Loggregator Network Communications
Page last updated:
This topic describes Loggregator internal network communication paths with other Pivotal Application Service (PAS) components.
For more information about Loggregator components and architecture, see Loggregator Components and Architecture.
Loggregator Communications
The following table lists network communication paths for Loggregator:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| Any* | loggregator_trafficcontroller | 8081 | TCP | HTTP/WebSocket | OAuth |
| Any VM running Loggregator Agent | doppler | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller | doppler | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller | uaa | 8443 | TCP | HTTPS | TLS |
| loggregator_trafficcontroller | cloud_controller | 9023 | TCP | HTTPS | Mutual TLS |
| loggregator_trafficcontroller (Reverse Log Proxy) | doppler | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller (Route Registrar) | nats | 4222 | TCP | NATS | Basic authentication |
| loggregator_trafficcontroller (Metrics Forwarder) | BOSH Director (Metrics Server) | 25555 and 8443 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller | doppler (Log Cache) | 8080 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller (Reverse Log Proxy Gateway) | cloud_controller | 9023 | TCP | HTTPS | Mutual TLS |
| Any* | loggregator_trafficcontroller (Reverse Log Proxy Gateway) | 8088 | TCP | HTTP/Server Sent Events | OAuth |
*Any source VM can send requests to the specified destination within its subnet.
**Any host configured through a user-provided service binding with a syslog URL.
***Any port configured through a user-provided service binding with syslog URL.
****Basic authentication only supported for HTTPS syslog drains.
Log Cache Communications
The following table lists network communication paths for Log Cache:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| loggregator_trafficcontroller (Reverse Log Proxy) | log-cache (Nozzle) | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| Any* | log-cache | 8080 | TCP | gRPC over HTTP/2 | Mutual TLS |
| gorouter | log-cache (Auth Proxy) | 8083 | TCP | HTTP | OAuth |
| log-cache (Auth Proxy) | uaa | 8443 | TCP | HTTPS | TLS |
| log-cache (Auth Proxy) | cloud_controller | 9024 | TCP | HTTPS | TLS |
*Any source VM can send requests to the specified destination within its subnet.
BOSH DNS Communications
By default, PAS components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS Network Communications.