Container-to-container networking communications

The tables here show the network communication paths to container-to-container networking in VMware Tanzu Application Service for VMs (TAS for VMs).

For more information about container-to-container networking, see Container-to-container networking.

Inbound communications

The following table lists network communication paths that are inbound to container-to-container networking.

Source VM	Destination VM	Port	Transport Layer Protocol	App Layer Protocol	Security and Authentication
diego_cell (Silk CNI)	diego_cell (Silk Daemon)	23954	TCP	HTTP	None
diego_cell (Silk Daemon)	diego_api (Silk Controller)	4103	TCP	HTTP	Mutual TLS
diego_cell (VXLAN Policy Agent)	diego_database (api - Policy Server Internal)	4003	TCP	HTTP	Mutual TLS
diego_cell (BOSH DNS Adapter)	diego_brain (Service Discovery Controller)	8054	TCP	HTTP	Mutual TLS

Outbound communications

The following table lists network communication paths that are outbound from container-to-container networking:

Source VM	Destination VM	Port	Transport Layer Protocol	App Layer Protocol	Security and Authentication
diego_database (API - Policy Server)	uaa	8443	TCP	HTTPS	TLS
diego_database (API - Policy Server)	cloud_controller (api - Cloud Controller)	9022	TCP	HTTP	OAuth 2.0
diego_database (API - Policy Server)	mysql_proxy^*	3306	TCP	MySQL	MySQL authentication
diego_brain (Service Discovery Controller)	nats (NATS)	4222	TCP	HTTP	Basic authentication
diego_cell (BOSH DNS)	diego_cell (BOSH DNS Adapter)	8053	TCP	HTTP	None
diego_cell (VXLAN Policy Agent)	mysql_proxy^*	3306	TCP	MySQL	MySQL authentication

^*Applies only to deployments where internal MySQL is selected as the database.

BOSH DNS communications

By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.