second, if we ever need this > > metadata somewhere else, say in the WAL file manager, the consumer needs to > > subscribe to every partition in the cluster, which is inefficient. The > > actual benefit of this approach is also questionable. On the surface, it > > might seem that we could reduce the number of lines that need to be changed > > for this KIP. However, the changes are quite intrusive to the classic > > partition's code path and will probably make the code base harder to > > maintain in the long run. I like the original approach based on the batch > > coordinator much better than this one. We could probably refactor the > > producer state code so that it could be reused in the batch coordinator. > > > > Thanks for addressing the concerns on the number of RPCs in the produce > > path. I agree that with the metadata crafting mechanism, we could mitigate > > the PRC problem. However, since we now require the metadata to be > > collocated with the data on the same set of brokers, it's weird that they > > are now managed by different mechanisms. The data assignment now uses the > > metadata crafting mechanism, but the metadata is stored in the classic > > partition using its own assignment strategy. It will be complicated to keep > > them collocated. > > > > I am also concerned about the removal of the object compaction/merging > > step. My first concern is on the amount of metadata that need to be kept. > > Without object compcation, the metadata generated in the produce path can > > only be deleted after remote tiering kicks in. Let's say for every 250ms we > > produce 100 byte of metadata per partition. Let's say remoting tiering > > kicks in after 5 hours. In a cluster with 100K partitions, we need to keep > > about 100 * (1 / 0.2) * 5 * 3600 * 100K = 720 GB metadata, quite > > signficant. A second concern is on performance. Every time we need to > > rebuild the caching data, we need to read a bunch of small objects from S3, > > slowing down the building process. If a consumer happens to need such data, > > it could slow down the application. > > > > I see a tendency toward primarily optimizing for the fewest code changes in > > the KIP. Instead, our primary goal should be a clean design that can last > > for the long term. > > > > Thanks, > > > > Jun > > > > On Tue, Oct 14, 2025 at 11:02 AM Ivan Yurchenko <[email protected]> wrote: > > > > > Hi Jun, > > > > > > Thank you for your message. I’m sorry that I failed to clearly explain > > the > > > idea. Let me try to fix this. > > > > > > > Does each partition now have a metadata partition and a separate data > > > > partition? If so, I am concerned that it essentially doubles the number > > > of > > > > partitions, which impacts the number of open file descriptors and the > > > > required IOPS, and so on. It also seems wasteful to have a separate > > > > partition just to store the metadata. It's as if we are creating an > > > > internal topic with an unbounded number of partitions. > > > > > > No. There will be only one physical partition per diskless partition. Let > > > me explain this with an example. Let’s say we have a diskless partition > > > topic-0. It has three replicas 0, 1, 2; 0 is the leader. We produce some > > > batches to this partition. The content of the segment file will be > > > something like this (for each batch): > > > > > > BaseOffset: 00000000000000000000 (like in classic) > > > Length: 123456 (like in classic) > > > PartitionLeaderEpoch: like in classic > > > Magic: like in classic > > > CRC: like in classic > > > Attributes: like in classic > > > LastOffsetDelta: like in classic > > > BaseTimestamp: like in classic > > > MaxTimestamp: like in classic > > > ProducerId: like in classic > > > ProducerEpoch: like in classic > > > BaseSequence: like in classic > > > RecordsCount: like in classic > > > Records: > > > path/to/wal/files/5b55c4bb-f52a-4204-aea6-81226895158a; byte offset > > > 123456 > > > > > > It looks very much like classic log entries. The only difference is that > > > instead of writing real Records, we write the reference to the WAL file > > > with the batch data (I guess we need only the name and the byte offset, > > > because the byte length is the standard field above). Otherwise, it’s a > > > normal Kafka log with the leader and replicas. > > > > > > So we have as many partitions for diskless as for classic. As of open > > file > > > descriptors, let’s proceed to the following: > > > > > > > Are the metadata and > > > > the data for the same partition always collocated on the same broker? > > If > > > > so, how do we enforce that when replicas are reassigned? > > > > > > The source of truth for the data is still in WAL files on object storage. > > > The source of truth for the metadata is in segment files on the brokers > > in > > > the replica set. Two new mechanisms are planned, both independent of this > > > new proposal, but I want to present them to give the idea that only a > > > limited amount of data files will be operated locally: > > > - We want to assemble batches into segment files and offload them to > > > tiered storage in order to prevent the unbounded growth of batch > > metadata. > > > For this, we need to open only a few file descriptors (for the segment > > > file itself + the necessary indexes) before the segment is fully written > > > and handed over to RemoteLogManager. > > > - We want to assemble local segment files for caching purposes as well, > > > i.e. to speed up fetching. This will not materialize the full content of > > > the log, but only the hot set according to some policy (or configurable > > > policies), i.e. the number of segments and file descriptors will also be > > > limited. > > > > > > > The number of RPCs in the produce path is significantly higher. For > > > > example, if a produce request has 100 partitions, in a cluster with 100 > > > > brokers, each produce request could generate 100 more RPC requests. > > This > > > > will significantly increase the request rate. > > > > > > This is a valid concern that we considered, but this issue can be > > > mitigated. I’ll try to explain the approach. > > > The situation with a single broker is trivial: all the commit requests go > > > from the broker to itself. > > > Let’s scale this to a multi-broker cluster, but located in the single > > rack > > > (AZ). Any broker can accept Produce requests for diskless partitions, but > > > we can tell producers (through metadata) to always send Produce requests > > to > > > leaders. For example, broker 0 hosts the leader replicas for diskless > > > partitions t1-0, t2-1, t3-0. It will receive diskless Produce requests > > for > > > these partitions in various combinations, but only for them. > > > > > > Broker 0 > > > +-----------------+ > > > | t1-0 | > > > | t2-1 <--------------------+ > > > | t3-0 | | > > > produce | +-------------+ | | > > > requests | | diskless | | | > > > --------------->| produce +--------------+ > > > for these | | WAL buffer | | commit requests > > > partitions | +-------------+ | for these partitions > > > | | > > > +-----------------+ > > > > > > The same applies for other brokers in this cluster. Effectively, each > > > broker will commit only to itself, which effectively means 1 commit > > request > > > per WAL buffer (this may be 0 physical network calls, if we wish, just a > > > local function call). > > > > > > Now