Configure Availability
Optimize the availability of your clusters by configuring and tuning Redpanda cluster properties.
Limit Client Connections
A malicious Kafka client application may create many network connections to execute its attacks. A poorly configured application may also create an excessive number of connections. To mitigate the risk of a client creating too many connections and using too many system resources, you can configure a Redpanda cluster to impose limits on the number of created client connections for its Kafka protocol server nodes.
The following cluster properties limit the number of connections:
- kafka_connections_max: Similar to Kafka's
max.connections, this property sets the maximum number of connections created by a node. - kafka_connections_max_per_ip: Similar to Kafka's
max.connections.per.ip, this property sets the maximum number of connections created per IP address by a node. - kafka_connections_max_overrides: A list of IP addresses for which kafka_connections_max_per_ip is overridden and doesn't apply.
Redpanda also provides properties to manage the rate of connection creation:
- kafka_connection_rate_limit: This property limits the maximum rate of connections created per second. It applies per CPU core.
- kafka_connection_rate_limit_overrides: A list of IP addresses for which kafka_connection_rate_limit is overridden and doesn't apply.
notes
- These connection limit properties are disabled by default. You must manually enable them.
- Typically, a client opens two or three connections, so the total number of connections is not equal to the number of clients. For example, to support 100 clients, you might set your connection limit to 300.