diff --git a/api/filter/network/BUILD b/api/filter/network/BUILD
index d495847f..a8578813 100644
--- a/api/filter/network/BUILD
+++ b/api/filter/network/BUILD
@@ -53,7 +53,10 @@ api_proto_library(
 api_proto_library(
     name = "tcp_proxy",
     srcs = ["tcp_proxy.proto"],
-    deps = ["//api/filter:accesslog"],
+    deps = [
+        "//api/filter:accesslog",
+        "//api:address",
+    ],
 )
 
 api_proto_library(
diff --git a/api/filter/network/tcp_proxy.proto b/api/filter/network/tcp_proxy.proto
index 619b3f83..acdf0015 100644
--- a/api/filter/network/tcp_proxy.proto
+++ b/api/filter/network/tcp_proxy.proto
@@ -4,6 +4,7 @@ package envoy.api.v2.filter.network;
 option go_package = "network";
 
 import "api/filter/accesslog.proto";
+import "api/address.proto";
 
 import "google/protobuf/duration.proto";
 
@@ -28,4 +29,60 @@ message TcpProxy {
 
   // Configuration for access logs.
   repeated AccessLog access_log = 5;
+
+  message DeprecatedV1 {
+    // [V2-API-DIFF] This is deprecated in v2. Routes will be matched using
+    // the FilterChainMatch in Listeners.
+    //
+    // A TCP proxy route consists of a set of optional L4 criteria and the
+    // name of a cluster. If a downstream connection matches all the
+    // specified criteria, the cluster in the route is used for the
+    // corresponding upstream connection. Routes are tried in the order
+    // specified until a match is found. If no match is found, the connection
+    // is closed. A route with no criteria is valid and always produces a
+    // match.
+    message TCPRoute {
+      // The cluster to connect to when a the downstream network connection
+      // matches the specified criteria.
+      string cluster = 1;
+
+      // An optional list of IP address subnets in the form
+      // “ip_address/xx”. The criteria is satisfied if the destination IP
+      // address of the downstream connection is contained in at least one of
+      // the specified subnets. If the parameter is not specified or the list
+      // is empty, the destination IP address is ignored. The destination IP
+      // address of the downstream connection might be different from the
+      // addresses on which the proxy is listening if the connection has been
+      // redirected.
+      repeated CidrRange destination_ip_list = 2;
+
+      // An optional string containing a comma-separated list of port numbers
+      // or ranges. The criteria is satisfied if the destination port of the
+      // downstream connection is contained in at least one of the specified
+      // ranges. If the parameter is not specified, the destination port is
+      // ignored. The destination port address of the downstream connection
+      // might be different from the port on which the proxy is listening if
+      // the connection has been redirected.
+      string destination_ports = 3;
+
+      // An optional list of IP address subnets in the form
+      // “ip_address/xx”. The criteria is satisfied if the source IP address
+      // of the downstream connection is contained in at least one of the
+      // specified subnets. If the parameter is not specified or the list is
+      // empty, the source IP address is ignored.
+      repeated CidrRange source_ip_list = 4;
+
+      // An optional string containing a comma-separated list of port numbers
+      // or ranges. The criteria is satisfied if the source port of the
+      // downstream connection is contained in at least one of the specified
+      // ranges. If the parameter is not specified, the source port is
+      // ignored.
+      string source_ports = 5;
+    }
+
+    // The route table for the filter. All filter instances must have a route
+    // table, even if it is empty.
+    repeated TCPRoute routes = 1;
+  }
+  DeprecatedV1 deprecated_v1 = 6;
 }