let’s scale this to multiple racks (AZs). Obviously, we cannot always > > > send Produce requests to the designated leaders of diskless partitions: > > > this would mean inter-AZ network traffic, which we would like to avoid. > > To > > > avoid it, we say that every broker has a “diskless produce > > representative” > > > in every AZ. If we continue our example: when a Produce request for t1-0, > > > t2-1, or t3-0 comes from a producer in AZ 0, it lands on broker 0 (in the > > > broker’s AZ the representative is the broker itself). However, if it > > comes > > > from AZ 1, it lands on broker 1; in AZ 2, it’s broker 2. > > > > > > |produce requests |produce requests |produce requests > > > |for t1-0, t2-1, t3-0 |for t1-0, t2-1, t3-0 |for t1-0, t2-1, > > t3-0 > > > |from AZ 0 |from AZ 1 |from AZ 2 > > > v v v > > > Broker 0 (AZ 0) Broker 1 (AZ 1) Broker 2 (AZ 2) > > > +---------------+ +---------------+ +---------------+ > > > | t1-0 | | | | | > > > | t2-1 | | | | | > > > | t3-0 | | | | | > > > +---------------+ +--------+------+ +--------+------+ > > > ^ ^ | | > > > | +--------------------+ | > > > | commit requests for these partitions | > > > | | > > > +-------------------------------------------------+ > > > commit requests for these partitions > > > > > > All the partitions that broker 0 is the leader of will be “represented” > > by > > > brokers 1 and 2 in their AZs. > > > > > > Of course, this relationship goes both ways between AZs (not necessarily > > > between the same brokers). It means that provided the cluster is balanced > > > by the number of brokers per AZ, each broker will represent > > (number_of_azs > > > - 1) other brokers. This will result in the situation that for the > > majority > > > of commits, each broker will do up to (number_of_azs - 1) network commit > > > requests (plus one local). Cloud regions tend to have 3 AZs, very rarely > > > more. That means, brokers will be doing up to 2 network commit requests > > per > > > WAL file. > > > > > > There are the following exceptions: > > > 1. Broker count imbalance between AZs. For example, when we have 2 AZs > > and > > > one has three brokers and another AZ has one. This one broker will do > > > between 1 and 3 commit requests per WAL file. This is not an extreme > > > amplification. Such an imbalance is not healthy in most practical setups > > > and should be avoided anyway. > > > 2. Leadership changes and metadata propagation period. When the partition > > > t3-0 is relocated from broker 0 to some broker 3, the producers will not > > > know this immediately (unless we want to be strict and respond with > > > NOT_LEADER_OR_FOLLOWER). So if t1-0, t2-1, and t3-0 will come together > > in a > > > WAL buffer on broker 2, it will have to send two commit requests: to > > broker > > > 0 to commit t1-0 and t2-1, and to broker 3 to commit t3-0. This situation > > > is not permanent and as producers update the cluster metadata, it will be > > > resolved. > > > > > > This all could be built with the metadata crafting mechanism only (which > > > is anyway needed for Diskless in one way or another to direct producers > > and > > > consumers where we need to avoid inter-AZ traffic), just with the right > > > policy for it (for example, some deterministic hash-based formula). I.e. > > no > > > explicit support for “produce representative” or anything like this is > > > needed on the cluster level, in KRaft, etc. > > > > > > > The same WAL file metadata is now duplicated into two places, partition > > > > leader and WAL File Manager. Which one is the source of truth, and how > > do > > > > we maintain consistency between the two places? > > > > > > We do only two operations on WAL files that span multiple diskless > > > partitions: committing and deleting. Commits can be done independently as > > > described above. But deletes are different, because when a file is > > deleted, > > > this affects all the partitions that still have alive batches in this > > file > > > (if any). > > > > > > The WAL file manager is a necessary point of coordination to delete WAL > > > files safely. We can say it is the source of truth about files > > themselves, > > > while the partition leaders and their logs hold the truth about whether a > > > particular file contains live batches of this particular partition. > > > > > > The file manager will do this important task: be able to say for sure > > that > > > a file does not contain any live batch of any existing partition. For > > this, > > > it will have to periodically check against the partition leaders. > > > Considering that batch deletion is irreversible, when we declare a file > > > “empty”, this is guaranteed to be and stay so. > > > > > > The file manager has to know about files being committed to start track > > > them and periodically check if they are empty. We can consider various > > ways > > > to achieve this: > > > 1. As was proposed in my previous message: best effort commit by brokers > > + > > > periodic prefix scans of object storage to detect files that went below > > the > > > radar due to network issue or the file manager temporary unavailability. > > > We’re speaking about listing the file names only and opening only > > > previously unknown files in order to find the partitions involved with > > them. > > > 2. Only do scans without explicit commit, i.e. fill the list of files > > > fully asynchronously and in the background. This may be not ideal due to > > > costs and performance of scanning tons of files. However, the number of > > > live WAL files should be limited due to tiered storage offloading + we > > can > > > optimize this if we give files some global soft order in their names. > > > > > > > I am not sure how this design simplifies the implementation. The > > existing > > > > producer/replication code can't be simply reused. Adjusting both the > > > write > > > > path in the leader and the replication path in the follower to > > understand > > > > batch-header only data is quite intrusive to the existing logic. > > > > > > It is true that we’ll have to change LocalLog and UnifiedLog in order to > > > support these changes. However, it seems that idempotence, transactions, > > > queues, tiered storage will have to be changed less than with the > > original > > > design. This is because the partition leader state would remain in the > > same > > > place (on brokers) and existing workflows that involve it would have to > > be > > > changed less compared to the situation where we globalize the partition > > > leader state in the batch coordinator. I admit this is hard to make > > > convincing without both real implementations to hand :) > > > > > > > I am also > > > > not sure how this enables seamless switching the topic modes between > > > > diskless and classic. Could you provide more details on those? > > > > > > Let’s consider the scenario of turning a classic topic into diskless. The > > > user sets diskless.enabled=true, the leader receives this metadata update > > > and does the following: > > > 1. Stop accepting normal append writes. > > > 2. Close the current active segment. > > > 3. Start a new segment that will be written in the diskless format (i.e. > > > without data). > > > 4. Start accepting diskless commits. > > > > > > Since it’s the same log, the followers will know about that switch > > > consistently. They will finish replicating the classic