Este problema puede ocurrir si el host del servidor de destino designado
que se especificó en el proxy de API es incorrecto o contiene
caracteres no válidos.
Este problema puede ocurrir cuando Apigee no puede resolver el nombre
de dominio si el intercambio de tráfico de DNS no se configura en las implementaciones de Apigee.
Apigee
Causa: El host del servidor de destino que se especificó es incorrecto o tiene caracteres no válidos
Diagnóstico
Envía una solicitud a la API al proxy de API relevante:
{"fault":{"faultstring":
"Unable to resolve host invalid-target-host","detail":
{"errorcode":"protocol.http.NoResolvedHost","reason":
"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}
Si la respuesta contiene el motivo de error
TARGET_CONNECT_HOST_NOT_REACHABLE, entonces eso está relacionado con
este motivo.
Solución
Revisa la definición del proxy de API y busca el nombre de host de destino definido:
Si el nombre de host de destino proporcionado no es válido o tiene caracteres no válidos, corrígelo según corresponda, crea una nueva revisión del proxy y, luego, implementa el proxy.
Causa: El intercambio de tráfico de DNS no está configurado
Diagnóstico
Revisa si la organización de Apigee intercambia tráfico con una red de VPC invocando la siguiente API de Apigee:
Si la organización de Apigee no intercambia tráfico con una VPC y usa
Private Service Connect (PSC),
esta situación no se aplica para esta organización de Apigee.
Verifica con el desarrollador del proxy de API del cliente si este nombre de dominio de servidor de destino está configurado internamente. Si no es así, no se aplica esta situación.
Busca el ID de proyecto y la red en la que se aloja el extremo de destino.
Enumera los intercambios de tráfico de DNS creados en la red anterior ejecutando el comando
peered-dns-domains list:
gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID
El comando anterior podría mostrar un resultado en blanco si no hay dominios DNS con intercambio de tráfico disponibles o mostrar una lista de dominios DNS con intercambio de tráfico similar a lo siguiente:
NAME DNS_SUFFIX
customer-service customer.service.internal.
accounts-service accounts.service.internal.
Si el comando anterior no enumera una entrada de intercambio de tráfico de DNS para el sufijo DNS relevante, ese puede ser el motivo de este problema. Sigue las instrucciones proporcionadas en Solución para resolverlo.
Solución
Toma nota del sufijo DNS, el ID del proyecto y la red en la que se aloja el
extremo de destino.
Crea un dominio DNS con intercambio de tráfico para el sufijo DNS usando el comando de gcloud
peered-dns-domains create. Ten en cuenta que el sufijo DNS debe contener un punto final.
gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID
Ahora, envía la solicitud a la API al extremo del proxy de API y verifica si el proxy de API puede resolver el nombre de dominio del servidor de destino y comunicarse con el servidor de destino:
Si el problema persiste incluso después de seguir las instrucciones anteriores, recopila la siguiente información de diagnóstico y, luego, comunícate con Atención al cliente de Cloud:
ID del proyecto de Google Cloud
Organización de Apigee
Proxy de API y revisión
Red en la que se crea el dominio privado
Sufijo DNS del dominio privado
La salida completa del comando de creación del dominio DNS con intercambio de tráfico
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[[["\u003cp\u003eAPI requests failing with a \u003ccode\u003eTARGET_CONNECT_HOST_NOT_REACHABLE\u003c/code\u003e error and \u003ccode\u003eHTTP 503\u003c/code\u003e response can occur in Apigee and Apigee hybrid environments.\u003c/p\u003e\n"],["\u003cp\u003eOne cause of this error is an incorrect or invalid target server host specified within the API proxy definition, which can be resolved by correcting the host name and redeploying the proxy.\u003c/p\u003e\n"],["\u003cp\u003eAnother potential cause in Apigee deployments is the absence of DNS peering, preventing Apigee from resolving domain names, which can be resolved by creating a peered DNS domain using gcloud commands.\u003c/p\u003e\n"],["\u003cp\u003eTo diagnose DNS peering issues, you can use the Apigee API and gcloud commands to verify if the organization is peered with a VPC network and list the existing peered DNS domains.\u003c/p\u003e\n"],["\u003cp\u003eIf issues persist after applying the resolutions, you should gather diagnostic information, including the project ID, Apigee organization details, API proxy information, and network details, and then contact Google Cloud Customer Care.\u003c/p\u003e\n"]]],[],null,["# API requests fail with TARGET_CONNECT_HOST_NOT_REACHABLE error\n\n*You're viewing **Apigee** and **Apigee hybrid** documentation.\nThere is no equivalent\n[Apigee Edge](https://docs.apigee.com/api-platform/get-started/get-started) documentation for this topic.*\n\nSymptoms\n--------\n\n\nAPI requests fail with `TARGET_CONNECT_HOST_NOT_REACHABLE` error.\n\nError Messages\n--------------\n\n\nIf this issue occurs, the API requests will fail with `HTTP 503`\nresponse status code and the following error: \n\n```scdoc\n{\"fault\":{\"faultstring\":\n\"Unable to resolve host invalid-target-host\",\"detail\":\n{\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n\"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n```\n\nPossible Causes\n---------------\n\n\nThe following potential causes have been identified for the aforementioned\nsymptom:\n\n### Cause: target server host specified is incorrect or has invalid characters\n\n#### Diagnosis\n\n1. Send an API request to the relevant API proxy:\n\n ```\n curl -ik https://dev.example.com/dns-peering-example\n HTTP/2 503\n content-type: application/json\n x-request-id: ***\n content-length: 169\n date: Thu, 02 Nov 2023 04:31:43 GMT\n via: 1.1 google\n alt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\n ```\n\n and check the response message: \n\n ```scdoc\n {\"fault\":{\"faultstring\":\n \"Unable to resolve host invalid-target-host\",\"detail\":\n {\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n \"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n ```\n2. If the response contains the error reason `TARGET_CONNECT_HOST_NOT_REACHABLE` then, that is related to this reason.