Consul Gossip beetween LAN Client


I have read that gossip protocol communication is mandatory beetween every agent in a cluster. But what happens if this is not possible ?

For security reason i can’t open udp/8301 on every machine, and for now everything seems to work.
What do I risk whithout opening the LAN gossip port ?

Best regards,

Consul detects which hosts are up, by gossip on udp/8301 and tcp/8301 from any node to any node.

If you block UDP, Consul tries TCP, which is less efficient for this. If you block both, expect to find Consul believing nodes have failed, and services to become intermittently unavailable.

The Consul server and agent logs provide good feedback on gossip falling back to TCP, and node availability changes.