You are using any version of Tanzu Application Service for VMs (TAS for VMs) and TCP routes stop working, but the TCP Router is still listed as running. 

Cause

This occurs when a user tries to create a TCP route with a port that is already in use by a system component. This will result in the following error in the TCP Router logs:

{"timestamp":"2020-10-01T21:23:19.581306843Z","level":"info","source":"tcp-router","message":"tcp-router.running-script","data":{"output":"[ALERT] 274/212317 (43) : Starting proxy listen_cfg_2822: cannot bind socket [0.0.0.0:2822]\n"}}

{"timestamp":"2020-10-01T21:23:19.581361142Z","level":"error","source":"tcp-router","message":"tcp-router.failed-to-run-script","data":{"error":"exit status 1"}}

This issue will not occur if users only create router groups with the approved port ranges: 1024-2047 and 18000-32767. However, if users branch out of those port ranges, they might accidentally overlap with system components.

Product Version: Other

Follow these steps to identify the TCP route with a port that is already in use by a system component.

1. Look at the TCP Router logs to determine which port failed to bind. In the example above, the problematic port is 2882.

2. Delete the TCP route that is trying to use a system component port.

3. Look at all of the routing groups through the List Router Groups.

4. Find the routing group that includes the problematic port.

5. Referring to List Router Groups, change the routing group to not include the problematic port or any system component ports listed in Appendix A: Default System Component Ports. We recommend only using ports 1024-2047 and 18000-32767.

6. If you are using routing-release 0.214.0 or later, add this port to the Reserved System Component Ports in the tile through Networking > Enable TCP Routing > Reserved System Component Ports. Doing this will make it so no one will be able to create a routing group that uses that port.