Network Traffic

Expected Network Traffic

This document describes the expected incoming and outgoing traffic for each EngFlow Remote Execution cluster. In addition, actions may perform (or attempt to perform) network access, see the --docker_allow_network_access and --sandbox_allow_network_access options as well as the dockerNetwork and sandboxNetwork platform options.

ProtocolPortDirectionPurpose
TCP --private_port Instance-Instance Internal gRPC calls
TCP --private_port Infrastructure-Instance Health checks (if configured)
TCP --private_port + 1000 Scheduler-Scheduler Internal scheduler coordination (not gRPC)
TCP --private_port + 2000 Instance-Instance Internal CAS coordination (not gRPC)
TCP --public_port External-Scheduler Remote Execution API calls to the cluster
TCP --public_port Infrastructure-Scheduler Health checks (if configured)
TCP --monitoring_prometheus_port External-Instance Prometheus monitoring (if configured)
TCP 443 (HTTPS) Instance-Infrastructure Instance discovery (GCP/AWS/K8s, if configured)
TCP 443 (HTTPS) Instance-Infrastructure Backup storage (GCP/AWS, if configured)
TCP 443 (HTTPS) Instance-Internet Docker image fetching (if configured)
2021-09-21