Container-to-Container Networking Communications

This topic describes Container-to-Container Networking internal network communication paths with other Pivotal Application Service (PAS) components.

Inbound Communications

The following table lists network communication paths that are inbound to Container-to-Container Networking.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
diego_cell (Silk CNI) diego_cell (Silk Daemon) 23954 TCP HTTP None
diego_cell (Silk Daemon) diego_api (Silk Controller) 4103 TCP HTTP Mutual TLS
diego_cell (VXLAN Policy Agent) diego_database (api - Policy Server Internal) 4003 TCP HTTP Mutual TLS
diego_cell (BOSH DNS Adapter) diego_brain (Service Discovery Controller) 8054 TCP HTTP Mutual TLS

Outbound Communications

The following table lists network communication paths that are outbound from Container-to-Container Networking.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
diego_database (api - Policy Server) uaa 8443 TCP HTTPS TLS
diego_database (api - Policy Server) cloud_controller (api - Cloud Controller) 9022 TCP HTTP OAuth 2.0
diego_database (api - Policy Server) mysql_proxy* 3306 TCP MySQL MySQL authentication*
diego_brain (Service Discovery Controller) nats (NATS) 4222 TCP HTTP Basic authentication
diego_cell (BOSH DNS) diego_cell (BOSH DNS Adapter) 8053 TCP HTTP None
diego_cell (VXLAN Policy Agent) mysql_proxy* 3306 TCP MySQL MySQL authentication*

*Applies only to deployments where internal MySQL is selected as the database.

BOSH DNS Communications

By default, PAS components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director colocates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS Network Communications.

Create a pull request or raise an issue on the source for this page in GitHub