We're not doing it in AWS, but we are doing it for other flows. The key to not having performance problems is to not consume over SSL. This means turning the previously recommended architecture around, and having the mirror makers located in the region that you are consuming from. This way you can consume plaintext and produce over SSL.
Obviously, encryption via produce still has some performance overhead. But modern processors have optimized instructions for encryption. And not doing it over the consume side avoids the hit on the brokers from losing the zero copy send. -Todd On Wednesday, July 6, 2016, Reenal Mahajan <reen...@gmail.com> wrote: > Hi, > > We have local kafka clusters in both us-east and us-west data centers in > AWS. We want to mirror the data in the other cluster so each region has all > the data. If we use Kafka MirrorMaker, the remote consumer will be > consuming data over the internet. Is there a way to encrypt this data > without turning SSL on. There would be some performance degradation and it > is not required in other scenarios. Has anyone tried doing cross-regional > replication in production? > > Thanks, > Reenal > -- *Todd Palino* Staff Site Reliability Engineer Data Infrastructure Streaming linkedin.com/in/toddpalino
