Description: 使用SASL / SCRAM或SASL / PLAINTEXT进行身份验证大约需要9秒钟才能完成 . 这是正常的吗?

How to reproduce:

  • 一个Kafka代理实例(v1.1.0)

  • 一个C# 生产环境 者(Confluent Kafka Client v0.11.4)执行以下操作:

var producerConfig =    
               PropertiesUtils.ReadPropertiesFile("producer.properties");

           using (var producer = new Producer(producerConfig, null, new StringSerializer(Encoding.UTF8)))
           {
               while (true)
               {
                   Console.Write("message: ");
                   string msg = Console.ReadLine();

                   producer.ProduceAsync("test-topic", null, msg);
               }
           }
  • 一个C#使用者(Confluent Kafka Client v0.11.4)执行以下操作:
var config = PropertiesUtils.ReadPropertiesFile("consumer.properties");

            using (var consumer = new Consumer(config, null, new StringDeserializer(Encoding.UTF8)))
            {
                consumer.OnMessage += (_, msg)
                      =>
                {
                    Console.WriteLine(msg.Value);
                };

                consumer.OnError += (_, error)
                  => Console.WriteLine($"Error: {error}");

                consumer.OnConsumeError += (_, msg)
                  => Console.WriteLine($"Consume error ({msg.TopicPartitionOffset}): {msg.Error}");

                consumer.Subscribe("test-topic");

                while (true)
                {
                    try
                    {
                        consumer.Poll(TimeSpan.FromMilliseconds(1000));
                    }
                    catch(Exception e)
                    {
                        Console.WriteLine(e.Message);
                    }
                }
            }
  • server.properties:

broker.id = 0 num.network.threads = 3 num.io.threads = 8 socket.send.buffer.bytes = 102400 socket.receive.buffer.bytes = 102400 socket.request.max.bytes = 104857600 session.timeout .ms = 1000 group.initial.rebalance.delay.ms = 0 listeners = SASL_SSL:// localhost:9093 ssl.keystore.type = JKS ssl.keystore.location = ... ssl.keystore.password = ... ssl .key.password = ... ssl.truststore.type = JKS ssl.truststore.location = ... ssl.truststore.password = ... ssl.protocol = TLS ssl.enabled.protocols = TLSv1.2,TLSv1 . 1,TLSv1 ssl.client.auth = required security.inter.broker.protocol = SASL_SSL ssl.secure.random.implementation = SHA1PRNG sasl.enabled.mechanisms = PLAIN,SCRAM-SHA-256 sasl.mechanism.inter.broker.protocol = PLAIN log.dirs = ... num.partitions = 1 num.recovery.threads.per.data.dir = 1 offsets.topic.replication.factor = 1 transaction.state.log.replication.factor = 1 transaction.state .log.min.isr = 1 log.retention.hours = 168 log.retention.bytes = 1073741824 log.segment.bytes = 1073741824 log.retention.check.interval.ms = 300000 num.replica.fetchers = 1 zookeeper.connect = localhost:2181 zookeeper.connection.timeout.ms = 6000 group.initial.rebalance.delay.ms = 0

  • consumer.properties:

bootstrap.servers = localhost:9093 group.id = test-consumer-group fetch.min.bytes = 1 fetch.wait.max.ms = 1 auto.offset.reset = latest socket.blocking.max.ms = 1 fetch .error.backoff.ms = 1 ssl.ca.location = ... ssl.certificate.location = ... ssl.key.location = ... ssl.key.password = .. security.protocol = SASL_SSL sasl . mechanisms = PLAIN sasl.username = ... sasl.password = ...

  • producer.properties

bootstrap.servers = localhost:9093 compression.type = none linger.ms = 0 retries = 0 acks = 0 ssl.ca.location = ... ssl.certificate.location = ... ssl.key.location = .. .ssl.key.password = ... security.protocol = SASL_SSL sasl.mechanisms = PLAIN sasl.username = ... sasl.password = ...

  • 运行消费者 . 从请求到完成,完成SASL握手大约需要9秒钟 . 这是日志:

[2018-07-06 17:03:37,673] DEBUG将SASL服务器状态设置为HANDSHAKE_OR_VERSIONS_REQUEST(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:37,673] DEBUG处理Kafka请求API_VERSIONS(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:37,673] DEBUG将SASL服务器状态设置为HANDSHAKE_REQUEST(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator )[2018-07-06 17:03:37,673] DEBUG处理Kafka请求SASL_HANDSHAKE(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:37,674] DEBUG使用SASL机制' PLAIN'由客户端提供(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:46,805] DEBUG将SASL服务器状态设置为AUTHENTICATE(org.apache.kafka.common.security . authenticator.SaslServerAuthenticator)[2018-07-06 17:03:46,807] DEBUG将SASL服务器状态设置为COMPLETE(org.apache.kafka.common.security.authentica tor.SaslServerAuthenticator)

Remarks

  • 我在运行 生产环境 者时观察到相同的持续时间

  • 我在使用SCRAM-256进行身份验证时观察到相同的持续时间

  • 我在运行Java客户端时观察到相同的持续时间( kafka-console-consumerkafka-console-producer

UPDATE: 按照@edenhill的建议当我在Ubuntu虚拟机上设置代理并从Windows连接客户端时,不再观察到延迟 . 我想知道为什么SSL握手和SASL身份验证在Windows上都需要10秒钟!

c# security apache-kafka confluent-kafka