REST Resource: projects.locations.global.connectivityTests

Resource: ConnectivityTest

A Connectivity Test for a network reachability analysis.

JSON representation
{
  "name": string,
  "description": string,
  "source": {
    object (Endpoint)
  },
  "destination": {
    object (Endpoint)
  },
  "protocol": string,
  "relatedProjects": [
    string
  ],
  "displayName": string,
  "labels": {
    string: string,
    ...
  },
  "createTime": string,
  "updateTime": string,
  "reachabilityDetails": {
    object (ReachabilityDetails)
  }
}
Fields
name

string

Required. Unique name of the resource using the form: projects/{projectId}/locations/global/connectivityTests/{testId}

description

string

The user-supplied description of the Connectivity Test. Maximum of 512 characters.

source

object (Endpoint)

Required. Source specification of the Connectivity Test.

You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location.

Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information.

If the source of the test is within an on-premises network, then you must provide the destination VPC network.

If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network.

A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test.

destination

object (Endpoint)

Required. Destination specification of the Connectivity Test.

You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location.

Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information.

If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface.

A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test.

protocol

string

IP Protocol of the test. When not provided, "TCP" is assumed.

relatedProjects[]

string

Other projects that may be relevant for reachability analysis. This is applicable to scenarios where a test can cross project boundaries.

displayName

string

Output only. The display name of a Connectivity Test.

labels

map (key: string, value: string)

Resource labels to represent user-provided metadata.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

createTime

string (Timestamp format)

Output only. The time the test was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The time the test's configuration was updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

reachabilityDetails

object (ReachabilityDetails)

Output only. The reachability details of this test from the latest run. The details are updated when creating a new test, updating an existing test, or triggering a one-time rerun of an existing test.

Endpoint

Source or destination of the Connectivity Test.

JSON representation
{
  "ipAddress": string,
  "port": integer,
  "instance": string,
  "network": string,
  "networkType": enum (NetworkType),
  "projectId": string
}
Fields
ipAddress

string

The IP address of the endpoint, which can be an external or internal IP. An IPv6 address is only allowed when the test's destination is a global load balancer VIP.

port

integer

The IP protocol port of the endpoint. Only applicable when protocol is TCP or UDP.

instance

string

A Compute Engine instance URI.

network

string

A Compute Engine network URI.

networkType

enum (NetworkType)

Type of the network where the endpoint is located. Applicable only to source endpoint, as destination network type can be inferred from the source.

projectId

string

Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID: 1. Only the IP address is specified, and the IP address is within a GCP project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.

NetworkType

The type definition of an endpoint's network. Use one of the following choices:

Enums
NETWORK_TYPE_UNSPECIFIED Default type if unspecified.
GCP_NETWORK A network hosted within Google Cloud Platform. To receive more detailed output, specify the URI for the source or destination network.
NON_GCP_NETWORK A network hosted outside of Google Cloud Platform. This can be an on-premises network, or a network hosted by another cloud provider.

ReachabilityDetails

Results of the configuration analysis from the last run of the test.

JSON representation
{
  "result": enum (Result),
  "verifyTime": string,
  "error": {
    object (Status)
  },
  "traces": [
    {
      object (Trace)
    }
  ]
}
Fields
result

enum (Result)

The overall result of the test's configuration analysis.

verifyTime

string (Timestamp format)

The time of the configuration analysis.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

error

object (Status)

The details of a failure or a cancellation of reachability analysis.

traces[]

object (Trace)

Result may contain a list of traces if a test has multiple possible paths in the network, such as when destination endpoint is a load balancer with multiple backends.

Result

The overall result of the test's configuration analysis.

Enums
RESULT_UNSPECIFIED No result was specified.
REACHABLE

Possible scenarios are:

  • The configuration analysis determined that a packet originating from the source is expected to reach the destination.
  • The analysis didn't complete because the user lacks permission for some of the resources in the trace. However, at the time the user's permission became insufficient, the trace had been successful so far.
UNREACHABLE A packet originating from the source is expected to be dropped before reaching the destination.
AMBIGUOUS The source and destination endpoints do not uniquely identify the test location in the network, and the reachability result contains multiple traces. For some traces, a packet could be delivered, and for others, it would not be.
UNDETERMINED

The configuration analysis did not complete. Possible reasons are:

  • A permissions error occurred--for example, the user might not have read permission for all of the resources named in the test.
  • An internal error occurred.
  • The analyzer received an invalid or unsupported argument or was unable to identify a known endpoint.

Trace

Trace represents one simulated packet forwarding path.

