Pivotal Web Services (PWS): All versions
Testing Direct Container Networking
If you just deployed your client and service applications for the first time, you probably don’t have any networking policies set up.
1) Verify this by running the `cf list-access`
2) If you go to the client application’s URL, the visitor application (In the “Who is Home?” sample), you will receive a message that the visitor application is not able to communicate with the registered service homeowner
Although the service registry provides the internal IP address and port for the service to connect to, there is no network policy allowing this communication. Communication is blocked by default.
3) To enable communication between the client and service applications, you can add a network policy. For example, to allow a visitor to communicate with the homeowner, use the following command:
$ cf allow-access visitor homeowner --protocol tcp --port 8080
The allow-access command sets up a network route from the visitor to the homeowner using a TCP protocol on port 8080. Once this network policy has been added successfully, the visitor application can communicate with the homeowner application.
Moreover, this is done by not using an externally available route; it uses direct container networking with an IP address and port for the service application. When we list the network policies, we now see the following:
$ cf list-access ... Source Destination Protocol Port visitor homeowner tcp 8080
*Direct C2CN enables many new scenarios for applications deployed to Pivotal Cloud Foundry.
One of those use cases: The ability to register applications using the direct registration method with a Spring Cloud Services Service Registry.
Now, a registered service no longer needs an externally routable URL, and instead, you can control communication with the service using network policies!
More details are covered in our original blog post.