public enum DropInfo.Types.Cause
Reference documentation and code samples for the Network Management v1 API enum DropInfo.Types.Cause.
Drop cause types:
Namespace
Google.Cloud.NetworkManagement.V1Assembly
Google.Cloud.NetworkManagement.V1.dll
Fields |
|
---|---|
Name | Description |
BackendServiceNamedPortNotDefined |
Packet is dropped due to a backend service named port not being defined on the instance group level. |
CloudFunctionNotActive |
Packet could be dropped because the Cloud Function is not in an active status. |
CloudNatNoAddresses |
Packet sent to Cloud Nat without active NAT IPs. |
CloudRunRevisionNotReady |
Packet sent from a Cloud Run revision that is not ready. |
CloudSqlConnectorRequired |
Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307). |
CloudSqlInstanceNoIpAddress |
Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address. |
CloudSqlInstanceNoRoute |
Packet was dropped because there is no route from a Cloud SQL instance to a destination network. |
CloudSqlInstanceNotConfiguredForExternalTraffic |
Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses. |
CloudSqlInstanceNotRunning |
Packet sent from or to a Cloud SQL instance that is not in running state. |
CloudSqlInstanceUnauthorizedAccess |
Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks for more details. |
CloudSqlPscNegUnsupported |
The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported. |
DestinationIsPrivateNatIpRange |
Packet is dropped due to a destination IP range being part of a Private NAT IP range. |
DroppedInsideCloudSqlService |
Packet was dropped inside Cloud SQL Service. |
DroppedInsideGkeService |
Packet was dropped inside Google Kubernetes Engine Service. |
DroppedInsideGoogleManagedService |
Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn't match the endpoint the packet was sent from in forward trace. Used only for return traces. |
DroppedInsidePscServiceProducer |
Packet was dropped inside Private Service Connect service producer. |
DroppedInsideRedisClusterService |
Generic drop cause for a packet being dropped inside a Redis Cluster service project. |
DroppedInsideRedisInstanceService |
Generic drop cause for a packet being dropped inside a Redis Instance service project. |
FirewallBlockingLoadBalancerBackendHealthCheck |
Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules. |
FirewallRule |
Dropped due to a firewall rule, unless allowed due to connection tracking. |
ForeignIpDisallowed |
A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled. |
ForwardingRuleMismatch |
Forwarding rule's protocol and ports do not match the packet header. |
ForwardingRuleNoInstances |
Forwarding rule does not have backends configured. |
ForwardingRuleRegionMismatch |
Packet could be dropped because it was sent from a different region to a regional forwarding without global access. |
GkeClusterNotRunning |
Packet sent from or to a GKE cluster that is not in running state. |
GkeControlPlaneNoRoute |
Packet was dropped because there is no route from a GKE cluster control plane to a destination network. |
GkeControlPlaneRegionMismatch |
Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region. |
GkeMasterUnauthorizedAccess |
Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See Access to the cluster endpoints for more details. |
GkePscEndpointMissing |
Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. |
GoogleManagedServiceNoPeering |
Packet was dropped because there is no peering between the originating network and the Google Managed Services Network. |
GoogleManagedServiceNoPscEndpoint |
Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. |
HybridNegNonDynamicRouteMatched |
The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported. |
HybridNegNonLocalDynamicRouteMatched |
The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported. |
InstanceNotRunning |
Packet is sent from or to a Compute Engine instance that is not in a running state. |
LoadBalancerBackendInvalidNetwork |
Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer. |
LoadBalancerHasNoProxySubnet |
Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found. |
NoAdvertisedRouteToGcpDestination |
Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router. |
NoExternalAddress |
Instance with only an internal IP address tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allow this connection. |
NoKnownRouteFromPeeredNetworkToDestination |
Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address. |
NoNatSubnetsForPscServiceAttachment |
No NAT subnets are defined for the PSC service attachment. |
NoRoute |
Dropped due to no matching routes. |
NoRouteFromInternetToPrivateIpv6Address |
Packet is sent from the Internet to the private IPv6 address. |
NoTrafficSelectorToGcpDestination |
Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel. |
PrivateGoogleAccessDisallowed |
Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled in the subnet. |
PrivateGoogleAccessViaVpnTunnelUnsupported |
Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network. |
PrivateNatToPscEndpointUnsupported |
Sending packets processed by the Private NAT Gateways to the Private Service Connect endpoints is not supported. |
PrivateTrafficToInternet |
Packet with internal destination address sent to the internet gateway. |
PscConnectionNotAccepted |
The Private Service Connect endpoint is in a project that is not approved to connect to the service. |
PscEndpointAccessedFromPeeredNetwork |
The packet is sent to the Private Service Connect endpoint over the peering, but it's not supported. |
PscNegProducerEndpointNoGlobalAccess |
The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled. |
PscNegProducerForwardingRuleMultiplePorts |
The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified. |
PscTransitivityNotPropagated |
PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated. |
PublicCloudSqlInstanceToPrivateDestination |
Packet sent from a Cloud SQL instance with only a public IP address to a private IP address. |
PublicGkeControlPlaneToPrivateDestination |
Packet sent from a public GKE cluster control plane to a private IP address. |
RedisClusterNoExternalIp |
Redis Cluster does not have an external IP address. |
RedisClusterNotRunning |
Packet sent from or to a Redis Cluster that is not in running state. |
RedisClusterUnsupportedPort |
Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster. |
RedisClusterUnsupportedProtocol |
Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster. |
RedisInstanceConnectingFromPupiAddress |
Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance. |
RedisInstanceNoExternalIp |
Redis Instance does not have an external IP address. |
RedisInstanceNoRouteToDestinationNetwork |
Packet is dropped due to no route to the destination network. |
RedisInstanceNotRunning |
Packet sent from or to a Redis Instance that is not in running state. |
RedisInstanceUnsupportedPort |
Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance. |
RedisInstanceUnsupportedProtocol |
Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance. |
RouteBlackhole |
Dropped due to invalid route. Route's next hop is a blackhole. |
RouteNextHopForwardingRuleIpMismatch |
Route's next hop forwarding rule doesn't match next hop IP address. |
RouteNextHopForwardingRuleTypeInvalid |
Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer). |
RouteNextHopInstanceNonPrimaryIp |
Route's next hop IP address is not a primary IP address of the next hop instance. |
RouteNextHopInstanceWrongNetwork |
Route's next hop instance doesn't have a NIC in the route's network. |
RouteNextHopIpAddressNotResolved |
Route's next hop IP address cannot be resolved to a GCP resource. |
RouteNextHopResourceNotFound |
Route's next hop resource is not found. |
RouteNextHopVpnTunnelNotEstablished |
Route's next hop VPN tunnel is down (does not have valid IKE SAs). |
RouteWrongNetwork |
Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3. |
RoutingLoop |
Packet is stuck in a routing loop. |
TrafficTypeBlocked |
The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details. |
UnknownExternalAddress |
Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input. |
UnknownInternalAddress |
Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project. |
Unspecified |
Cause is unspecified. |
VpcConnectorHealthCheckTrafficBlocked |
Packet could be dropped because the health check traffic to the VPC connector is not allowed. |
VpcConnectorNotRunning |
Packet could be dropped because the VPC connector is not in a running state. |
VpcConnectorNotSet |
Packet could be dropped because no VPC connector is set. |
VpcConnectorServerlessTrafficBlocked |
Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed. |
VpnTunnelLocalSelectorMismatch |
The packet does not match a policy-based VPN tunnel local selector. |
VpnTunnelRemoteSelectorMismatch |
The packet does not match a policy-based VPN tunnel remote selector. |