Network Management v1 API - Enum DropInfo.Types.Cause (2.11.0)

Packet is dropped due to a backend service named port not being defined on the instance group level.

Packet could be dropped because the Cloud Function is not in an active status.

Packet sent to Cloud Nat without active NAT IPs.

Packet sent from a Cloud Run revision that is not ready.

Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307).

Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address.

Packet was dropped because there is no route from a Cloud SQL instance to a destination network.

Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses.

Packet sent from or to a Cloud SQL instance that is not in running state.

Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks for more details.

The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported.

Packet is dropped due to a destination IP range being part of a Private NAT IP range.

Packet was dropped inside Cloud SQL Service.

Packet was dropped inside Google Kubernetes Engine Service.

Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn't match the endpoint the packet was sent from in forward trace. Used only for return traces.

Packet was dropped inside Private Service Connect service producer.

Generic drop cause for a packet being dropped inside a Redis Cluster service project.

Generic drop cause for a packet being dropped inside a Redis Instance service project.

Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules.

Dropped due to a firewall rule, unless allowed due to connection tracking.

A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled.

Forwarding rule's protocol and ports do not match the packet header.

Forwarding rule does not have backends configured.

Packet could be dropped because it was sent from a different region to a regional forwarding without global access.

Packet sent from or to a GKE cluster that is not in running state.

Packet was dropped because there is no route from a GKE cluster control plane to a destination network.

Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region.

Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See Access to the cluster endpoints for more details.

Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.

Packet was dropped because there is no peering between the originating network and the Google Managed Services Network.

Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.

The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported.

The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported.

Packet is sent from or to a Compute Engine instance that is not in a running state.

Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer.

Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found.

Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router.

Instance with only an internal IP address tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allow this connection.

Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address.

No NAT subnets are defined for the PSC service attachment.

Dropped due to no matching routes.

Packet is sent from the Internet to the private IPv6 address.

Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel.

Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled in the subnet.

Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network.

Packet with internal destination address sent to the internet gateway.

The Private Service Connect endpoint is in a project that is not approved to connect to the service.

The packet is sent to the Private Service Connect endpoint over the peering, but it's not supported.

The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled.

The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified.

PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated.

Packet sent from a Cloud SQL instance with only a public IP address to a private IP address.

Packet sent from a public GKE cluster control plane to a private IP address.

Redis Cluster does not have an external IP address.

Packet sent from or to a Redis Cluster that is not in running state.

Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster.

Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster.

Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance.

Redis Instance does not have an external IP address.

Packet is dropped due to no route to the destination network.

Packet sent from or to a Redis Instance that is not in running state.

Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance.

Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance.

Dropped due to invalid route. Route's next hop is a blackhole.

Route's next hop forwarding rule doesn't match next hop IP address.

Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer).

Route's next hop IP address is not a primary IP address of the next hop instance.

Route's next hop instance doesn't have a NIC in the route's network.

Route's next hop IP address cannot be resolved to a GCP resource.

Route's next hop resource is not found.

Route's next hop VPN tunnel is down (does not have valid IKE SAs).

Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3.

Packet is stuck in a routing loop.

The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details.

Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input.

Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project.

Cause is unspecified.

Packet could be dropped because the health check traffic to the VPC connector is not allowed.

Packet could be dropped because the VPC connector is not in a running state.

Packet could be dropped because no VPC connector is set.

Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed.

The packet does not match a policy-based VPN tunnel local selector.

The packet does not match a policy-based VPN tunnel remote selector.