Configuring TCP Routing in TAS for VMs

Page last updated:

This topic describes how to enable the TCP routing feature in a VMware Tanzu Application Service for VMs (TAS for VMs) deployment.

Breaking Change: If you have mutual TLS app identity verification enabled, Envoy only recognizes communications from the Gorouter. Therefore, TCP no longer works.

Overview

TCP routing enables apps that require inbound requests on non-HTTP protocols to run on Ops Manager.

Prerequisite

Before enabling TCP routing, review the pre-deployment steps that describe required networking infrastructure changes. For more information, see Pre-Deployment Steps in Enabling TCP Routing.

Enable TCP Routing

TCP routing is disabled by default.

To enable TCP routing:

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click the TAS for VMs tile.

  3. Select Networking.

  4. Under TCP routing, select Enable.

  5. For TCP router IPs, enter the IP addresses to assign to the TCP routers. You can enter multiple values as a comma-separated list or as a range. For example, 10.254.0.1, 10.254.0.2 or 10.254.0.1-10.254.0.2. The addresses must be within your subnet CIDR block. These are the same IP addresses with which you configured your load balancer in Pre-Deployment Steps in Enabling TCP Routing, unless you configured DNS to resolve the TCP domain name directly to an IP for the TCP router.

  6. For TCP routing ports, enter one or more ports to which the load balancer forwards requests. To support multiple TCP routes, VMware recommends allocating multiple ports. Do one of the following:

    • To allocate a single port or range of ports, enter a single port or a range of ports.

      Note: If you configured AWS for TAS for VMs manually, enter 1024-1123 which corresponds to the rules you created for -tcp-elb.

    • To allocate a list of ports:
      1. Enter a single port in the TCP routing ports field.
      2. After deploying TAS for VMs, follow the procedure in Configuring a List of TCP Routing Ports in VMware Tanzu Application Service for VMs v2.3 Release Notes to add TCP routing ports using the cf CLI.
  7. (Optional) For TCP request timeout, modify the default value of 300 seconds. This field determines when the TCP router closes idle connections from clients to apps that use TCP routes. You may want to increase this value to enable developers to push apps that require long-running idle connections with clients.

  8. For AWS, Azure, or GCP Ops Manager deployments, add the name of your load balancer to the TCP Router field in the Resource Config pane of the TAS for VMs tile. For more information, see Configuring Load Balancing for TAS for VMs.

Disable TCP Routing

To disable TCP routing:

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click the TAS for VMs tile.

  3. Select Networking.

  4. Under TCP routing, select Disable.

  5. Manually remove the TCP routing domain.