  • Each trace contains multiple ordered steps.
  • Each step is in a particular state with associated configuration.
  • State is categorized as final or non-final states.
  • Each final state has a reason associated.
  • Each trace must end with a final state (the last step).
  |---------------------Trace----------------------|
  Step1(State) Step2(State) ---  StepN(State(final))
JSON representation
{
  "endpointInfo": {
    object (EndpointInfo)
  },
  "steps": [
    {
      object (Step)
    }
  ]
}
Fields
endpointInfo

object (EndpointInfo)

Derived from the source and destination endpoints definition, and validated by the data plane model. If there are multiple traces starting from different source locations, then the endpointInfo may be different between traces.

steps[]

object (Step)

A trace of a test contains multiple steps from the initial state to the final state (delivered, dropped, forwarded, or aborted).

The steps are ordered by the processing sequence within the simulated network state machine. It is critical to preserve the order of the steps and avoid reordering or sorting them.

EndpointInfo

For display only. The specification of the endpoints for the test. EndpointInfo is derived from source and destination Endpoint and validated by the backend data plane model.

JSON representation
{
  "sourceIp": string,
  "destinationIp": string,
  "protocol": string,
  "sourcePort": integer,
  "destinationPort": integer,
  "sourceNetworkUri": string,
  "destinationNetworkUri": string
}
Fields
sourceIp

string

Source IP address.

destinationIp

string

Destination IP address.

protocol

string

IP protocol in string format, for example: "TCP", "UDP", "ICMP".

sourcePort

integer

Source port. Only valid when protocol is TCP or UDP.

destinationPort

integer

Destination port. Only valid when protocol is TCP or UDP.

sourceNetworkUri

string

URI of the network where this packet originates from.

destinationNetworkUri

string

URI of the network where this packet is sent to.

Step

A simulated forwarding path is composed of multiple steps. Each step has a well-defined state and an associated configuration.

JSON representation
{
  "description": string,
  "state": enum (State),
  "causesDrop": boolean,
  "projectId": string,

  // Union field step_info can be only one of the following:
  "instance": {
    object (InstanceInfo)
  },
  "firewall": {
    object (FirewallInfo)
  },
  "route": {
    object (RouteInfo)
  },
  "endpoint": {
    object (EndpointInfo)
  },
  "forwardingRule": {
    object (ForwardingRuleInfo)
  },
  "vpnGateway": {
    object (VpnGatewayInfo)
  },
  "vpnTunnel": {
    object (VpnTunnelInfo)
  },
  "deliver": {
    object (DeliverInfo)
  },
  "forward": {
    object (ForwardInfo)
  },
  "abort": {
    object (AbortInfo)
  },
  "drop": {
    object (DropInfo)
  },
  "loadBalancer": {
    object (LoadBalancerInfo)
  },
  "network": {
    object (NetworkInfo)
  }
  // End of list of possible types for union field step_info.
}
Fields
description

string

A description of the step. Usually this is a summary of the state.

state

enum (State)

Each step is in one of the pre-defined states.

causesDrop

boolean

This is a step that leads to the final state Drop.

projectId

string

Project ID that contains the configuration this step is validating.

Union field step_info. Configuration or metadata associated with each step. The configuration is filtered based on viewer's permission. If a viewer has no permission to view the configuration in this step, for non-final states a special state is populated (VIEWER_PERMISSION_MISSING), and for final state the configuration is cleared. step_info can be only one of the following:
instance

object (InstanceInfo)

Display info of a Compute Engine instance.

firewall

object (FirewallInfo)

Display info of a Compute Engine firewall rule.

route

object (RouteInfo)

Display info of a Compute Engine route.

endpoint

object (EndpointInfo)

Display info of the source and destination under analysis. The endpoint info in an intermediate state may differ with the initial input, as it might be modified by state like NAT, or Connection Proxy.

forwardingRule

object (ForwardingRuleInfo)

Display info of a Compute Engine forwarding rule.

vpnGateway

object (VpnGatewayInfo)

Display info of a Compute Engine VPN gateway.

vpnTunnel

object (VpnTunnelInfo)

Display info of a Compute Engine VPN tunnel.

deliver

object (DeliverInfo)

Display info of the final state "deliver" and reason.

forward

object (ForwardInfo)

Display info of the final state "forward" and reason.

abort

object (AbortInfo)

Display info of the final state "abort" and reason.

drop

object (DropInfo)

Display info of the final state "drop" and reason.

loadBalancer

object (LoadBalancerInfo)

Display info of the load balancers.

network

object (NetworkInfo)

Display info of a GCP network.

