Network Traffic¶
This document describes the expected incoming and outgoing traffic for each
EngFlow Remote Execution cluster. In addition, actions may perform (or attempt
to perform) network access, see the --docker_allow_network_access
and --sandbox_allow_network_access options as well as the
dockerNetwork and
sandboxNetwork platform options.
| Protocol | Port | Direction | Purpose |
|---|---|---|---|
| TCP | --private_port |
Instance-Instance | Internal gRPC calls |
| TCP | --private_port |
Infrastructure-Instance | Health checks (if configured) |
| TCP | --private_port + 1000 |
Scheduler-Scheduler | Internal scheduler coordination (not gRPC) |
| TCP | --private_port + 2000 |
Instance-Instance | Internal CAS coordination (not gRPC) |
| TCP | --public_port |
External-Scheduler | Remote Execution API calls to the cluster |
| TCP | --public_port |
Infrastructure-Scheduler | Health checks (if configured) |
| TCP | --monitoring_prometheus_port |
External-Instance | Prometheus monitoring (if configured) |
| TCP | 443 (HTTPS) | Instance-Infrastructure | Instance discovery (GCP/AWS/K8s, if configured) |
| TCP | 443 (HTTPS) | Instance-Infrastructure | Backup storage (GCP/AWS, if configured) |
| TCP | 443 (HTTPS) | Instance-Internet | Docker image fetching (if configured) |