Configuring TCP Routing in PAS

Page last updated:

This topic describes how to enable the TCP routing feature in a Pivotal Application Service (PAS) deployment.

Breaking Change: If you have mutual TLS app identity verification enabled, Envoy only recognizes communications from the Gorouter. Therefore, TCP no longer works.


TCP routing enables apps that require inbound requests on non-HTTP protocols to run on Pivotal Platform.


Before enabling TCP routing, review the pre-deployment steps that describe required networking infrastructure changes. For more information, see the Pre-Deployment Steps section of the Enabling TCP Routing topic.

Enable TCP Routing

TCP routing is disabled by default.

To enable TCP routing:

  1. Go to the Networking pane of the PAS tile.

  2. Under Enable TCP requests to apps through specific ports on the TCP router, select Enable TCP routing.

  3. For TCP router IPs, enter the IP addresses to assign to the TCP routers. You can enter multiple values as a comma-separated list or as a range. For example,, or The addresses must be within your subnet CIDR block. These are the same IP addresses with which you configured your load balancer in the Pre-Deployment Steps section of the Enabling TCP Routing topic, unless you configured DNS to resolve the TCP domain name directly to an IP for the TCP router.

  4. For TCP routing ports, enter one or more ports to which the load balancer forwards requests. To support multiple TCP routes, Pivotal recommends allocating multiple ports. Do one of the following:

    • To allocate a single port or range of ports, enter a single port or a range of ports.

      Note: If you configured AWS for Pivotal Platform manually, enter 1024-1123 which corresponds to the rules you created for pcf-tcp-elb.

    • To allocate a list of ports:
      1. Enter a single port in the TCP routing ports field.
      2. After deploying PAS, follow the procedure in the Configuring a List of TCP Routing Ports section of the Pivotal Application Service v2.3 Release Notes topic to add TCP routing ports using the cf CLI.
  5. (Optional) For TCP request timeout, modify the default value of 300 seconds. This field determines when the TCP router closes idle connections from clients to apps that use TCP routes. You may want to increase this value to enable developers to push apps that require long-running idle connections with clients.

  6. For AWS, Azure, or GCP Pivotal Platform deployments, add the name of your load balancer to the TCP Router field in the Resource Config pane of the PAS tile. For more information, see Configuring Load Balancing for PAS.

Disable TCP Routing

To disable TCP routing:

  1. In the Networking pane of the PAS tile, under Enable TCP requests to apps through specific ports on the TCP router, select Disable TCP routing.

  2. Manually remove the TCP routing domain.