The following tables show MySQL internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.
These communications only apply to deployments where internal MySQL is selected as the TAS for VMs database.
Inbound communications
The following table lists network communication paths that are inbound to MySQL VMs:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| cloud_controller | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| cloud_controller_worker | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| clock_global | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| credhub | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| diego_cell (VXLAN Policy Agent) | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| diego_database (Policy Server) | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| diego_database (BBS) | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| diego_database (Locket) | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
| uaa | mysql_proxy | 3306 | TCP | MySQL | MySQL authentication* |
* MySQL authentication uses the MySQL native password method.
Internal communications
The following table lists network communication paths that are internal to MySQL VMs:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| mysql | mysql (Galera) | 4567 | TCP | MySQL | MySQL authentication* |
| mysql_monitor | mysql (MySQL Server) | 3306 | TCP | HTTP | Basic authentication |
| mysql_monitor | mysql_proxy (Proxy health check) | 443/8080** | TCP | HTTP | Basic authentication |
| mysql_proxy | mysql (MySQL Server) | 3306 | TCP | HTTP | MySQL authentication* |
| mysql_proxy | mysql (Galera health check) | 9200 | TCP | HTTP | Basic authentication |
*MySQL authentication uses the MySQL native password method.
**Port 443 is used if mysql_proxy is registered with the Gorouter. If not registered, mysql_proxy uses port 8080 instead.
Outbound communications
The following table lists network communication paths that are outbound from MySQL:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| mysql_monitor | uaa | 8443 | TCP | HTTPS | OAuth |
| mysql_proxy (Route Registrar) | nats | 4222 | TCP | NATS | Basic authentication |
If you select the Enable inactive mysql port check box on the Internal MySQL pane of the TAS for VMs tile, you can run auditing and reporting queries on an inactive MySQL node over port 3336. For more information, see Configure Internal MySQL in Configuring TAS for VMs.
BOSH DNS communications
By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.
