Cassandra Inter-node (TLS)
What is Port 7001?
Port 7001 is the default port for TLS-encrypted inter-node communication in Apache Cassandra clusters. When internode encryption is enabled in Cassandra's configuration, nodes use port 7001 instead of port 7000 for their gossip protocol and data replication traffic. This ensures that all data exchanged between Cassandra nodes — including replicated data, schema changes, and cluster state information — is encrypted in transit. TLS internode communication is essential for Cassandra deployments that handle sensitive data or operate across untrusted network segments, such as multi-datacenter deployments or cloud environments.
Common Uses
- Encrypted Cassandra cluster communication
- Secure gossip protocol between nodes
- Encrypted data replication across data centers
- Compliance-mandated encrypted cluster traffic
Technical Details
Copy-paste commands to check port 7001 (Cassandra Inter-node (TLS)) from your terminal
Test connectivity
nc -zv example.com 7001
curl -v --max-time 5 http://example.com:7001/
telnet example.com 7001
nmap -p 7001 -sV example.com
(echo > /dev/tcp/example.com/7001) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 7001/tcp
sudo iptables -A INPUT -p tcp --dport 7001 -j ACCEPT
sudo firewall-cmd --permanent --add-port=7001/tcp && sudo firewall-cmd --reload
Security Considerations
Use valid TLS certificates for all cluster nodes. Implement mutual TLS (mTLS) to prevent unauthorized nodes from joining. Rotate certificates regularly. Restrict port 7001 access to cluster member IPs only. Monitor certificate expiration to prevent cluster communication failures.
Popular Ports Reference
The most commonly used and referenced network ports