segments and start > > > replicating the diskless ones. They will always know where each batch is > > > located (either inside a classic segment or referenced by a diskless > > one). > > > Switching back should be similar. > > > > > > Doing this with the coordinator is possible, but has some caveats. The > > > leader must do the following: > > > 1. Stop accepting normal append writes. > > > 2. Close the current active segment. > > > 3. Write a special control segment to persist and replicate the fact that > > > from offset N the partition is now in the diskless mode. > > > 4. Inform the coordinator about the first offset N of the “diskless era”. > > > 5. Inform the controller quorum that the transition has finished and that > > > brokers now can process diskless writes for this partition. > > > This could fail at some points, so this will probably require some > > > explicit state machine with replication either in the partition log or in > > > KRaft. > > > > > > It seems that the coordinator-less approach makes this simpler because > > the > > > “coordinator” for the partition and the partition leader are the same and > > > they store the partition metadata in the same log, too. While in the > > > coordinator approach we have to perform some kind of a distributed commit > > > to handover metadata management from the classic partition leader to the > > > batch coordinator. > > > > > > I hope these explanations help to clarify the idea. Please let me know if > > > I should go deeper anywhere. > > > > > > Best, > > > Ivan and the Diskless team > > > > > > On Tue, Oct 7, 2025, at 01:44, Jun Rao wrote: > > > > Hi, Ivan, > > > > > > > > Thanks for the update. > > > > > > > > I am not sure that I fully understand the new design, but it seems less > > > > clean than before. > > > > > > > > Does each partition now have a metadata partition and a separate data > > > > partition? If so, I am concerned that it essentially doubles the number > > > of > > > > partitions, which impacts the number of open file descriptors and the > > > > required IOPS, and so on. It also seems wasteful to have a separate > > > > partition just to store the metadata. It's as if we are creating an > > > > internal topic with an unbounded number of partitions. Are the metadata > > > and > > > > the data for the same partition always collocated on the same broker? > > If > > > > so, how do we enforce that when replicas are reassigned? > > > > > > > > The number of RPCs in the produce path is significantly higher. For > > > > example, if a produce request has 100 partitions, in a cluster with 100 > > > > brokers, each produce request could generate 100 more RPC requests. > > This > > > > will significantly increase the request rate. > > > > > > > > The same WAL file metadata is now duplicated into two places, partition > > > > leader and WAL File Manager. Which one is the source of truth, and how > > do > > > > we maintain consistency between the two places? > > > > > > > > I am not sure how this design simplifies the implementation. The > > existing > > > > producer/replication code can't be simply reused. Adjusting both the > > > write > > > > path in the leader and the replication path in the follower to > > understand > > > > batch-header only data is quite intrusive to the existing logic. I am > > > also > > > > not sure how this enables seamless switching the topic modes between > > > > diskless and classic. Could you provide more details on those? > > > > > > > > Jun > > > > > > > > On Thu, Oct 2, 2025 at 5:08 AM Ivan Yurchenko <[email protected]> wrote: > > > > > > > > > Hi dear Kafka community, > > > > > > > > > > In the initial Diskless proposal, we proposed to have a separate > > > > > component, batch/diskless coordinator, whose role would be to > > centrally > > > > > manage the batch and WAL file metadata for diskless topics. This > > > component > > > > > drew many reasonable comments from the community about how it would > > > support > > > > > various Kafka features (transactions, queues) and its scalability. > > > While we > > > > > believe we have good answers to all the expressed concerns, we took a > > > step > > > > > back and looked at the problem from a different perspective. > > > > > > > > > > We would like to propose an alternative Diskless design *without a > > > > > centralized coordinator*. We believe this approach has potential and > > > > > propose to discuss it as it may be more appealing to the community. > > > > > > > > > > Let us explain the idea. Most of the complications with the original > > > > > Diskless approach come from one necessary architecture change: > > > globalizing > > > > > the local state of partition leader in the batch coordinator. This > > > causes > > > > > deviations to the established workflows in various features like > > > produce > > > > > idempotence and transactions, queues, retention, etc. These > > deviations > > > need > > > > > to be carefully considered, designed, and later implemented and > > > tested. In > > > > > the new approach we want to avoid this by making partition leaders > > > again > > > > > responsible for managing their partitions, even in diskless topics. > > > > > > > > > > In classic Kafka topics, batch data and metadata are blended together > > > in > > > > > the one partition log. The crux of the Diskless idea is to decouple > > > them > > > > > and move data to the remote storage, while keeping metadata somewhere > > > else. > > > > > Using the central batch coordinator for managing batch metadata is > > one > > > way, > > > > > but not the only. > > > > > > > > > > Let’s now think about managing metadata for each user partition > > > > > independently. Generally partitions are independent and don’t share > > > > > anything apart from that their data are mixed in WAL files. If we > > > figure > > > > > out how to commit and later delete WAL files safely, we will achieve > > > the > > > > > necessary autonomy that allows us to get rid of the central batch > > > > > coordinator. Instead, *each diskless user partition will be managed > > by > > > its > > > > > leader*, as in classic Kafka topics. Also like in classic topics, the > > > > > leader uses the partition log as the way to persist batch metadata, > > > i.e. > > > > > the regular batch header + the information about how to find this > > > batch on > > > > > remote storage. In contrast to classic topics, batch data is in > > remote > > > > > storage. > > > > > > > > > > For clarity, let’s compare the three designs: > > > > > • Classic topics: > > > > > • Data and metadata are co-located in the partition log. > > > > > • The partition log content: [Batch header (metadata)|Batch data]. > > > > > • The partition log is replicated to the followers. > > > > > • The replicas and leader have local state built from metadata. > > > > > • Original Diskless: > > > > > • Metadata is in the batch coordinator, data is on remote storage. > > > > > • The partition state is global in the batch coordinator. > > > > > • New Diskless: > > > > > • Metadata is in the partition log, data is on remote storage. > > > > > • Partition log content: [Batch header (metadata)|Batch > > coordinates > > > on > > > > > remote storage]. > > > > > • The partition log is replicated to the followers. > > > > > • The replicas and leader have local state built from metadata. > > > > > > > > > > Let’s consider