We would probably not deploy the improved http ingress until tcp and ssh are both working. Our priority from the improvements in http ingress have been more on the reliable side and less on the security side. We haven't run into any NATS mis-routing requests issues for a while and we do have TCP customers. So, we would probably prefer to keep riding our current NATS good luck streak than disrupt our TCP customers.
That's perfect. We don't use the port.
Some examples where cell ip address has come in handy:
* Mostly firewall debugging. Our firewall situation is a mess. Lots of manual work and issues to debug where sometimes knowing the specific cell ip address can help in debugging a problem.
* Occasionally customers want to do tcpdumps from a destination server. The ip of the cell hosting the source app instance helps reduce the tcpdump scope. Unfortunately, in tcpdump situations the CF operations team usually gets involved anyway to grab a tcpdump from the cell side since last time I checked we couldn't take tcpdumps from in a container. So, these scenarios are usually not very self service anyway.
Hope that helps.