Questo problema potrebbe verificarsi nel caso in cui l'host del server di destinazione designato specificato nel proxy API sia errato o contenga caratteri non validi.
Questo problema può verificarsi quando Apigee non è in grado di risolvere il nome di dominio se il peering DNS non è configurato nei deployment di Apigee.
Apigee
Causa: l'host del server di destinazione specificato non è corretto o contiene caratteri non validi
{"fault":{"faultstring":
"Unable to resolve host invalid-target-host","detail":
{"errorcode":"protocol.http.NoResolvedHost","reason":
"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}
Se la risposta contiene il motivo dell'errore
TARGET_CONNECT_HOST_NOT_REACHABLE, significa che è correlato
a questo motivo.
Risoluzione
Controlla la definizione del proxy API e trova il nome host target definito:
Se il nome host target specificato non è valido o contiene caratteri non validi,
correggilo di conseguenza, crea una nuova revisione del proxy e esegui il deployment del
proxy.
Causa: il peering DNS non è configurato
Diagnosi
Verifica se l'organizzazione Apigee è in peering con una rete VPC invocando la seguente API Apigee:
Ad esempio, per determinare se il peering VPC è abilitato, controlla se l'attributo risposta
authorizedNetwork è presente e impostato su un valore. In caso contrario, il peering VPC
non è abilitato:
Verifica con lo sviluppatore del proxy API lato cliente se
questo nome di dominio del server di destinazione è configurato internamente. In caso contrario,
questo scenario non è applicabile.
Trova l'ID progetto e la rete in cui è ospitato l'endpoint di destinazione.
Elenca i peering DNS creati nella rete sopra indicata. Segui la procedura riportata di seguito a seconda che l'organizzazione Apigee sia in peering con una rete VPC o meno.
Peering VPC abilitato
Se il peering VPC è abilitato per la tua organizzazione, utilizza il comando
peered-dns-domains list:
gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID
Il risultato può essere vuoto se non sono disponibili domini DNS connessi in peer o elencare i domini DNS connessi in peer. Ad esempio:
NAME DNS_SUFFIX
customer-service customer.service.internal.
accounts-service accounts.service.internal.
Il peering VPC non è abilitato
Se il peering VPC non è abilitato nella tua organizzazione, utilizza la seguente API Apigee:
Se la risposta non include una voce di peering DNS per il suffisso DNS pertinente, questo potrebbe essere il motivo del problema. Segui
le istruzioni riportate nella sezione Risoluzione per risolvere il problema.
Risoluzione
Prendi nota del suffisso DNS, dell'ID progetto e della rete in cui è ospitato l'endpoint di destinazione.
Crea un dominio DNS accoppiato per il suffisso DNS.
Peering VPC abilitato
Se nella tua organizzazione è attivato il peering VPC, utilizza il comando
peered-dns-domains create gcloud. Tieni presente che il
suffisso DNS deve contenere un punto finale:
gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID
ORGANIZATION è il nome della tua organizzazione Apigee.
DNS_ZONE_ID è il nome della zona DNS che vuoi creare.
DOMAIN è il nome DNS di questa zona gestita, ad esempio example.com.
DESCRIPTION è una breve descrizione della zona DNS. Caratteri massimi: 1024
PRODUCER_PROJECT_ID è il progetto che contiene la rete VPC del producer.
PRODUCER_VPC_NETWORK è la rete VPC nel progetto del cliente.
Ora invia una richiesta API all'endpoint del proxy API e verifica
se il proxy API è in grado di risolvere il nome di dominio del server di destinazione
e di comunicare con il server di destinazione.
Deve raccogliere informazioni di diagnostica
Se il problema persiste anche dopo aver seguito le istruzioni riportate sopra, raccoglie le seguenti informazioni di diagnostica e poi contatta l'assistenza clienti Google Cloud.
Google Cloud ID progetto
Organizzazione Apigee
Proxy API e revisione
Rete in cui viene creato il dominio privato
Suffisso DNS del dominio privato
L'output completo del comando di creazione del dominio DNS in peering
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-04 UTC."],[[["\u003cp\u003eAPI requests failing with a \u003ccode\u003eTARGET_CONNECT_HOST_NOT_REACHABLE\u003c/code\u003e error and \u003ccode\u003eHTTP 503\u003c/code\u003e response can occur in Apigee and Apigee hybrid environments.\u003c/p\u003e\n"],["\u003cp\u003eOne cause of this error is an incorrect or invalid target server host specified within the API proxy definition, which can be resolved by correcting the host name and redeploying the proxy.\u003c/p\u003e\n"],["\u003cp\u003eAnother potential cause in Apigee deployments is the absence of DNS peering, preventing Apigee from resolving domain names, which can be resolved by creating a peered DNS domain using gcloud commands.\u003c/p\u003e\n"],["\u003cp\u003eTo diagnose DNS peering issues, you can use the Apigee API and gcloud commands to verify if the organization is peered with a VPC network and list the existing peered DNS domains.\u003c/p\u003e\n"],["\u003cp\u003eIf issues persist after applying the resolutions, you should gather diagnostic information, including the project ID, Apigee organization details, API proxy information, and network details, and then contact Google Cloud Customer Care.\u003c/p\u003e\n"]]],[],null,["# API requests fail with TARGET_CONNECT_HOST_NOT_REACHABLE error\n\n*You're viewing **Apigee** and **Apigee hybrid** documentation.\nThere is no equivalent\n[Apigee Edge](https://docs.apigee.com/api-platform/get-started/get-started) documentation for this topic.*\n\nSymptoms\n--------\n\n\nAPI requests fail with `TARGET_CONNECT_HOST_NOT_REACHABLE` error.\n\nError Messages\n--------------\n\n\nIf this issue occurs, the API requests will fail with `HTTP 503`\nresponse status code and the following error: \n\n```scdoc\n{\"fault\":{\"faultstring\":\n\"Unable to resolve host invalid-target-host\",\"detail\":\n{\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n\"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n```\n\nPossible Causes\n---------------\n\n\nThe following potential causes have been identified for the aforementioned\nsymptom:\n\n### Cause: target server host specified is incorrect or has invalid characters\n\n#### Diagnosis\n\n1. Send an API request to the relevant API proxy:\n\n ```\n curl -ik https://dev.example.com/dns-peering-example\n HTTP/2 503\n content-type: application/json\n x-request-id: ***\n content-length: 169\n date: Thu, 02 Nov 2023 04:31:43 GMT\n via: 1.1 google\n alt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\n ```\n\n and check the response message: \n\n ```scdoc\n {\"fault\":{\"faultstring\":\n \"Unable to resolve host invalid-target-host\",\"detail\":\n {\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n \"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n ```\n2. If the response contains the error reason `TARGET_CONNECT_HOST_NOT_REACHABLE` then, that is related to this reason.