kafka network_error ai_generated true

java.net.ConnectException: Connection refused (Connection refused) at org.apache.kafka.clients.NetworkClient

ID: kafka/network-exception-connection-refused

Also available as: JSON · Markdown · 中文
95%Fix Rate
90%Confidence
1Evidence
2023-06-01First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Kafka 3.0.0 active
Kafka 3.1.0 active
Kafka 3.2.0 active
Kafka 3.5.0 active

Root Cause

Kafka client cannot establish a TCP connection to the broker because the broker port is not listening or a firewall is blocking the port.

generic

中文

Kafka客户端无法与代理建立TCP连接,因为代理端口未监听或防火墙阻止了该端口。

Official Documentation

https://kafka.apache.org/documentation/#brokerconfigs_listeners

Workarounds

  1. 95% success Verify broker is listening on the correct port and address. Command: netstat -tlnp | grep 9092 # Should show LISTEN with Kafka process # If not, check broker logs: grep -i 'listener' /var/log/kafka/server.log # Ensure listeners=PLAINTEXT://0.0.0.0:9092 in server.properties # Restart broker: kafka-server-stop.sh && kafka-server-start.sh -daemon config/server.properties 
    Verify broker is listening on the correct port and address.
Command:
netstat -tlnp | grep 9092
# Should show LISTEN with Kafka process
# If not, check broker logs:
grep -i 'listener' /var/log/kafka/server.log
# Ensure listeners=PLAINTEXT://0.0.0.0:9092 in server.properties
# Restart broker:
kafka-server-stop.sh && kafka-server-start.sh -daemon config/server.properties
  2. 93% success Check firewall rules and allow inbound traffic on port 9092. Command: sudo ufw status | grep 9092 # If not allowed: sudo ufw allow 9092/tcp # For iptables: iptables -A INPUT -p tcp --dport 9092 -j ACCEPT # Test connectivity from client: telnet broker-host 9092 
    Check firewall rules and allow inbound traffic on port 9092.
Command:
sudo ufw status | grep 9092
# If not allowed:
sudo ufw allow 9092/tcp
# For iptables:
iptables -A INPUT -p tcp --dport 9092 -j ACCEPT
# Test connectivity from client:
telnet broker-host 9092

中文步骤

  1. Verify broker is listening on the correct port and address.
Command:
netstat -tlnp | grep 9092
# Should show LISTEN with Kafka process
# If not, check broker logs:
grep -i 'listener' /var/log/kafka/server.log
# Ensure listeners=PLAINTEXT://0.0.0.0:9092 in server.properties
# Restart broker:
kafka-server-stop.sh && kafka-server-start.sh -daemon config/server.properties
  2. Check firewall rules and allow inbound traffic on port 9092.
Command:
sudo ufw status | grep 9092
# If not allowed:
sudo ufw allow 9092/tcp
# For iptables:
iptables -A INPUT -p tcp --dport 9092 -j ACCEPT
# Test connectivity from client:
telnet broker-host 9092

Dead Ends

Common approaches that don't work:

  1. Change advertised.listeners to localhost 80% fail

    If broker is on a different host, localhost prevents external connections; the issue is port, not hostname.

  2. Increase request.timeout.ms in client config 95% fail

    Timeout does not fix connection refusal; the TCP handshake fails immediately.

  3. Disable SSL/TLS in broker config 60% fail

    If broker expects SSL, disabling it causes auth errors; connection refusal is often port-based.