Test Connectivity to Confluent Cloud

Because brokers in Confluent Cloud do not respond to ping commands, you can use the following options to verify connectivity to a cluster. This is useful for verifying connections in VPC peering, VNet peering, AWS Transit Gateway, and public network deployments.

To verify connectivity to a Confluent Cloud cluster:

  1. Go to the cluster in the Confluent Cloud Console.
  2. Click Cluster settings. The Cluster settings page displays.
  3. Click the General tab and find the URL for Bootstrap server, which is listed in the Identification section.
  4. Run one of the following commands, substituting <bootstrap-url> with the bootstrap server URL.
    • For public endpoint clusters, run the command from any computer that has internet access.
    • For VPC peering, VNet peering, AWS Transit Gateway, AWS PrivateLink, and Azure Private Link, run the command from within the customer VPC or VNet that is connected to the Confluent Cloud cluster.


openssl s_client -connect <host>:<port>

Test connectivity to your cluster by running the openssl s_client -connect command, using the URL for the bootstrap server. The bootstrap URL from the Confluent Cloud Console includes the <host> value and 9092 for the <port> value.

To run the openssl s_client -connect command, the -connect option requires that you specify the host and the port number. For details, see the openssl documentation for the -connect option option in the openssl s_client documentation.

If successful, you will see a CONNECTED message similar to this:

depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let\'s Encrypt, CN = R3
verify return:1
depth=0 CN = *.us-west-2.aws.confluent.cloud
verify return:1

If there is a problem reaching the cluster, then the command waits until a timeout occurs and then prints an error, such as connect: Operation timed out.


nc -zv <bootstrap-host> 9092

Connection to <bootstrap-url> port 9092 [tcp/XmlIpcRegSvc] succeeded!

If the connection fails, you will see a message similar to this:

connect to <bootstrap-url> port 9092 (tcp) failed: Connection timed out.


telnet <bootstrap-url> 9092

If successful, you will see a message similar to this:

Connected to <bootstrap-url>.
Escape character is '^]'.