\n\n#### Resolution\n\n1. Check the API proxy definition and find the target hostname defined:\n2. If the target hostname given is invalid or has invalid characters, fix it accordingly, create a new revision of the proxy, and deploy the proxy.\n\n### Cause: DNS peering is not configured\n\n#### Diagnosis\n\n1. Check whether the Apigee organization is peered with a VPC network by invoking the following Apigee API: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/$ORG\" | jq .authorizedNetwork\n ```\n\n For example, to determine if VPC peering is enabled, check to see if the response attribute\n `authorizedNetwork` is present and set to a value. If it is not, then VPC peering\n is not enabled: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/example-org/\" | jq .authorizedNetwork\n ```\n\n This example response indicates that VPC peering is enabled: \n\n ```text\n \"projects/example-org/global/networks/shared-vpc1\"\n ```\n2. Verify with the API proxy developer from the customer side whether this target server domain name is internally configured. If not, this scenario does not apply.\n3. Find the project ID and the network in which the target endpoint is hosted.\n4. List DNS peerings created in the above network. Follow the steps below based on whether the Apigee organization is peered with a VPC network or not.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains list](/sdk/gcloud/reference/services/peered-dns-domains/list) command: \n\n ```\n gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID\n ```\n\n\n The result could either be blank if no peered\n DNS domains are available, or list the peered DNS domains. For example: \n\n ```scdoc\n NAME DNS_SUFFIX\n customer-service customer.service.internal.\n accounts-service accounts.service.internal.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, use the following Apigee API: \n\n ```\n curl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones\"\n ```\n\n Where: \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n\n Sample response, where the organization name is `dns-peering-int-4`: \n\n ```text\n {\n \"dnsZones\": [\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/demo\",\n \"description\": \"latest\",\n \"domain\": \"demo.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n },\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/dns-peering-int-4\",\n \"description\": \"latest\",\n \"domain\": \"dns-peering-int-4.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n }\n ]\n }\n ```\n\n\n If the response does not include a DNS peering entry for the relevant\n DNS suffix, then, that could be the reason for this issue. Follow\n the instructions given in [Resolution](#resolution) to resolve\n it.\n\n#### Resolution\n\n1. Make a note of the DNS suffix, project ID, and network in which the target endpoint is hosted.\n2. Create a peered DNS domain for the DNS suffix.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains create](/sdk/gcloud/reference/services/peered-dns-domains/create) gcloud command. Note that the\n DNS suffix should contain a trailing dot at the end of the DNS suffix: \n\n ```\n gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID\n ```\n\n\n For example: \n\n ```\n gcloud services peered-dns-domains create orders-service --network=\"shared-vpc1\" --dns-suffix=\"orders.service.internal.\" --project=service-project\n ```\n\n Response: \n\n ```text\n Operation \"operations/cpdd.p25-1064980322781-fafa5fe4-b5fe-487e-830d-fff0f9a6200d\" finished successfully.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, create a DNS peering zone with the\n private DNS zone in your project: \n\n ```\n curl -X POST -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones?dnsZoneId=DNS_ZONE_ID\" \\\n -d '{\n \"domain\": \"DOMAIN\",\n \"description\": \"DESCRIPTION\",\n \"peeringConfig\": {\n \"targetProjectId\": \"PRODUCER_PROJECT_ID\",\n \"targetNetworkId\": \"PRODUCER_VPC_NETWORK\"\n }\n }'\n ```\n\n Where:\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDNS_ZONE_ID\u003c/code\u003e\u003c/var\u003e is the name of the DNS zone you want to create.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDOMAIN\u003c/code\u003e\u003c/var\u003e is the DNS name of this managed zone, for instance `example.com`.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDESCRIPTION\u003c/code\u003e\u003c/var\u003e is a brief description of the DNS zone. Maximum characters: 1024\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e is the project that contains the producer VPC network.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e is the VPC network in the customer project.\n\n | **Note:** In a Shared VPC setup, the host project's network is shared with service projects. Therefore, if a service project's private DNS zone relies on this shared network, the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e and the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e referenced in the DNS configuration will both correspond to the host project.\n3. Now, send an API request to the API proxy endpoint and verify whether the API proxy could resolve the target server domain name and communicate with the target server.\n\nMust gather diagnostic information\n----------------------------------\n\n\nIf the problem persists even after following the above instructions,\ngather the following diagnostic information, and then contact [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n\n1. Google Cloud project ID\n2. Apigee organization\n3. API proxy and revision\n4. Network in which the private domain is created\n5. DNS suffix of the private domain\n6. The complete output of the peered DNS domain creation command"]]