The Gap Between Working and Working Reliably
Here's the uncomfortable truth about Kafka: producing events feels trivially easy, but consuming them correctly under real-world conditions is where most distributed systems quietly break down. The gap isn't technical complexity—it's the difference between "it works in my tests" and "it works when nodes fail, traffic spikes, and Murphy's Law strikes."
Kafka doesn't guarantee correctness by default. It gives you primitives and asks you to build reliability on top. Most developers learn this the hard way when their "simple" consumer starts losing data, duplicating events, or falling behind under load.
The Hidden Failure Modes
Let me walk you through what actually breaks in production:
Auto-commit is a reliability trap. That innocent enable.auto.commit=true default? It commits offsets before you've actually processed messages. When your consumer crashes mid-processing, those messages are gone forever—Kafka thinks you handled them.
Rebalances happen more than you think. Every time a consumer joins or leaves your group, Kafka redistributes partitions. Without proper handling, you lose in-memory state and duplicate work. In one study, inactive consumer groups triggered 40% more rebalances, creating cascading performance issues.
Partition count becomes your scaling ceiling. If you have 10 partitions, you can never have more than 10 consumers in a group. Plan wrong early, and you're stuck with expensive data migration later.
<> "Kafka does not guarantee correctness by itself. It gives you primitives—offset management, consumer groups, partitioning—but assembling them into a reliable system requires intentional design choices."/>
Manual Offset Management: Your First Line of Defense
Ditch auto-commit immediately. Take control:
1Properties props = new Properties();
2props.put("enable.auto.commit", "false");
3props.put("max.poll.records", "500"); // Limit batch size
4props.put("max.poll.interval.ms", "300000"); // 5 mins for processing
5
6KafkaConsumer<String, String> consumer = new KafkaConsumer<>(props);
7
8while (true) {This gives you "at least once" semantics. Yes, you might process duplicates during failures, but you'll never lose data. Design your processing to be idempotent—the same message processed twice should have the same effect as processing it once.
Surviving Rebalances
Rebalances aren't optional—they're going to happen. Handle them gracefully:
1consumer.subscribe(Arrays.asList("your-topic"), new ConsumerRebalanceListener() {
2 @Override
3 public void onPartitionsRevoked(Collection<TopicPartition> partitions) {
4 // Save your state before losing partitions
5 commitCurrentOffsets();
6 saveProcessingState();
7 log.info("Partitions revoked: {}", partitions);
8 }Monitor your consumer lag religiously. If lag is growing, you have a bottleneck that will eventually cause timeouts and forced rebalances.
Configuration That Matters
These aren't just knobs to tune—they're reliability levers:
| Setting | Production Value | Why It Matters |
|---|---|---|
| `enable.auto.commit` | `false` | Manual control prevents data loss |
| `session.timeout.ms` | `10000` (10s) | Fast failure detection vs stability |
| `max.poll.interval.ms` | `300000` (5m) | Prevents timeout during slow processing |
| `max.poll.records` | `500` | Memory control, predictable batch sizes |
| Replication factor | `3` minimum | Survives single broker failure |
Partition Strategy: Plan for Scale
Partition count is your parallelism ceiling. Start with this formula:
Target Partitions = (Target Throughput) / (Partition Throughput)
Modern Kafka handles 50-100+ MB/s per partition, but test in your environment. More importantly, consider:
- Consumer scaling needs: How many parallel consumers do you want?
- Key distribution: Avoid low-cardinality keys like boolean flags—they create hot partitions
- Operational overhead: More partitions mean more metadata and longer rebalances
For skewed keys, add randomness:
1// Instead of just tenantId
2String partitionKey = tenantId + "-" + (messageId.hashCode() % 10);This spreads hot tenants across multiple partitions while maintaining some locality.
Error Handling That Actually Works
Don't let poison messages kill your consumer:
1try {
2 YourMessage message = deserializer.deserialize(record.value());
3 processMessage(message);
4} catch (SerializationException e) {
5 // Log and skip - don't let bad data stop the world
6 log.warn("Failed to deserialize message at offset {}: {}",
7 record.offset(), e.getMessage());
8 deadLetterProducer.send(new ProducerRecord<>("dead-letters", record));
9} catch (Exception e) {
10 // Decide: retry, skip, or fail?
11 // For transient issues, you might retry with exponential backoff
12 // For business logic failures, send to DLT and continue
13}Dead letter topics are your safety net. Route problematic messages there for later analysis without stopping your main processing flow.
Back-pressure and Memory Management
High-throughput systems need back-pressure. Don't just poll everything into memory:
1BlockingQueue<ConsumerRecord> processingQueue =
2 new ArrayBlockingQueue<>(1000); // Fixed size buffer
3
4// Producer thread (Kafka consumer)
5while (true) {
6 ConsumerRecords<String, String> records = consumer.poll(Duration.ofMillis(1000));
7 for (ConsumerRecord<String, String> record : records) {
8 try {This prevents memory explosions when processing can't keep up with ingestion.
Why This Matters
Every pattern here addresses a real production failure mode I've seen teams hit. The difference between a working Kafka consumer and a reliable one isn't complexity—it's intentional design for failure scenarios.
Start with manual offset management and proper rebalance handling. Add monitoring for lag and offset progression. Test what happens when you kill brokers, network partitions occur, and processing takes longer than expected.
The goal isn't perfect "exactly once" semantics (which are expensive and often unnecessary). It's building systems that degrade gracefully and recover predictably when things go wrong—because in production, they always do.
