[GitHub] [kafka] dpoldrugo opened a new pull request #10059: KAFKA-8562: SaslChannelBuilder - avoid (reverse) DNS lookup while building underlying SslTransportLayer

Thu, 04 Feb 2021 14:01:04 -0800 


dpoldrugo opened a new pull request #10059:
URL: https://github.com/apache/kafka/pull/10059


   Description:
   As suggested by @omkreddy in this 
[comment](https://issues.apache.org/jira/browse/KAFKA-8562?focusedCommentId=16912437&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16912437),
 implemented avoiding (reverse) DNS lookup while building underlying 
SslTransportLayer.
   
   How the problem manifested:
   When clients or other brokers are connecting to a broker using SASL_SSL, a 
broker was doing (reverse) DNS lookup and if there is no PTR Record, the lookup 
could last several seconds, which in the end caused big latencies on several 
parts of the system... replication, consume requests and produce requests.
   Here you can see a recorded sample: 
   <img width="1357" alt="KAFKA-8562 reverse DNS sampling" 
src="https://user-images.githubusercontent.com/1514332/106959147-9033a580-673a-11eb-9575-4b9fe986cb30.png";>
   Also, here is a Wireshark packet capture for DNS requests, and in this case 
you can see that it lasted more then 11 seconds:
   ![KAFKA-8562 wireshark dns packet 
capture](https://user-images.githubusercontent.com/1514332/106960332-37650c80-673c-11eb-91ab-9cab8dd4873d.png)
   When using PLAINTEXT or SSL, this problem doesn't manifest.
   
   Solution:
   In #2835 , @rajinisivaram already added a helper method 
`SslChannelBuilder.peerHost`, so I just moved it to a new class called 
`ChannelBuilderUtils` and used it in `SaslChannelBuilder.buildTransportLayer` 
method.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to