Test Connectivity to Confluent Cloud

Kafka broker hosts in Confluent Cloud do not respond to ping commands. To verify connectivity to Confluent Cloud, use alternative options presented in this topic. You can use the options in VPC peering, VNet peering, AWS Transit Gateway, and public network deployments to test connectivity to Kafka cluster and the Kafka REST endpoint before whitelisting those endpoints. Note that you need to whitelist both endpoints (ports 9092 and 443) on your firewall for the Confluent CLI to work.

For verifying connectivity using private links, see:

• Validate connectivity to Confluent Cloud using AWS PrivateLinks.
• Validate connectivity to Confluent Cloud using Azure Private Links.
• Validate connectivity to Confluent Cloud using Google Cloud Private Service Connects.

To verify connectivity to a Confluent Cloud cluster:

1. Go to the cluster in the Confluent Cloud Console.

2. Click Cluster settings under Cluster Overview.

3. In the General tab of the Cluster settings page, retrieve the URL of the Bootstrap server.

   Note that the host addresses of the bootstrap server and the REST endpoint are the same, and only the port numbers differ. So to test connections, the host addresses of both are denoted as <boostrap-url> in this topic.

4. Run one of the following commands, substituting <bootstrap-url> with the Kafka bootstrap server URL that you retrieved in the previous step: OpenSSL, Netcat, Telnet

   Use port 9092 to test the connection to the Kafka bootstrap server, and port 443 to test the connection to the Kafka REST endpoint.

   For public endpoint clusters, run the command from any computer that has internet access.

   For VPC peering, VNet peering, and AWS Transit Gateway, run the command from within the customer VPC or VNet that is connected to the Confluent Cloud cluster.

   If successful, you will see a connection success message, and if there is a problem reaching the cluster, the commands will time out with an error.

   • openSSL

     openssl s_client -connect <bootstrap-url>:9092
     
     openssl s_client -connect <bootstrap-url>:443
     

     For details, see the openSSL documentation for the -connect option.

   • Netcat

     nc -zv <bootstrap-url> 9092
     
     nc -zv <bootstrap-url> 443
     

   • Telnet

     telnet <bootstrap-url> 9092
     
     telnet <bootstrap-url> 443