the produce path. Here’s the reminder of the original > > > > > Diskless design: > > > > > > > > > > > > > > > The new approach could be depicted as the following: > > > > > > > > > > > > > > > As you can see, the main difference is that now instead of a single > > > commit > > > > > request to the batch coordinator, we send multiple parallel commit > > > requests > > > > > to all the leaders of each partition involved in the WAL file. Each > > of > > > them > > > > > will commit its batches independently, without coordinating with > > other > > > > > leaders and any other components. Batch data is addressed by the WAL > > > file > > > > > name, the byte offset and size, which allows partitions to know > > nothing > > > > > about other partitions to access their data in shared WAL files. > > > > > > > > > > The number of partitions involved in a single WAL file may be quite > > > large, > > > > > e.g. a hundred. A hundred network requests to commit one WAL file is > > > very > > > > > impractical. However, there are ways to reduce this number: > > > > > 1. Partition leaders are located on brokers. Requests to leaders on > > > one > > > > > broker could be grouped together into a single physical network > > request > > > > > (resembling the normal Produce request that may carry batches for > > many > > > > > partitions inside). This will cap the number of network requests to > > the > > > > > number of brokers in the cluster. > > > > > 2. If we craft the cluster metadata to make producers send their > > > requests > > > > > to the right brokers (with respect to AZs), we may achieve the higher > > > > > concentration of logical commit requests in physical network requests > > > > > reducing the number of the latter ones even further, ideally to one. > > > > > > > > > > Obviously, out of multiple commit requests some may fail or time out > > > for a > > > > > variety of reasons. This is fine. Some producers will receive totally > > > or > > > > > partially failed responses to their Produce requests, similar to what > > > they > > > > > would have received when appending to a classic topic fails or times > > > out. > > > > > If a partition experiences problems, other partitions will not be > > > affected > > > > > (again, like in classic topics). Of course, the uncommitted data will > > > be > > > > > garbage in WAL files. But WAL files are short-lived (batches are > > > constantly > > > > > assembled into segments and offloaded to tiered storage), so this > > > garbage > > > > > will be eventually deleted. > > > > > > > > > > For safely deleting WAL files we now need to centrally manage them, > > as > > > > > this is the only state and logic that spans multiple partitions. On > > the > > > > > diagram, you can see another commit request called “Commit file (best > > > > > effort)” going to the WAL File Manager. This manager will be > > > responsible > > > > > for the following: > > > > > 1. Collecting (by requests from brokers) and persisting information > > > about > > > > > committed WAL files. > > > > > 2. To handle potential failures in file information delivery, it > > will > > > be > > > > > doing prefix scan on the remote storage periodically to find and > > > register > > > > > unknown files. The period of this scan will be configurable and > > ideally > > > > > should be quite long. > > > > > 3. Checking with the relevant partition leaders (after a grace > > > period) if > > > > > they still have batches in a particular file. > > > > > 4. Physically deleting files when they aren’t anymore referred to by > > > any > > > > > partition. > > > > > > > > > > This new design offers the following advantages: > > > > > 1. It simplifies the implementation of many Kafka features such as > > > > > idempotence, transactions, queues, tiered storage, retention. Now we > > > don’t > > > > > need to abstract away and reuse the code from partition leaders in > > the > > > > > batch coordinator. Instead, we will literally use the same code paths > > > in > > > > > leaders, with little adaptation. Workflows from classic topics mostly > > > > > remain unchanged. > > > > > For example, it seems that > > > > > ReplicaManager.maybeSendPartitionsToTransactionCoordinator and > > > > > KafkaApis.handleWriteTxnMarkersRequest used for transaction support > > on > > > the > > > > > partition leader side could be used for diskless topics with little > > > > > adaptation. ProducerStateManager, needed for both idempotent produce > > > and > > > > > transactions, would be reused. > > > > > Another example is share groups support, where the share partition > > > leader, > > > > > being co-located with the partition leader, would execute the same > > > logic > > > > > for both diskless and classic topics. > > > > > 2. It returns to the familiar partition-based scaling model, where > > > > > partitions are independent. > > > > > 3. It makes the operation and failure patterns closer to the > > familiar > > > > > ones from classic topics. > > > > > 4. It opens a straightforward path to seamless switching the topics > > > modes > > > > > between diskless and classic. > > > > > > > > > > The rest of the things remain unchanged compared to the previous > > > Diskless > > > > > design (after all previous discussions). Such things as local segment > > > > > materialization by replicas, the consume path, tiered storage > > > integration, > > > > > etc. > > > > > > > > > > If the community finds this design more suitable, we will update the > > > > > KIP(s) accordingly and continue working on it. Please let us know > > what > > > you > > > > > think. > > > > > > > > > > Best regards, > > > > > Ivan and Diskless team > > > > > > > > > > On Mon, Sep 29, 2025, at 15:06, Ivan Yurchenko wrote: > > > > > > Hi Justine, > > > > > > > > > > > > Yes, you're right. We need to track the aborted transactions for in > > > the > > > > > diskless coordinator for as long as the corresponding offsets are > > > there. > > > > > With the tiered storage unification Greg mentioned earlier, this will > > > be > > > > > finite time even for infinite data retention. > > > > > > > > > > > > Best, > > > > > > Ivan > > > > > > > > > > > > On Wed, Sep 17, 2025, at 19:41, Justine Olshan wrote: > > > > > > > Hey Ivan, > > > > > > > > > > > > > > Thanks for the response. I think most of what you said made > > sense, > > > but > > > > > I > > > > > > > did have some questions about this part: > > > > > > > > > > > > > > > As we understand this, the partition leader in classic topics > > > forgets > > > > > > > about a transaction once it’s replicated (HWM overpasses it). The > > > > > > > transaction coordinator acts like the main guardian, allowing > > > partition > > > > > > > leaders to do this safely. Please correct me if this is wrong. We > > > think > > > > > > > about relying on this with the batch coordinator and delete the > > > > > information > > > > > > > about a transaction once it’s finished (as there’s no replication > > > and > > > > > HWM > > > > > > > advances immediately). > > > > > > > > > > > > > > I didn't quite understand this. In classic topics, we have maps > > for > > > > > ongoing > > > > > > > transactions which remove state when the transaction is completed > > > and > > > > > an > > > > > > > aborted transactions index which is retained for much longer. > > Once > > > the > > > > > > > transaction is completed, the