Diego Network Communications

This topic describes Diego internal network communication paths with other Elastic Runtime components.

Inbound Communications

The following table lists network communication paths that are inbound to Diego.

Source VM Destination VM Port Protocol Security and Authentication
cloud_controller diego_brain (Nsync) 8787 HTTP None
cloud_controller diego_brain (Stager) 8888 HTTP None
cloud_controller diego_brain (TPS Listener) 1518 HTTP None
cloud_controller (Routing API) diego_database (Locket) 8891 HTTPS Mutual TLS

Diego Internal Communications

The following table lists network communication paths that are internal for Diego.

Source VM Destination VM Port Protocol Security and Authentication
diego_brain (Auctioneer) diego_cell (Rep) 1801 HTTPS Mutual TLS
diego_brain (Auctioneer) diego_database (BBS) 8889 HTTPS Mutual TLS
diego_brain (Auctioneer) diego_database (Locket) 8891 HTTPS Mutual TLS
diego_brain (SSH Proxy) diego_database (BBS) 8889 HTTPS Mutual TLS
diego_brain (TPS Watcher) diego_database (Locket) 8891 HTTPS Mutual TLS
diego_cell (local Route Emitter) diego_database (BBS) 8889 HTTPS Mutual TLS
diego_cell (Rep) diego_brain (CC Uploader) 9090 HTTP None
diego_cell (Rep) diego_brain (File Server) 8080 HTTP None
diego_cell (Rep) diego_database (BBS) 8889 HTTPS Mutual TLS
diego_cell (Rep) diego_database (Locket) 8891 HTTPS Mutual TLS
diego_database (BBS) diego_brain (Auctioneer) 9016 HTTPS Mutual TLS
diego_database (BBS) diego_brain (Stager) 8888 HTTP None
diego_database (BBS) diego_cell (Rep) 1801 HTTPS Mutual TLS
diego_database (BBS) diego_database (Locket) 8891 HTTPS Mutual TLS

Outbound Communications

The following table lists network communication paths that are outbound from Diego.

Source VM Destination VM Port Protocol Security and Authentication
diego_brain cloud_controller 9022 HTTP Basic authentication
diego_brain (SSH Proxy) App instances 2222 SSH SSH
diego_brain (SSH Proxy) cloud_controller 9022 HTTP OAuth
diego_brain (SSH Proxy) uaa 443 HTTPS TLS and OAuth
diego_cell (local Route Emitter) nats 4222 NATS Basic authentication
diego_cell (Rep) cloud_controller 9022 HTTP None
diego_cell (Rep) nfs_server or other blobstore* Varies HTTP None/TLS
diego_database (BBS) cloud_controller 9022 HTTP Basic authentication
diego_database (BBS) mysql_proxy 3306 MySQL MySQL authentication
diego_database (Locket) mysql_proxy 3306 MySQL MySQL authentication

*The destination depends on your Elastic Runtime blobstore configuration.

Applies only to deployments where internal MySQL is selected as the database.

Consul Communications

ERT components call out to Consul for service discovery. For more information, see Consul Network Communications.

Create a pull request or raise an issue on the source for this page in GitHub