[GitHub] [kafka] cmccabe commented on pull request #13572: KAFKA-14908: Set setReuseAddress on the kafka server socket

["cmccabe (via GitHub)" <gi...@apache.org>]

cmccabe commented on PR #13572:
URL: https://github.com/apache/kafka/pull/13572#issuecomment-1516694321

   Hi all,
   
   Unfortunately I had to revert this. This is a change to our public API since it will allow multiple Kafka servers to be started on the same port. This kind of change needs a KIP (Kafka Improvement Proposal) so we can discuss the pros and cons.
   
   The change also does very different things on different operating systems. There is a rundown here: https://stackoverflow.com/questions/14388706/how-do-so-reuseaddr-and-so-reuseport-differ
   
   > Security: SO_REUSEADDR can allow an attacker to perform DDOS by creating a genuine connection with same IP and port. Prior to this change, the TIME_WAIT state of the socket would have prevented immediate re-connection. This is an acceptable risk for Kafka because we have connection throttling available in code for IP addresses and a user may choose to configure it to prevent a DDOS.
   
   Again, this needs a KIP so we can discuss whether the increased DDOS risk is acceptable or not. The answer may be different for different users.
   
   Personally, I think that at minimum SO_REUSEADDR should be an option (not mandatory) and probably not the default.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org