How can I confirm Network Access to Ably?

A breakdown of a simple curl command which provides lots of useful information for debugging and Support.

Below is an example of a curl session against the Ably REST API which retrieves the current time, and provides verbose output of the TLS connection. The command outputs details of the TLS key exchange, SSL certificate verification, and HTTP headers. This information is useful for identifying whether there is any problem connecting to the Ably platform.

If you are experiencing connection issues, please include the text output of this command when submitting a Support Case to Ably.

Here is the command:
curl -v -s -w "\n time_namelookup: %{time_namelookup}\n \
time_connect: %{time_connect}\n \
time_appconnect: %{time_appconnect}\n \
time_pretransfer: %{time_pretransfer}\n \
time_redirect: %{time_redirect}\n \
time_starttransfer: %{time_starttransfer}\n \
time_total: %{time_total}\n" \
https://rest.ably.io/time

Here is example output from such a session with explanations. Items prefixed with * are related to the certificate exchange and setup. Items prefixed with > are the request. Items prefixed with < are the response. The timings given after the session has completed are computed from the -w/--write-out statistics (see https://curl.se/docs/manpage.html for a complete field listing).

$ curl -v -s -w "\n time_namelookup: %{time_namelookup}\n \
time_connect: %{time_connect}\n \
time_appconnect: %{time_appconnect}\n \
time_pretransfer: %{time_pretransfer}\n \
time_redirect: %{time_redirect}\n \
time_starttransfer: %{time_starttransfer}\n \
time_total: %{time_total}\n" \
https://rest.ably.io/time
*   Trying 65.9.80.150:443...
* Connected to rest.ably.io (65.9.80.150) port 443 (#0)

At this point, the initial TCP handshake is complete and the connection is open to Ably

* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs

The connection is taking place over http v1.1, and the SSL certificates will be verified against the CAfile and CApath locations specified.

* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.ably.io
*  start date: Jul  9 00:00:00 2021 GMT
*  expire date: Aug  7 23:59:59 2022 GMT
*  subjectAltName: host "rest.ably.io" matched cert's "*.ably.io"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x556c2c388b30)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):

The certificate exchange has now completed successfully. The SSL certificate has been verified and the connection is now secure. Any data exchanged from this point onwards will be encrypted.

> GET /time HTTP/2
> Host: rest.ably.io
> user-agent: curl/7.81.0
> accept: */*
>

The request is sent, along with the HTTP headers.

* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< content-type: application/json
< content-length: 18
< access-control-allow-credentials: true
< access-control-allow-origin: *
< access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,Server
< date: Wed, 02 Mar 2022 16:40:45 GMT
< vary: Origin
< x-ably-serverid: frontend.81f1.2.eu-central-1-A.i-0ce167ca8b5162bf5.e91oCmz8AB8jPK
< x-robots-tag: noindex
< x-cache: Miss from cloudfront
< via: 1.1 9385401cebb473e4ed1da6c81b927c52.cloudfront.net (CloudFront)
< x-amz-cf-pop: AMS1-C1
< x-amz-cf-id: GBBeM-2xEShYIUm4wzlx4CzsAd9FpCVb9xNrykn0v47-I6oev5SS0Q==
<

The HTTP headers are received from the remote server.

[
  1646239245073
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host rest.ably.io left intact
]

The data is returned, in this case the current time as a Unix Timestamp (see https://www.unixtimestamp.com)

 time_namelookup:  0.014649
time_connect: 0.030503
time_appconnect: 0.092318
time_pretransfer: 0.092453
time_redirect: 0.000000
time_starttransfer: 0.118654
time_total: 0.118876

These statistics are printed afterwards to record the time spent in each portion of the connection.