# RPC
Consul uses two RPC systems for communication between components within the
cluster and with other clients such as Envoy: [gRPC ](https://grpc.io/ )
and Go's [`net/rpc` ](https://pkg.go.dev/net/rpc ) package.
Communication between client agents and servers uses a mix of both gRPC and
`net/rpc` . Generally, gRPC is preferred because it supports modern features
such as context deadlines/cancellation, streaming, and middleware - but Consul
has been around for a while so the majority of RPC endpoints still use `net/rpc` .
## Multiplexed "Server" Port
Most in-cluster communication happens over the multiplexed "server" TCP port
(default: 8300). Consul servers implement a custom protocol for serving
different kinds of traffic on the same port, whereby the first byte sent
indicates the protocol (e.g. gRPC, `net/rpc` , Raft).
Servers also implement [TLS ALPN ](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation )
on this port, for situations where wrapping the real protocol with a byte prefix
isn't practical (e.g. cross-DC traffic over mesh gateways).
The diagram below shows all the possible routing flows:
[server port]: https://www.consul.io/docs/agent/config/config-files#server_rpc_port
![RPC Routing ](./routing.svg )
< sup > [source](./routing.mmd)< / sup >
The main entrypoint to connection routing is `handleConn` in [agent/consul/rpc.go].
[agent/consul/rpc.go]: https://github.com/hashicorp/consul/blob/main/agent/consul/rpc.go
### Development
Multiplexing several protocols over a single server port helps to reduce our
network requirements, but also makes interacting with Consul using local
development tools such as [grpcurl] difficult.
[grpcurl]: https://github.com/fullstorydev/grpcurl
You can get a "plain" TCP connection to the gRPC server using this proxy script:
```
$ go run tools/internal-grpc-proxy/main.go localhost:8300
Proxying connections to Consul's internal gRPC server
Use this address: 127.0.0.1:64077
```
Pass the returned proxy address to your tool of choice.
## Private vs Public vs Internal vs External
When working on Consul's gRPC endpoints you may notice we use private/public and
internal/external slightly differently.
Private and public refer to whether an API is suitable for consumption by
clients other than Consul's core components.
Private gRPC APIs are defined in the `proto` directory, and should only be used
by Consul servers and agents. Public gRPC APIs are defined in the `proto-public`
directory and may be used by 3rd-party applications.
Internal and external refer to how the gRPC APIs are exposed.
Internal gRPC APIs are exposed on the multiplexed "server" port, whereas
external APIs are exposed on a dedicated gRPC port (default: 8502).
The reason for this differentiation is that some private APIs are exposed on the
external port, such as peer streaming/replication; this API isn't (yet) suitable
for consumption by 3rd-party applications but must be accessible from outside
the cluster, and present a TLS certificate signed by a public CA, which the
multiplexed port cannot.
## RPC Endpoints
This section is a work in progress, it will eventually cover topics like:
- net/rpc - (in the stdlib)
- new grpc endpoints
- [Streaming ](./streaming )
- [agent/structs ](https://github.com/hashicorp/consul/tree/main/agent/structs ) - contains definitions of all the internal RPC protocol request and response structures.
## RPC connections and load balancing
This section is a work in progress, it will eventually cover topics like:
Routing RPC request to Consul servers and for connection pooling.
- [agent/router ](https://github.com/hashicorp/consul/tree/main/agent/router )
- [agent/pool ](https://github.com/hashicorp/consul/tree/main/agent/pool )