Loggregator Network Communications

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v2.3 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic describes Loggregator internal network communication paths with other Pivotal Application Service (PAS) components.

Loggregator Communications

The following table lists network communication paths for Loggregator.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
Any* loggregator_trafficcontroller 8081 TCP HTTP/WebSocket OAuth
Any VM running Metron doppler 8082 TCP gRPC over HTTP/2 Mutual TLS
loggregator_trafficcontroller doppler 8082 TCP gRPC over HTTP/2 Mutual TLS
loggregator_trafficcontroller uaa 8443 TCP HTTPS TLS
loggregator_trafficcontroller cloud_controller 9023 TCP HTTPS Mutual TLS
loggregator_trafficcontroller (Reverse Log Proxy) doppler 8082 TCP gRPC over HTTP/2 Mutual TLS
loggregator_trafficcontroller (Route Registrar) nats 4222 TCP NATS Basic authentication
loggregator_trafficcontroller (metrics_forwarder) BOSH Director (metrics_server) 25595 and 8443 TCP gRPC over HTTP/2 Mutual TLS
loggregator_trafficcontroller doppler (Log Cache) 8080 TCP gRPC over HTTP/2 Mutual TLS
syslog_adapter loggregator_trafficcontroller (Reverse Log Proxy) 8082 TCP gRPC over HTTP/2 Mutual TLS
syslog_adapter Any** Any*** TCP TCP, TCP w/ TLS, HTTPS Basic authentication****
syslog_scheduler syslog_adapter 4443 TCP gRPC over HTTP/2 Mutual TLS
syslog_scheduler cloud_controller 9023 TCP HTTPS Mutual TLS
loggregator_trafficcontroller (Reverse Log Proxy Gateway) cloud_controller 9023 TCP HTTPS Mutual TLS
Any* loggregator_trafficcontroller (Reverse Log Proxy Gateway) 8088 TCP HTTP/Server Sent Events OAuth
*Any source VM can send requests to the specified destination within its subnet.
**Sends syslog messages to any host configured via user provided service binding with syslog URL.
***User provided service bindings with syslog URL can be configured with any port.
****Basic authentication only supported for HTTPS syslog drains.

Starting from ERT v1.11, Metron does not use the UDP protocol to communicate with Doppler. Starting in PAS v2.0, Doppler no longer uses the UDP protocol or the HTTP/WebSocket protocol.

Log Cache Communications

The following table lists network communication paths for Log Cache.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
loggregator_trafficcontroller (Reverse Log Proxy) log-cache (Nozzle) 8082 TCP gRPC over HTTP/2 Mutual TLS
Any* log-cache 8080 TCP gRPC over HTTP/2 Mutual TLS
gorouter log-cache (Auth Proxy) 8083 TCP HTTP Oauth
log-cache (Auth Proxy) uaa 8443 TCP HTTPS TLS
log-cache (Auth Proxy) cloud_controller 9024 TCP HTTPS TLS

*Any source VM can send requests to the specified destination within its subnet.

BOSH DNS Communications

By default, PAS components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director colocates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS Network Communications.