Understanding the external network access in Diego
Lev Berman <lev.berman@...>
I have a Diego application. From the app's Garden container I can access
the Internet and establish connections with tcp services running on other
VMs but I can't connect to a tcp service running on the same VM until I
allow the container to access external networks via the Garden API -
Also, I've created CF security groups to allow tcp traffic for all VMs I am
trying to connect to.
My questions are is this an expected functionality and what is the idea of
the "allow the container to access external networks" API call since it
only affects access to the same VM?
Altoros - Cloud Foundry deployment, training and integration
*: https://github.com/ldmberman <https://github.com/ldmberman>*
this setting is because we assume multi-tenant installations. it istoggle quoted message Show quoted text
strongly recommended that operators should have their cf configurations and
application security group configurations setup to only allow outbound
connectivity from in containers to other containers by going through the cf
load balancer and not be directly connecting to other cell host/port
mappings of application instances.
On Thu, May 14, 2015 at 1:52 AM, Lev Berman <lev.berman(a)altoros.com> wrote: