The tables here show the network communication paths to container-to-container networking in VMware Tanzu Application Service for VMs (TAS for VMs).

For more information about container-to-container networking, see Container-to-container networking.

Inbound communications

The following table lists network communication paths that are inbound to container-to-container networking.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
diego_cell (Silk CNI) diego_cell (Silk Daemon) 23954 TCP HTTP None
diego_cell (Silk Daemon) diego_api (Silk Controller) 4103 TCP HTTP Mutual TLS
diego_cell (VXLAN Policy Agent) diego_database (api - Policy Server Internal) 4003 TCP HTTP Mutual TLS
diego_cell (BOSH DNS Adapter) diego_brain (Service Discovery Controller) 8054 TCP HTTP Mutual TLS

Outbound communications

The following table lists network communication paths that are outbound from container-to-container networking:

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
diego_database (API - Policy Server) uaa 8443 TCP HTTPS TLS
diego_database (API - Policy Server) cloud_controller (api - Cloud Controller) 9022 TCP HTTP OAuth 2.0
diego_database (API - Policy Server) mysql_proxy* 3306 TCP MySQL MySQL authentication
diego_brain (Service Discovery Controller) nats (NATS) 4222 TCP HTTP Basic authentication
diego_cell (BOSH DNS) diego_cell (BOSH DNS Adapter) 8053 TCP HTTP None
diego_cell (VXLAN Policy Agent) mysql_proxy* 3306 TCP MySQL MySQL authentication

*Applies only to deployments where internal MySQL is selected as the database.

BOSH DNS communications

By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.

check-circle-line exclamation-circle-line close-line
Scroll to top icon