Configuring TCP Routing in PAS

Page last updated:

This topic describes how to enable the TCP routing feature in a Pivotal Application Service (PAS) deployment.

Breaking Change: If you have mutual TLS app identity verification enabled, Envoy only recognizes communications from the Gorouter. Therefore, TCP no longer works.

Enable TCP Routing

TCP Routing enables apps to be run on Pivotal Platform that require inbound requests on non-HTTP protocols. Before enabling TCP routing, review the Pre-Deployment Steps that describe required networking infrastructure changes.

TCP routing is disabled by default. You should enable this feature if your DNS sends TCP traffic through a load balancer rather than directly to a TCP router. To enable TCP routing: 1. Select Enable TCP routing.

Note: If you have mutual TLS app identity verification enabled, app containers accept incoming communication only from the Gorouter. This disables TCP routing.

  1. For TCP routing ports, enter a single port or a range of ports for the load balancer to forward to. These are the same ports that you configured in the Pre-Deployment Steps section of the Enabling TCP Routing topic.
    • To support multiple TCP routes, Pivotal recommends allocating multiple ports.
    • To allocate a list of ports rather than a range:
      1. Enter a single port in the TCP routing ports field.
      2. After deploying PAS, follow the steps in the Configuring a List of TCP Routing Ports section of the Pivotal Application Service v2.3 Release Notes to add TCP routing ports using the cf CLI.
  2. For TCP request timeout, you can optionally modify the default value of 300 seconds. This field determines when the TCP Router closes idle connections from clients to apps that use TCP routes. You may want to increase this value to enable developers to push apps that require long-running idle connections with clients.
  3. Ensure that you follow the additional instructions based on your IaaS:
    IaaS Instructions
    GCP Specify the name of a GCP TCP load balancer in the LOAD BALANCER column of the TCP Router job in the Resource Config pane. You configure this later on in PAS. For more information, see Configure Resources.
    AWS Specify the name of a TCP ELB in the LOAD BALANCER column of the TCP Router job in the Resource Config pane. You configure this later on in PAS. For more information, see Configure Resources.
    Azure Specify the name of a Azure load balancer in the LOAD BALANCER column of the TCP Router job in the Resource Config pane. You configure this later on in PAS. For more information, see Configure Resources.
    OpenStack and vSphere
    1. Return to the top of the Networking pane.
    2. In the TCP router IPs field, ensure that you have entered IP addresses that are within your subnet CIDR block. These are the same IP addresses you configured your load balancer with in the Pre-Deployment Steps section of the Enabling TCP Routing topic, unless you configured DNS to resolve the TCP domain name directly to an IP you have chosen for the TCP router.

Disable TCP Routing

To disable TCP routing after enabling it:

  1. Under Enable TCP requests to apps through specific ports on the TCP router, select Disable TCP routing.

  2. Manually remove the TCP routing domain.