Tanzu Platform for Cloud Foundry 6.0

10.0 6.0 4.0

Container-to-container networking communications

Last Updated March 13, 2025

The tables here show the network communication paths to container-to-container networking in VMware Tanzu Application Service for VMs (TAS for VMs).

For more information about container-to-container networking, see Container-to-container networking.

Inbound communications

The following table lists network communication paths that are inbound to container-to-container networking.

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
diego_cell (Silk CNI)diego_cell (Silk Daemon)23954TCPHTTPNone
diego_cell (Silk Daemon)diego_api (Silk Controller)4103TCPHTTPMutual TLS
diego_cell (VXLAN Policy Agent)diego_database (api - Policy Server Internal)4003TCPHTTPMutual TLS
diego_cell (BOSH DNS Adapter)diego_brain (Service Discovery Controller)8054TCPHTTPMutual TLS

Outbound communications

The following table lists network communication paths that are outbound from container-to-container networking:

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
diego_database (API - Policy Server)uaa8443TCPHTTPSTLS
diego_database (API - Policy Server)cloud_controller (api - Cloud Controller)9022TCPHTTPOAuth 2.0
diego_database (API - Policy Server)mysql_proxy*3306TCPMySQLMySQL authentication
diego_brain (Service Discovery Controller)nats (NATS)4222TCPHTTPBasic authentication
diego_cell (BOSH DNS)diego_cell (BOSH DNS Adapter)8053TCPHTTPNone
diego_cell (VXLAN Policy Agent)mysql_proxy*3306TCPMySQLMySQL authentication

*Applies only to deployments where internal MySQL is selected as the database.

BOSH DNS communications

By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.