\n\n#### Resolution\n\n1. Check the API proxy definition and find the target hostname defined:\n2. If the target hostname given is invalid or has invalid characters, fix it accordingly, create a new revision of the proxy, and deploy the proxy.\n\n### Cause: DNS peering is not configured\n\n#### Diagnosis\n\n1. Check whether the Apigee organization is peered with a VPC network by invoking the following Apigee API: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/$ORG\" | jq .authorizedNetwork\n ```\n\n For example, to determine if VPC peering is enabled, check to see if the response attribute\n `authorizedNetwork` is present and set to a value. If it is not, then VPC peering\n is not enabled: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/example-org/\" | jq .authorizedNetwork\n ```\n\n This example response indicates that VPC peering is enabled: \n\n ```text\n \"projects/example-org/global/networks/shared-vpc1\"\n ```\n2. Verify with the API proxy developer from the customer side whether this target server domain name is internally configured. If not, this scenario does not apply.\n3. Find the project ID and the network in which the target endpoint is hosted.\n4. List DNS peerings created in the above network. Follow the steps below based on whether the Apigee organization is peered with a VPC network or not.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains list](/sdk/gcloud/reference/services/peered-dns-domains/list) command: \n\n ```\n gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID\n ```\n\n\n The result could either be blank if no peered\n DNS domains are available, or list the peered DNS domains. For example: \n\n ```scdoc\n NAME DNS_SUFFIX\n customer-service customer.service.internal.\n accounts-service accounts.service.internal.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, use the following Apigee API: \n\n ```\n curl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones\"\n ```\n\n Where: \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n\n Sample response, where the organization name is `dns-peering-int-4`: \n\n ```text\n {\n \"dnsZones\": [\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/demo\",\n \"description\": \"latest\",\n \"domain\": \"demo.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n },\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/dns-peering-int-4\",\n \"description\": \"latest\",\n \"domain\": \"dns-peering-int-4.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n }\n ]\n }\n ```\n\n\n If the response does not include a DNS peering entry for the relevant\n DNS suffix, then, that could be the reason for this issue. Follow\n the instructions given in [Resolution](#resolution) to resolve\n it.\n\n#### Resolution\n\n1. Make a note of the DNS suffix, project ID, and network in which the target endpoint is hosted.\n2. Create a peered DNS domain for the DNS suffix.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains create](/sdk/gcloud/reference/services/peered-dns-domains/create) gcloud command. Note that the\n DNS suffix should contain a trailing dot at the end of the DNS suffix: \n\n ```\n gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID\n ```\n\n\n For example: \n\n ```\n gcloud services peered-dns-domains create orders-service --network=\"shared-vpc1\" --dns-suffix=\"orders.service.internal.\" --project=service-project\n ```\n\n Response: \n\n ```text\n Operation \"operations/cpdd.p25-1064980322781-fafa5fe4-b5fe-487e-830d-fff0f9a6200d\" finished successfully.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, create a DNS peering zone with the\n private DNS zone in your project: \n\n ```\n curl -X POST -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones?dnsZoneId=DNS_ZONE_ID\" \\\n -d '{\n \"domain\": \"DOMAIN\",\n \"description\": \"DESCRIPTION\",\n \"peeringConfig\": {\n \"targetProjectId\": \"PRODUCER_PROJECT_ID\",\n \"targetNetworkId\": \"PRODUCER_VPC_NETWORK\"\n }\n }'\n ```\n\n Where:\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDNS_ZONE_ID\u003c/code\u003e\u003c/var\u003e is the name of the DNS zone you want to create.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDOMAIN\u003c/code\u003e\u003c/var\u003e is the DNS name of this managed zone, for instance `example.com`.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDESCRIPTION\u003c/code\u003e\u003c/var\u003e is a brief description of the DNS zone. Maximum characters: 1024\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e is the project that contains the producer VPC network.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e is the VPC network in the customer project.\n\n | **Note:** In a Shared VPC setup, the host project's network is shared with service projects. Therefore, if a service project's private DNS zone relies on this shared network, the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e and the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e referenced in the DNS configuration will both correspond to the host project.\n3. Now, send an API request to the API proxy endpoint and verify whether the API proxy could resolve the target server domain name and communicate with the target server.\n\nMust gather diagnostic information\n----------------------------------\n\n\nIf the problem persists even after following the above instructions,\ngather the following diagnostic information, and then contact [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n\n1. Google Cloud project ID\n2. Apigee organization\n3. API proxy and revision\n4. Network in which the private domain is created\n5. DNS suffix of the private domain\n6. The complete output of the peered DNS domain creation command"]]