Test Connectivity to Confluent Cloud¶
Kafka broker hosts in Confluent Cloud do not respond to ping
commands. To verify
connectivity to Confluent Cloud, use alternative options presented in this topic. You
can use the options in VPC peering, VNet peering, AWS Transit Gateway, and
public network deployments to test connectivity to Kafka cluster and the Kafka
REST endpoint before whitelisting those endpoints. Note that you need to
whitelist both endpoints (ports 9092
and 443
) on your firewall for the
Confluent CLI to work.
For verifying connectivity using private links, see:
- Validate connectivity to Confluent Cloud using AWS PrivateLinks.
- Validate connectivity to Confluent Cloud using Azure Private Links.
- Validate connectivity to Confluent Cloud using Google Cloud Private Service Connects.
To verify connectivity to a Confluent Cloud cluster:
Go to the cluster in the Confluent Cloud Console.
Click Cluster settings under Cluster Overview.
In the General tab of the Cluster settings page, retrieve the URL of the Bootstrap server.
Note that the host addresses of the bootstrap server and the REST endpoint are the same, and only the port numbers differ. So to test connections, the host addresses of both are denoted as
<boostrap-url>
in this topic.Run one of the following commands, substituting
<bootstrap-url>
with the Kafka bootstrap server URL that you retrieved in the previous step: OpenSSL, Netcat, TelnetUse port
9092
to test the connection to the Kafka bootstrap server, and port443
to test the connection to the Kafka REST endpoint.For public endpoint clusters, run the command from any computer that has internet access.
For VPC peering, VNet peering, and AWS Transit Gateway, run the command from within the customer VPC or VNet that is connected to the Confluent Cloud cluster.
If successful, you will see a connection success message, and if there is a problem reaching the cluster, the commands will time out with an error.
openSSL
openssl s_client -connect <bootstrap-url>:9092 openssl s_client -connect <bootstrap-url>:443
For details, see the openSSL documentation for the -connect option.
Netcat
nc -zv <bootstrap-url> 9092 nc -zv <bootstrap-url> 443
Telnet
telnet <bootstrap-url> 9092 telnet <bootstrap-url> 443