Configuring TCP Routing in PAS

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v2.5 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic describes how to enable the TCP routing feature in a Pivotal Application Service (PAS) deployment.

Breaking Change: If you have mutual TLS app identity verification enabled, Envoy only recognizes communications from the Gorouter. Therefore, TCP no longer works.

Overview

TCP routing enables apps that require inbound requests on non-HTTP protocols to run on PCF.

Prerequisite

Before enabling TCP routing, review the pre-deployment steps that describe required networking infrastructure changes. For more information, see the Pre-Deployment Steps section of the Enabling TCP Routing topic.

Enable TCP Routing

TCP routing is disabled by default.

To enable TCP routing:

  1. Go to the Networking pane of the PAS tile.

  2. Under Enable TCP requests to apps through specific ports on the TCP router, select Enable TCP Routing.

    Note: If you have mutual TLS app identity verification enabled, app containers accept incoming communication only from the Gorouter. This disables TCP routing.

  3. For TCP Routing Ports, enter one or more ports to which the load balancer forwards requests. To support multiple TCP routes, Pivotal recommends allocating multiple ports. Do one of the following:

    • To allocate a single port or range of ports, enter a single port or a range of ports.

      Note: If you configured AWS for PCF manually, enter 1024-1123 which corresponds to the rules you created for pcf-tcp-elb.

    • To allocate a list of ports:
      1. Enter a single port in the TCP routing ports field.
      2. After deploying PAS, follow the procedure in the Configuring a List of TCP Routing Ports section of the Pivotal Application Service v2.3 Release Notes topic to add TCP routing ports using the cf CLI.
  4. (Optional) For TCP request timeout, modify the default value of 300 seconds. This field determines when the TCP router closes idle connections from clients to apps that use TCP routes. You may want to increase this value to enable developers to push apps that require long-running idle connections with clients.

  5. Follow these additional instructions based on your IaaS:

    IaaS Instructions
    GCP Specify the name of a GCP TCP load balancer in the LOAD BALANCER field of the TCP Router job in the Resource Config pane. You configure this later on in PAS. For more information, see Configuring Load Balancing for PAS.
    AWS Specify the name of a TCP ELB in the LOAD BALANCER field of the TCP Router job in the Resource Config pane. You configure this later on in PAS. For more information, see Configuring Load Balancing for PAS.
    Azure Specify the name of a Azure load balancer in the LOAD BALANCER field of the TCP Router job in the Resource Config pane. You configure this later on in PAS. For more information, see Configuring Load Balancing for PAS.
    OpenStack and vSphere
    1. Return to the top of the Networking pane.
    2. In the TCP router IPs field, ensure that you have entered IP addresses that are within your subnet CIDR block. These are the same IP addresses you configured your load balancer with in the Pre-Deployment Steps section of the Enabling TCP Routing topic, unless you configured DNS to resolve the TCP domain name directly to an IP you have chosen for the TCP router.

Disable TCP Routing

To disable TCP routing:

  1. In the Networking pane of the PAS tile, under Enable TCP requests to apps through specific ports on the TCP Router…, click Select this option if you prefer to enable TCP Routing at a later time.

  2. Manually remove the TCP routing domain.