kafka
network_error
ai_generated
true
java.net.ConnectException: 连接被拒绝(Connection refused)在org.apache.kafka.clients.NetworkClient
java.net.ConnectException: Connection refused (Connection refused) at org.apache.kafka.clients.NetworkClient
ID: kafka/network-exception-connection-refused
95%修复率
90%置信度
1证据数
2023-06-01首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Kafka 3.0.0 | active | — | — | — |
| Kafka 3.1.0 | active | — | — | — |
| Kafka 3.2.0 | active | — | — | — |
| Kafka 3.5.0 | active | — | — | — |
根因分析
Kafka客户端无法与代理建立TCP连接,因为代理端口未监听或防火墙阻止了该端口。
English
Kafka client cannot establish a TCP connection to the broker because the broker port is not listening or a firewall is blocking the port.
官方文档
https://kafka.apache.org/documentation/#brokerconfigs_listeners解决方案
-
Verify broker is listening on the correct port and address. Command: netstat -tlnp | grep 9092 # Should show LISTEN with Kafka process # If not, check broker logs: grep -i 'listener' /var/log/kafka/server.log # Ensure listeners=PLAINTEXT://0.0.0.0:9092 in server.properties # Restart broker: kafka-server-stop.sh && kafka-server-start.sh -daemon config/server.properties
-
Check firewall rules and allow inbound traffic on port 9092. Command: sudo ufw status | grep 9092 # If not allowed: sudo ufw allow 9092/tcp # For iptables: iptables -A INPUT -p tcp --dport 9092 -j ACCEPT # Test connectivity from client: telnet broker-host 9092
无效尝试
常见但无效的做法:
-
Change advertised.listeners to localhost
80% 失败
If broker is on a different host, localhost prevents external connections; the issue is port, not hostname.
-
Increase request.timeout.ms in client config
95% 失败
Timeout does not fix connection refusal; the TCP handshake fails immediately.
-
Disable SSL/TLS in broker config
60% 失败
If broker expects SSL, disabling it causes auth errors; connection refusal is often port-based.