[
https://issues.apache.org/jira/browse/KAFKA-1555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14143352#comment-14143352
]
Gwen Shapira commented on KAFKA-1555:
-------------------------------------
Hi Sriram,
Thank you for raising these concerns.
Here are some points regarding the drawbacks:
1. This is exactly how it works right now. If you'll build Kafka with the patch
I uploaded, you'll be able to use build/kafka-topics.sh to create/alter topics
with min.insync.replicas parameter specified in --config flag.
2. Absolutely. [~junrao] explained how to can work (simply ignore the
NotEnoughReplicas exception). The only issue we currently have is the retries,
which can also be resolved by the client.
3. I disagree that this is what we are trying to solve. We are trying to give
admins more control over what "durable writes" mean for specific topics. For my
use-case, I'd like to have majority-write. This can be done for a 3-replica
topic by setting min.insync.replicas to 2. If I wanted "all replicas", I can
set min.insync.replicas=3, and if I want just ISR, I can set
min.insync.replicas=1.
As you can see, the current solution is very flexible and supports multiple
durability requirements. It satisfies both your use-case and mine. I agree that
this requires a bit more understanding of what you are trying to achieve, but I
think I can document it in a way thats fairly easy to understand (with some
common examples, as I explained above).
> provide strong consistency with reasonable availability
> -------------------------------------------------------
>
> Key: KAFKA-1555
> URL: https://issues.apache.org/jira/browse/KAFKA-1555
> Project: Kafka
> Issue Type: Improvement
> Components: controller
> Affects Versions: 0.8.1.1
> Reporter: Jiang Wu
> Assignee: Gwen Shapira
> Fix For: 0.8.2
>
> Attachments: KAFKA-1555.0.patch, KAFKA-1555.1.patch
>
>
> In a mission critical application, we expect a kafka cluster with 3 brokers
> can satisfy two requirements:
> 1. When 1 broker is down, no message loss or service blocking happens.
> 2. In worse cases such as two brokers are down, service can be blocked, but
> no message loss happens.
> We found that current kafka versoin (0.8.1.1) cannot achieve the requirements
> due to its three behaviors:
> 1. when choosing a new leader from 2 followers in ISR, the one with less
> messages may be chosen as the leader.
> 2. even when replica.lag.max.messages=0, a follower can stay in ISR when it
> has less messages than the leader.
> 3. ISR can contains only 1 broker, therefore acknowledged messages may be
> stored in only 1 broker.
> The following is an analytical proof.
> We consider a cluster with 3 brokers and a topic with 3 replicas, and assume
> that at the beginning, all 3 replicas, leader A, followers B and C, are in
> sync, i.e., they have the same messages and are all in ISR.
> According to the value of request.required.acks (acks for short), there are
> the following cases.
> 1. acks=0, 1, 3. Obviously these settings do not satisfy the requirement.
> 2. acks=2. Producer sends a message m. It's acknowledged by A and B. At this
> time, although C hasn't received m, C is still in ISR. If A is killed, C can
> be elected as the new leader, and consumers will miss m.
> 3. acks=-1. B and C restart and are removed from ISR. Producer sends a
> message m to A, and receives an acknowledgement. Disk failure happens in A
> before B and C replicate m. Message m is lost.
> In summary, any existing configuration cannot satisfy the requirements.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