coordinator is no longer involved > > in > > > > > > > maintaining this partition side state, and it is subject to > > > compaction > > > > > etc. > > > > > > > Looking back at the outline provided above, I didn't see much > > > about the > > > > > > > fetch path, so maybe that could be expanded a bit further. I saw > > > the > > > > > > > following in a response: > > > > > > > > When the broker constructs a fully valid local segment, all the > > > > > necessary > > > > > > > control batches will be inserted and indices, including the > > > transaction > > > > > > > index will be built to serve FetchRequests exactly as they are > > > today. > > > > > > > > > > > > > > Based on this, it seems like we need to retain the information > > > about > > > > > > > aborted txns for longer. > > > > > > > > > > > > > > Thanks, > > > > > > > Justine > > > > > > > > > > > > > > On Mon, Sep 15, 2025 at 9:43 AM Ivan Yurchenko <[email protected]> > > > wrote: > > > > > > > > > > > > > > > Hi Justine and all, > > > > > > > > > > > > > > > > Thank you for your questions! > > > > > > > > > > > > > > > > > JO 1. >Since a transaction could be uniquely identified with > > > > > producer ID > > > > > > > > > and epoch, the positive result of this check could be cached > > > > > locally > > > > > > > > > Are we saying that only new transaction version 2 > > transactions > > > can > > > > > be > > > > > > > > used > > > > > > > > > here? If not, we can't uniquely identify transactions with > > > > > producer id + > > > > > > > > > epoch > > > > > > > > > > > > > > > > You’re right that we (probably unintentionally) focused only on > > > > > version 2. > > > > > > > > We can either limit the support to version 2 or consider using > > > some > > > > > > > > surrogates to support version 1. > > > > > > > > > > > > > > > > > JO 2. >The batch coordinator does the final transactional > > > checks > > > > > of the > > > > > > > > > batches. This procedure would output the same errors like the > > > > > partition > > > > > > > > > leader in classic topics would do. > > > > > > > > > Can you expand on what these checks are? Would you be > > checking > > > if > > > > > the > > > > > > > > > transaction was still ongoing for example?* * > > > > > > > > > > > > > > > > Yes, the producer epoch, that the transaction is ongoing, and > > of > > > > > course > > > > > > > > the normal idempotence checks. What the partition leader in the > > > > > classic > > > > > > > > topics does before appending a batch to the local log (e.g. in > > > > > > > > UnifiedLog.maybeStartTransactionVerification and > > > > > > > > UnifiedLog.analyzeAndValidateProducerState). In Diskless, we > > > > > unfortunately > > > > > > > > cannot do these checks before appending the data to the WAL > > > segment > > > > > and > > > > > > > > uploading it, but we can “tombstone” these batches in the batch > > > > > coordinator > > > > > > > > during the final commit. > > > > > > > > > > > > > > > > > Is there state about ongoing > > > > > > > > > transactions in the batch coordinator? I see some other state > > > > > mentioned > > > > > > > > in > > > > > > > > > the End transaction section, but it's not super clear what > > > state is > > > > > > > > stored > > > > > > > > > and when it is stored. > > > > > > > > > > > > > > > > Right, this should have been more explicit. As the partition > > > leader > > > > > tracks > > > > > > > > ongoing transactions for classic topics, the batch coordinator > > > has > > > > > to as > > > > > > > > well. So when a transaction starts and ends, the transaction > > > > > coordinator > > > > > > > > must inform the batch coordinator about this. > > > > > > > > > > > > > > > > > JO 3. I didn't see anything about maintaining LSO -- perhaps > > > that > > > > > would > > > > > > > > be > > > > > > > > > stored in the batch coordinator? > > > > > > > > > > > > > > > > Yes. This could be deduced from the committed batches and other > > > > > > > > information, but for the sake of performance we’d better store > > it > > > > > > > > explicitly. > > > > > > > > > > > > > > > > > JO 4. Are there any thoughts about how long transactional > > > state is > > > > > > > > > maintained in the batch coordinator and how it will be > > cleaned > > > up? > > > > > > > > > > > > > > > > As we understand this, the partition leader in classic topics > > > forgets > > > > > > > > about a transaction once it’s replicated (HWM overpasses it). > > The > > > > > > > > transaction coordinator acts like the main guardian, allowing > > > > > partition > > > > > > > > leaders to do this safely. Please correct me if this is wrong. > > We > > > > > think > > > > > > > > about relying on this with the batch coordinator and delete the > > > > > information > > > > > > > > about a transaction once it’s finished (as there’s no > > replication > > > > > and HWM > > > > > > > > advances immediately). > > > > > > > > > > > > > > > > Best, > > > > > > > > Ivan > > > > > > > > > > > > > > > > On Tue, Sep 9, 2025, at 00:38, Justine Olshan wrote: > > > > > > > > > Hey folks, > > > > > > > > > > > > > > > > > > Excited to see some updates related to transactions! > > > > > > > > > > > > > > > > > > I had a few questions. > > > > > > > > > > > > > > > > > > JO 1. >Since a transaction could be uniquely identified with > > > > > producer ID > > > > > > > > > and epoch, the positive result of this check could be cached > > > > > locally > > > > > > > > > Are we saying that only new transaction version 2 > > transactions > > > can > > > > > be > > > > > > > > used > > > > > > > > > here? If not, we can't uniquely identify transactions with > > > > > producer id + > > > > > > > > > epoch > > > > > > > > > > > > > > > > > > JO 2. >The batch coordinator does the final transactional > > > checks > > > > > of the > > > > > > > > > batches. This procedure would output the same errors like the > > > > > partition > > > > > > > > > leader in classic topics would do. > > > > > > > > > Can you expand on what these checks are? Would you be > > checking > > > if > > > > > the > > > > > > > > > transaction was still ongoing for example? Is there state > > about > > > > > ongoing > > > > > > > > > transactions in the batch coordinator? I see some other state > > > > > mentioned > > > > > > > > in > > > > > > > > > the End transaction section, but it's not super clear what > > > state is > > > > > > > > stored > > > > > > > > > and when it is stored. > > > > > > > > > > > > > > > > > > JO 3. I didn't see anything about maintaining LSO -- perhaps > > > that > > > > > would > > > > > > > > be > > > > > > > > > stored in the batch coordinator? > > > > > > > > > > > > > > > > > > JO 4. Are there any thoughts about how long transactional > > > state is > > > > > > > > > maintained in the batch coordinator and how it will be > > cleaned > > > up? > > > > > > > > > > > > > > > > > > On Mon, Sep 8, 2025 at 10:38 AM Jun Rao > > > <[email protected]> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > Hi, Greg and Ivan, > > > > > > > > > > > > > > > > > > > > Thanks for the update. A few comments. > > > > > > > > > > > > > > > > > > > > JR 10. "Consumer fetches are now served from local > > segments, > > > > > making > > > > > > > > use of > > > > > > > > > > the > > > > > > > > > > indexes, page cache, request purgatory, and zero-copy > > > > > functionality > > > > > > > > already > > > > > > > > > > built into classic topics." > > > > > > > > > > JR 10.1 Does the broker build the producer state for each > > > > > partition in > > > > > > > > > > diskless topics? > > > > > > > > > > JR 10.2 For transactional data, the consumer fetches need > > to > > > know > > > > > > > > aborted > > > > > > > > > > records. How is that achieved? > > > > > > > > > > > > > > > > > > > > JR 11. "The batch coordinator saves that the transaction is > > > > > finished > > > > > > > > and > > > > > > > > > > also inserts the control batches in the corresponding logs > > > of the > > > > > > > > involved > > > > > > > > > > Diskless topics. This happens only on the metadata level, > > no > > > > > actual > > > > > > > > control > > > > > > > > > > batches are written to any file. " > > > > > > > > > > A fetch response could include multiple transactional > > > batches. > > > > > How > > > > > > > > does the > > > > > > > > > > broker obtain the information about the ending control > > batch > > > for > > > > > each > > > > > > > > > > batch? Does that mean that a fetch response needs to be > > > built by > > > > > > > > > > stitching record batches and generated control batches > > > together? > > > > > > > > > > > > > > > > > > > > JR 12. Queues: Is there still a share partition leader that > > > all > > > > > > > > consumers > > > > > > > > > > are routed to? > > > > > > > > > > > > > > > > > > > > JR 13. "Should the KIPs be modified to include this or it's > > > too > > > > > > > > > > implementation-focused?" It would be useful to include > > enough > > > > > details > > > > > > > > to > > > > > > > > > > understand correctness and performance impact. > > > > > > > > > > > > > > > > > > > > HC5. Henry has a valid point. Requests from a given > > producer > > > > > contain a > > > > > > > > > > sequence number, which is ordered. If a producer sends > > every > > > > > Produce > > > > > > > > > > request to an arbitrary broker, those requests could reach > > > the > > > > > batch > > > > > > > > > > coordinator in different order and lead to rejection of the > > > > > produce > > > > > > > > > > requests. > > > > > > > > > > > > > > > > > > > > Jun > > > > > > > > > > > > > > > > > > > > On Thu, Sep 4, 2025 at 12:00 AM Ivan Yurchenko < > > > [email protected]> > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > > > We have also thought in a bit more details about > > > transactions > > > > > and > > > > > > > > queues, > > > > > > > > > > > here's the plan. > > > > > > > > > > > > > > > > > > > > > > *Transactions* > > > > > > > > > > > > > > > > > > > > > > The support for transactions in *classic topics* is based > > > on > > > > > precise > > > > > > > > > > > interactions between three actors: clients (mostly > > > producers, > > > > > but > > > > > > > > also > > > > > > > > > > > consumers), brokers (ReplicaManager and other classes), > > and > > > > > > > > transaction > > > > > > > > > > > coordinators. Brokers also run partition leaders with > > their > > > > > local > > > > > > > > state > > > > > > > > > > > (ProducerStateManager and others). > > > > > > > > > > > > > > > > > > > > > > The high level (some details skipped) workflow is the > > > > > following. > > > > > > > > When a > > > > > > > > > > > transactional Produce request is received by the broker: > > > > > > > > > > > 1. For each partition, the partition leader checks if a > > > > > non-empty > > > > > > > > > > > transaction is running for this partition. This is done > > > using > > > > > its > > > > > > > > local > > > > > > > > > > > state derived from the log metadata > > (ProducerStateManager, > > > > > > > > > > > VerificationStateEntry, VerificationGuard). > > > > > > > > > > > 2. The transaction coordinator is informed about all the > > > > > partitions > > > > > > > > that > > > > > > > > > > > aren’t part of the transaction to include them. > > > > > > > > > > > 3. The partition leaders do additional transactional > > > checks. > > > > > > > > > > > 4. The partition leaders append the transactional data to > > > > > their logs > > > > > > > > and > > > > > > > > > > > update some of their state (for example, log the fact > > that > > > the > > > > > > > > > > transaction > > > > > > > > > > > is running for the partition and its first offset). > > > > > > > > > > > > > > > > > > > > > > When the transaction is committed or aborted: > > > > > > > > > > > 1. The producer contacts the transaction coordinator > > > directly > > > > > with > > > > > > > > > > > EndTxnRequest. > > > > > > > > > > > 2. The transaction coordinator writes PREPARE_COMMIT or > > > > > > > > PREPARE_ABORT to > > > > > > > > > > > its log and responds to the producer. > > > > > > > > > > > 3. The transaction coordinator sends > > > WriteTxnMarkersRequest to > > > > > the > > > > > > > > > > leaders > > > > > > > > > > > of the involved partitions. > > > > > > > > > > > 4. The partition leaders write the transaction markers to > > > > > their logs > > > > > > > > and > > > > > > > > > > > respond to the coordinator. > > > > > > > > > > > 5. The coordinator writes the final transaction state > > > > > > > > COMPLETE_COMMIT or > > > > > > > > > > > COMPLETE_ABORT. > > > > > > > > > > > > > > > > > > > > > > In classic topics, partitions have leaders and lots of > > > > > important > > > > > > > > state > > > > > > > > > > > necessary for supporting this workflow is local. The main > > > > > challenge > > > > > > > > in > > > > > > > > > > > mapping this to Diskless comes from the fact there are no > > > > > partition > > > > > > > > > > > leaders, so the corresponding pieces of state need to be > > > > > globalized > > > > > > > > in > > > > > > > > > > the > > > > > > > > > > > batch coordinator. We are already doing this to support > > > > > idempotent > > > > > > > > > > produce. > > > > > > > > > > > > > > > > > > > > > > The high level workflow for *diskless topics* would look > > > very > > > > > > > > similar: > > > > > > > > > > > 1. For each partition, the broker checks if a non-empty > > > > > transaction > > > > > > > > is > > > > > > > > > > > running for this partition. In contrast to classic > > topics, > > > > > this is > > > > > > > > > > checked > > > > > > > > > > > against the batch coordinator with a single RPC. Since a > > > > > transaction > > > > > > > > > > could > > > > > > > > > > > be uniquely identified with producer ID and epoch, the > > > positive > > > > > > > > result of > > > > > > > > > > > this check could be cached locally (for the double > > > configured > > > > > > > > duration > > > > > > > > > > of a > > > > > > > > > > > transaction, for example). > > > > > > > > > > > 2. The same: The transaction coordinator is informed > > about > > > all > > > > > the > > > > > > > > > > > partitions that aren’t part of the transaction to include > > > them. > > > > > > > > > > > 3. No transactional checks are done on the broker side. > > > > > > > > > > > 4. The broker appends the transactional data to the > > current > > > > > shared > > > > > > > > WAL > > > > > > > > > > > segment. It doesn’t update any transaction-related state > > > for > > > > > Diskless > > > > > > > > > > > topics, because it doesn’t have any. > > > > > > > > > > > 5. The WAL segment is committed to the batch coordinator > > > like > > > > > in the > > > > > > > > > > > normal produce flow. > > > > > > > > > > > 6. The batch