MySQL Network Communications

Page last updated:

This topic describes MySQL internal network communication paths with other Pivotal Application Service (PAS) components.

Note: These communications only apply to deployments where internal MySQL is selected as the PAS database.

Inbound Communications

The following table lists network communication paths that are inbound to MySQL VMs.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
cloud_controller mysql_proxy 3306 TCP MySQL MySQL authentication*
cloud_controller_worker mysql_proxy 3306 TCP MySQL MySQL authentication*
clock_global mysql_proxy 3306 TCP MySQL MySQL authentication*
credhub mysql_proxy 3306 TCP MySQL MySQL authentication*
diego_cell (VXLAN Policy Agent) mysql_proxy 3306 TCP MySQL MySQL authentication*
diego_database (Policy Server) mysql_proxy 3306 TCP MySQL MySQL authentication*
diego_database (BBS) mysql_proxy 3306 TCP MySQL MySQL authentication*
diego_database (Locket) mysql_proxy 3306 TCP MySQL MySQL authentication*
uaa mysql_proxy 3306 TCP MySQL MySQL authentication*

(*) MySQL authentication uses the MySQL native password method.

Internal Communications

The following table lists network communication paths that are internal to MySQL VMs.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
mysql mysql (Galera) 4567 TCP MySQL MySQL authentication*
mysql_monitor mysql (MySQL Server) 3306 TCP HTTP Basic authentication
mysql_monitor mysql_proxy (Proxy health check) 443/8080** TCP HTTP Basic authentication
mysql_proxy mysql (MySQL Server) 3306 TCP HTTP MySQL authentication*
mysql_proxy mysql (Galera health check) 9200 TCP HTTP Basic authentication

(*) MySQL authentication uses the MySQL native password method.

(**) Port 443 is used if mysql_proxy is registered with Gorouter. If not registered, mysql_proxy uses port 8080 instead.

Outbound Communications

The following table lists network communication paths that are outbound from MySQL.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
mysql_monitor uaa 8443 TCP HTTPS OAuth
mysql_proxy (Route Registrar) nats 4222 TCP NATS Basic authentication

Note: If you select the Enable inactive mysql port checkbox on the Internal MySQL pane of the PAS tile, you can run auditing and reporting queries on an inactive MySQL node over port 3336. For more information, see the Configure Internal MySQL section of Configuring PAS.

BOSH DNS Communications

By default, PAS components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director colocates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS Network Communications.