In this topic, you can learn about BOSH DNS internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.
For more information about BOSH DNS, see Native DNS Support in the BOSH documentation.
The following table lists network communication paths for BOSH DNS.
Port 8853 is the destination port for communications between BOSH DNS health processes. You must allow TCP traffic on 8853 for all VMs running BOSH DNS.
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| Any VM running BOSH DNS | backup_restore | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | clock_global | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | cloud_controller | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | cloud_controller_worker | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | credhub | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | diego_brain | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | diego_cell | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | diego_database | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | doppler | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | ha_proxy | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | log_cache | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | loggregator_trafficcontroller | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | mysql | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | mysql_monitor* | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | mysql_proxy* | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | nats | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | nfs_server† | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | router | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | tcp_router | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | uaa | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | Service instance VMs | 53 | TCP and UDP | DNS | Unencrypted. This communication happens inside the VM. |
| Any VM running BOSH DNS | backup_restore | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | clock_global | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | cloud_controller | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | cloud_controller_worker | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | credhub | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | diego_brain | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | diego_cell | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | diego_database | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | doppler | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | ha_proxy | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | log_cache | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | loggregator_trafficcontroller | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | mysql | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | mysql_monitor* | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | mysql_proxy* | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | nats | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | nfs_server† | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | router | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | tcp_router | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | uaa | 8853 | TCP | HTTPS | Mutual TLS |
| Any VM running BOSH DNS | Service instance VMs | 8853 | TCP | HTTPS | Mutual TLS |
*Applies only to deployments where internal MySQL is selected as the database.
†Applies only to deployments where the internal NFS server is selected for file storage.