coordinator does the final transactional > > > checks > > > > > of the > > > > > > > > > > > batches. This procedure would output the same errors like > > > the > > > > > > > > partition > > > > > > > > > > > leader in classic topics would do. I.e. some batches > > could > > > be > > > > > > > > rejected. > > > > > > > > > > > This means, there will potentially be garbage in the WAL > > > > > segment > > > > > > > > file in > > > > > > > > > > > case of transactional errors. This is preferable to doing > > > more > > > > > > > > network > > > > > > > > > > > round trips, especially considering the WAL segments will > > > be > > > > > > > > relatively > > > > > > > > > > > short-living (see the Greg's update above). > > > > > > > > > > > > > > > > > > > > > > When the transaction is committed or aborted: > > > > > > > > > > > 1. The producer contacts the transaction coordinator > > > directly > > > > > with > > > > > > > > > > > EndTxnRequest. > > > > > > > > > > > 2. The transaction coordinator writes PREPARE_COMMIT or > > > > > > > > PREPARE_ABORT to > > > > > > > > > > > its log and responds to the producer. > > > > > > > > > > > 3. *[NEW]* The transaction coordinator informs the batch > > > > > coordinator > > > > > > > > that > > > > > > > > > > > the transaction is finished. > > > > > > > > > > > 4. *[NEW]* The batch coordinator saves that the > > > transaction is > > > > > > > > finished > > > > > > > > > > > and also inserts the control batches in the corresponding > > > logs > > > > > of the > > > > > > > > > > > involved Diskless topics. This happens only on the > > metadata > > > > > level, no > > > > > > > > > > > actual control batches are written to any file. They will > > > be > > > > > > > > dynamically > > > > > > > > > > > created on Fetch and other read operations. We could > > > > > technically > > > > > > > > write > > > > > > > > > > > these control batches for real, but this would mean extra > > > > > produce > > > > > > > > > > latency, > > > > > > > > > > > so it's better just to mark them in the batch coordinator > > > and > > > > > save > > > > > > > > these > > > > > > > > > > > milliseconds. > > > > > > > > > > > 5. The transaction coordinator sends > > > WriteTxnMarkersRequest to > > > > > the > > > > > > > > > > leaders > > > > > > > > > > > of the involved partitions. – Now only to classic topics > > > now. > > > > > > > > > > > 6. The partition leaders of classic topics write the > > > > > transaction > > > > > > > > markers > > > > > > > > > > > to their logs and respond to the coordinator. > > > > > > > > > > > 7. The coordinator writes the final transaction state > > > > > > > > COMPLETE_COMMIT or > > > > > > > > > > > COMPLETE_ABORT. > > > > > > > > > > > > > > > > > > > > > > Compared to the non-transactional produce flow, we get: > > > > > > > > > > > 1. An extra network round trip between brokers and the > > > batch > > > > > > > > coordinator > > > > > > > > > > > when a new partition appear in the transaction. To > > > mitigate the > > > > > > > > impact of > > > > > > > > > > > them: > > > > > > > > > > > - The results will be cached. > > > > > > > > > > > - The calls for multiple partitions in one Produce > > > request > > > > > will be > > > > > > > > > > > grouped. > > > > > > > > > > > - The batch coordinator should be optimized for fast > > > > > response to > > > > > > > > these > > > > > > > > > > > RPCs. > > > > > > > > > > > - The fact that a single producer normally will > > > communicate > > > > > with a > > > > > > > > > > > single broker for the duration of the transaction further > > > > > reduces the > > > > > > > > > > > expected number of round trips. > > > > > > > > > > > 2. An extra round trip between the transaction > > coordinator > > > and > > > > > batch > > > > > > > > > > > coordinator when a transaction is finished. > > > > > > > > > > > > > > > > > > > > > > With this proposal, transactions will also be able to > > span > > > both > > > > > > > > classic > > > > > > > > > > > and Diskless topics. > > > > > > > > > > > > > > > > > > > > > > *Queues* > > > > > > > > > > > > > > > > > > > > > > The share group coordination and management is a side job > > > that > > > > > > > > doesn't > > > > > > > > > > > interfere with the topic itself (leadership, replicas, > > > physical > > > > > > > > storage > > > > > > > > > > of > > > > > > > > > > > records, etc.) and non-queue producers and consumers > > > (Fetch and > > > > > > > > Produce > > > > > > > > > > > RPCs, consumer group-related RPCs are not affected.) We > > > don't > > > > > see any > > > > > > > > > > > reason why we can't make Diskless topics compatible with > > > share > > > > > > > > groups the > > > > > > > > > > > same way as classic topics are. Even on the code level, > > we > > > > > don't > > > > > > > > expect > > > > > > > > > > any > > > > > > > > > > > serious refactoring: the same reading routines are used > > > that > > > > > are > > > > > > > > used for > > > > > > > > > > > fetching (e.g. ReplicaManager.readFromLog). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Should the KIPs be modified to include this or it's too > > > > > > > > > > > implementation-focused? > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > Ivan > > > > > > > > > > > > > > > > > > > > > > On Wed, Sep 3, 2025, at 21:59, Greg Harris wrote: > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > > > > > Thank you all for your questions and design input on > > > > > KIP-1150. > > > > > > > > > > > > > > > > > > > > > > > > We have just updated KIP-1150 and KIP-1163 with a new > > > > > design. To > > > > > > > > > > > summarize > > > > > > > > > > > > the changes: > > > > > > > > > > > > > > > > > > > > > > > > 1. The design prioritizes integrating with the existing > > > > > KIP-405 > > > > > > > > Tiered > > > > > > > > > > > > Storage interfaces, permitting data produced to a > > > Diskless > > > > > topic > > > > > > > > to be > > > > > > > > > > > > moved to tiered storage. > > > > > > > > > > > > This lowers the scalability requirements for the Batch > > > > > Coordinator > > > > > > > > > > > > component, and allows Diskless to compose with Tiered > > > Storage > > > > > > > > plugin > > > > > > > > > > > > features such as encryption and alternative data > > formats. > > > > > > > > > > > > > > > > > > > > > > > > 2. Consumer fetches are now served from local segments, > > > > > making use > > > > > > > > of > > > > > > > > > > the > > > > > > > > > > > > indexes, page cache, request purgatory, and zero-copy > > > > > functionality > > > > > > > > > > > already > > > > > > > > > > > > built into classic topics. > > > > > > > > > > > > However, local segments are now considered cache > > > elements, > > > > > do not > > > > > > > > need > > > > > > > > > > to > > > > > > > > > > > > be durably stored, and can be built without contacting > > > any > > > > > other > > > > > > > > > > > replicas. > > > > > > > > > > > > > > > > > > > > > > > > 3. The design has been simplified substantially, by > > > removing > > > > > the > > > > > > > > > > previous > > > > > > > > > > > > Diskless consume flow, distributed cache component, and > > > > > "object > > > > > > > > > > > > compaction/merging" step. > > > > > > > > > > > > > > > > > > > > > > > > The design maintains leaderless produces as enabled by > > > the > > > > > Batch > > > > > > > > > > > > Coordinator, and