Skip to content

tcp_router job from routing/0.320.0

Github source: 90a6e106 or master branch

Properties

dns_health_check_host

Host to ping for confirmation of DNS resolution

Default
uaa.service.cf.internal

metron

port

The port used to emit dropsonde messages to the Metron agent.

Default
3457

reserved_system_component_ports

This should come via a bosh link from the routing_api job. This property is here in case it needs to be overwritten.

routing_api

auth_disabled

Disables UAA authentication

Default
false

ca_cert

Routing API Certificate Authority

client_cert

Routing API Client Certificate

client_private_key

Routing API Client Private Key

port

Port of routing api

uri

URL where the routing API can be reached internally

Default
https://routing-api.service.cf.internal

skip_ssl_validation

Skip TLS verification when talking to UAA

Default
false

tcp_router

backend_tls

ca_cert

TCP Router’s TLS CA used with route backends

client_cert

TCP Router’s TLS client cert used for mTLS with route backends

client_key

TCP Router’s TLS client private key used for mTLS with route backends

enabled

Turns on support for TLS for TCP Router. Requires tcp_router.backend_tls.ca_cert to be set. For mTLS also set tcp_router.backend_tls.client_cert and tcp_router.backend_tls.client_key.

Default
false

debug_address

Address at which to serve debug info

Default
127.0.0.1:17002

drain_wait

Delay in seconds after shut down is initiated before haproxy stops listening. During this time haproxy will reject requests to the /health endpoint. This accommodates requests forwarded by a load balancer until it considers the tcp_router unhealthy.

Default
20

enable_nontls_health_checks

Toggles on/off whether or not to listen for load balancer health check requests on the non-tls tcp_router.health_check_port port

Default
true

fail_on_router_port_conflicts

Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups.

Default
"false"

health_check_port

Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TCP connection on this port

Default
80

isolation_segments

Routes with these isolation segments will be registered. Used in combination with routing_table_sharding_mode.

Default
[]

load_balancer_healthy_threshold

Time period in seconds to wait until declaring the tcp_router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.”

Default
20

log_level

Log level

Default
info

oauth_secret

OAuth client secret used to obtain token for Routing API from UAA.

request_timeout_in_seconds

Server and client timeouts in seconds

Default
300

tcp_stats_collection_interval

String representing interval for collecting statistic metrics from tcp proxy. Units: ms, s, m h

Default
1m

tls_health_check_cert

TLS certificate to use on the TCP Router’s TLS health check port

tls_health_check_key

TLS private key to use on the TCP Router’s TLS health check port

tls_health_check_port

Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TLS connection on this port

Default
443

uaa

ca_cert

Certificate authority for communication between clients and uaa.

Default
""

tls_port

Port on which UAA is listening for TLS connections. This is required for obtaining an OAuth token for Routing API.

token_endpoint

UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.

Default
uaa.service.cf.internal

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/tcp_router/ directory (learn more).

  • bin/bpm-pre-start (from bpm-pre-start.erb)
  • bin/drain (from drain.erb)
  • bin/haproxy_reloader (from haproxy_reloader)
  • bin/post-start (from post-start.erb)
  • bin/tcp_router_ctl (from tcp_router_ctl.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/health.pem (from tcp_router_health_check_certificate.pem.erb)
  • config/certs/routing-api/ca_cert.crt (from routing_api_ca_certificate.crt.erb)
  • config/certs/routing-api/client.crt (from routing_api_client_certificate.crt.erb)
  • config/certs/tcp-router/backend/ca.crt (from tcp_router_backend_ca.crt.erb)
  • config/certs/uaa/ca.crt (from uaa_ca.crt.erb)
  • config/haproxy.conf (from haproxy.conf.erb)
  • config/haproxy.conf.template (from haproxy.conf.template.erb)
  • config/keys/routing-api/client.key (from routing_api_client_private.key.erb)
  • config/keys/tcp-router/backend/client_cert_and_key.pem (from tcp_router_backend_client_cert_and_key.pem.erb)
  • config/tcp_router.yml (from tcp_router.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.