Kafka brokers can be configured with multiple listeners, each bound to a different network interface and port. This allows for the separation of traffic types. Each listener can be assigned a distinct security protocol using the listener.security.protocol.map configuration property. For instance, an "INTERNAL" listener can be configured for inter-broker communication using PLAINTEXT within a secure network, while an "EXTERNAL" listener can be configured with SASLSSL for authenticated and encrypted client connections from outside the network. The inter.broker.listener.name property specifies which listener the brokers should use for their internal communication, completing the separation.

A. Configure multiple brokers.

Configuring multiple brokers is for scalability and fault tolerance, not for differentiating authentication mechanisms for internal and external traffic on a single broker.

C. Configure multiple security protocols on the same listener.

A single Kafka listener can only be configured with one security protocol (e.g., PLAINTEXT, SSL, SASLSSL). It cannot support multiple protocols simultaneously.

D. Configure LoadBalancer.

A load balancer distributes client traffic across brokers but does not configure the authentication methods on the brokers themselves. Authentication is a broker-level setting.

1. Confluent Documentation, "Configure Kafka Brokers": This document details the key configuration properties.

listeners: "A comma-separated list of listeners and the host/IP and port to which Kafka binds to for listening."

listener.security.protocol.map: "A map of listener names to security protocols... If you are using a different security protocol for inter-broker and client communication, you must define this property."

inter.broker.listener.name: "Name of the listener used for communication between brokers."

Source: Confluent Platform Documentation, Self-Managed Configuration, "Configure Kafka Brokers", Section on Networking.

2. Apache Kafka Documentation, "Security": The official Kafka documentation explains how listeners work in the context of security.

"It is common to configure several listeners on a broker... For example, an operator may configure a PLAINTEXT listener for traffic originating from the same datacenter and a SSL listener for traffic from outside."

Source: Apache Kafka Documentation, Version 3.7, Section 7.1 "Security".

3. KIP-103: Separation of Internal and External traffic: This Kafka Improvement Proposal is the official design document that introduced the functionality.

"This KIP proposes adding the ability to configure multiple listeners with different security protocols on a single broker and designating one of the listeners for inter-broker communication."

Source: Apache Kafka Confluence, KIP-103: Separation of Internal and External traffic.