the same latency profiles as the > > earlier > > > > > design, > > > > > > > > while > > > > > > > > > > > > being simpler and integrating better into the existing > > > > > ecosystem. > > > > > > > > > > > > > > > > > > > > > > > > Thanks, and we are eager to hear your feedback on the > > new > > > > > design. > > > > > > > > > > > > Greg Harris > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Jul 21, 2025 at 3:30 PM Jun Rao > > > > > <[email protected]> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > Hi, Jan, > > > > > > > > > > > > > > > > > > > > > > > > > > For me, the main gap of KIP-1150 is the support of > > all > > > > > existing > > > > > > > > > > client > > > > > > > > > > > > > APIs. Currently, there is no design for supporting > > APIs > > > > > like > > > > > > > > > > > transactions > > > > > > > > > > > > > and queues. > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > > > > > > > > > Jun > > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Jul 21, 2025 at 3:53 AM Jan Siekierski > > > > > > > > > > > > > <[email protected]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > Would it be a good time to ask for the current > > > status of > > > > > this > > > > > > > > KIP? > > > > > > > > > > I > > > > > > > > > > > > > > haven't seen much activity here for the past 2 > > > months, > > > > > the > > > > > > > > vote got > > > > > > > > > > > > > vetoed > > > > > > > > > > > > > > but I think the pending questions have been > > answered > > > > > since > > > > > > > > then. > > > > > > > > > > > KIP-1183 > > > > > > > > > > > > > > (AutoMQ's proposal) also didn't have any activity > > > since > > > > > May. > > > > > > > > > > > > > > > > > > > > > > > > > > > > In my eyes KIP-1150 and KIP-1183 are two real > > choices > > > > > that can > > > > > > > > be > > > > > > > > > > > > > > made, with a coordinator-based approach being by > > far > > > the > > > > > > > > dominant > > > > > > > > > > one > > > > > > > > > > > > > when > > > > > > > > > > > > > > it comes to market adoption - but all these are > > > > > standalone > > > > > > > > > > products. > > > > > > > > > > > > > > > > > > > > > > > > > > > > I'm a big fan of both approaches, but would hate to > > > see a > > > > > > > > stall. So > > > > > > > > > > > the > > > > > > > > > > > > > > question is: can we get an update? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Maybe it's time to start another vote? Colin > > McCabe - > > > > > have your > > > > > > > > > > > questions > > > > > > > > > > > > > > been answered? If not, is there anything I can do > > to > > > > > help? I'm > > > > > > > > > > deeply > > > > > > > > > > > > > > familiar with both architectures and have written > > > about > > > > > both? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Kind regards, > > > > > > > > > > > > > > Jan > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jun 24, 2025 at 10:42 AM Stanislav > > Kozlovski > > > < > > > > > > > > > > > > > > [email protected]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I have some nits - it may be useful to > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > a) group all the KIP email threads in the main > > one > > > > > (just a > > > > > > > > bunch > > > > > > > > > > of > > > > > > > > > > > > > links > > > > > > > > > > > > > > > to everything) > > > > > > > > > > > > > > > b) create the email threads > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > It's a bit hard to track it all - for example, I > > > was > > > > > > > > searching > > > > > > > > > > for > > > > > > > > > > > a > > > > > > > > > > > > > > > discuss thread for KIP-1165 for a while; As far > > as > > > I > > > > > can > > > > > > > > tell, it > > > > > > > > > > > > > doesn't > > > > > > > > > > > > > > > exist yet. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Since the KIPs are published (by virtue of having > > > the > > > > > root > > > > > > > > KIP be > > > > > > > > > > > > > > > published, having a DISCUSS thread and links to > > > > > sub-KIPs > > > > > > > > where > > > > > > > > > > were > > > > > > > > > > > > > aimed > > > > > > > > > > > > > > > to move the discussion towards), I think it would > > > be > > > > > good to > > > > > > > > > > create > > > > > > > > > > > > > > DISCUSS > > > > > > > > > > > > > > > threads for them all. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best, > > > > > > > > > > > > > > > Stan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 2025/04/16 11:58:22 Josep Prat wrote: > > > > > > > > > > > > > > > > Hi Kafka Devs! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > We want to start a new KIP discussion about > > > > > introducing a > > > > > > > > new > > > > > > > > > > > type of > > > > > > > > > > > > > > > > topics that would make use of Object Storage as > > > the > > > > > primary > > > > > > > > > > > source of > > > > > > > > > > > > > > > > storage. However, as this KIP is big we decided > > > to > > > > > split it > > > > > > > > > > into > > > > > > > > > > > > > > multiple > > > > > > > > > > > > > > > > related KIPs. > > > > > > > > > > > > > > > > We have the motivational KIP-1150 ( > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1150%3A+Diskless+Topics > > > > > > > > > > > > > > > ) > > > > > > > > > > > > > > > > that aims to discuss if Apache Kafka should aim > > > to > > > > > have > > > > > > > > this > > > > > > > > > > > type of > > > > > > > > > > > > > > > > feature at all. This KIP doesn't go onto > > details > > > on > > > > > how to > > > > > > > > > > > implement > > > > > > > > > > > > > > it. > > > > > > > > > > > > > > > > This follows the same approach used when we > > > discussed > > > > > > > > KRaft. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > But as we know that it is sometimes really hard > > > to > > > > > discuss > > > > > > > > on > > > > > > > > > > > that > > > > > > > > > > > > > meta > > > > > > > > > > > > > > > > level, we also created several sub-kips (linked > > > in > > > > > > > > KIP-1150) > > > > > > > > > > that > > > > > > > > > > > > > offer > > > > > > > > > > > > > > > an > > > > > > > > > > > > > > > > implementation of this feature. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > We kindly ask you to use the proper DISCUSS > > > threads > > > > > for > > > > > > > > each > > > > > > > > > > > type of > > > > > > > > > > > > > > > > concern and keep this one to discuss whether > > > Apache > > > > > Kafka > > > > > > > > wants > > > > > > > > > > > to > > > > > > > > > > > > > have > > > > > > > > > > > > > > > > this feature or not. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks in advance on behalf of all the authors > > of > > > > > this KIP. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------ > > > > > > > > > > > > > > > > Josep Prat > > > > > > > > > > > > > > > > Open Source Engineering Director, Aiven > > > > > > > > > > > > > > > > [email protected] | +491715557497 | > > > aiven.io > > > > > > > > > > > > > > > > Aiven Deutschland GmbH > > > > > > > > > > > > > > > > Alexanderufer 3-7, 10117 Berlin > > > > > > > > > > > > > > > > Geschäftsführer: Oskari Saarenmaa, Hannu > > > Valtonen, > > > > > > > > > > > > > > > > Anna Richardson, Kenneth Chen > > > > > > > > > > > > > > > > Amtsgericht Charlottenburg, HRB 209739 B > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