State

Type of states that are defined in the network state machine. Each step in the packet trace is in a specific state.

Enums
STATE_UNSPECIFIED Unspecified state.
START_FROM_INSTANCE Initial state: packet originating from a Compute Engine instance. An InstanceInfo will be populated with starting instance info.
START_FROM_INTERNET Initial state: packet originating from Internet. The endpoint info will be populated.
START_FROM_PRIVATE_NETWORK Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo will be populated with details of the network.
APPLY_INGRESS_FIREWALL_RULE Config checking state: verify ingress firewall rule.
APPLY_EGRESS_FIREWALL_RULE Config checking state: verify egress firewall rule.
APPLY_ROUTE Config checking state: verify route.
APPLY_FORWARDING_RULE Config checking state: match forwarding rule.
SPOOFING_APPROVED Config checking state: packet sent or received under foreign IP address and allowed.
ARRIVE_AT_INSTANCE Forwarding state: arriving at a Compute Engine instance.
ARRIVE_AT_INTERNAL_LOAD_BALANCER Forwarding state: arriving at a Compute Engine internal load balancer.
ARRIVE_AT_EXTERNAL_LOAD_BALANCER Forwarding state: arriving at a Compute Engine external load balancer.
ARRIVE_AT_VPN_GATEWAY Forwarding state: arriving at a Cloud VPN gateway.
ARRIVE_AT_VPN_TUNNEL Forwarding state: arriving at a Cloud VPN tunnel.
NAT Transition state: packet header translated.
PROXY_CONNECTION Transition state: original connection is terminated and a new proxied connection is initiated.
DELIVER Final state: packet could be delivered.
DROP Final state: packet coud be dropped.
FORWARD Final state: packet could be forwarded to a network with an unknown configuration.
ABORT Final state: analysis is aborted.
VIEWER_PERMISSION_MISSING Special state: viewer of the test result does not have permission to see the configuration in this step.

InstanceInfo

For display only. Metadata associated with a Compute Engine instance.

JSON representation
{
  "displayName": string,
  "uri": string,
  "interface": string,
  "networkUri": string,
  "internalIp": string,
  "externalIp": string,
  "networkTags": [
    string
  ],
  "serviceAccount": string
}
Fields
displayName

string

Name of a Compute Engine instance.

uri

string

URI of a Compute Engine instance.

interface

string

Name of the network interface of a Compute Engine instance.

networkUri

string

URI of a Compute Engine network.

internalIp

string

Internal IP address of the network interface.

externalIp

string

External IP address of the network interface.

networkTags[]

string

Network tags configured on the instance.

serviceAccount
(deprecated)

string

Service account authorized for the instance.

FirewallInfo

For display only. Metadata associated with a VPC firewall rule, an implied VPC firewall rule, or a hierarchical firewall policy rule.

JSON representation
{
  "displayName": string,
  "uri": string,
  "direction": string,
  "action": string,
  "priority": integer,
  "networkUri": string,
  "targetTags": [
    string
  ],
  "targetServiceAccounts": [
    string
  ],
  "policy": string,
  "firewallRuleType": enum (FirewallRuleType)
}
Fields
displayName

string

The display name of the VPC firewall rule. This field is not applicable to hierarchical firewall policy rules.

uri

string

The URI of the VPC firewall rule. This field is not applicable to implied firewall rules or hierarchical firewall policy rules.

direction

string

Possible values: INGRESS, EGRESS

action

string

Possible values: ALLOW, DENY

priority

integer

The priority of the firewall rule.

networkUri

string

The URI of the VPC network that the firewall rule is associated with. This field is not applicable to hierarchical firewall policy rules.

targetTags[]

string

The target tags defined by the VPC firewall rule. This field is not applicable to hierarchical firewall policy rules.

targetServiceAccounts[]

string

The target service accounts specified by the firewall rule.

policy

string

The hierarchical firewall policy that this rule is associated with. This field is not applicable to VPC firewall rules.

firewallRuleType

enum (FirewallRuleType)

The firewall rule's type.

FirewallRuleType

The firewall rule's type.

Enums
FIREWALL_RULE_TYPE_UNSPECIFIED Unspecified type.
HIERARCHICAL_FIREWALL_POLICY_RULE Hierarchical firewall policy rule. For details, see Hierarchical firewall policies overview.
VPC_FIREWALL_RULE VPC firewall rule. For details, see VPC firewall rules overview.
IMPLIED_VPC_FIREWALL_RULE Implied VPC firewall rule. For details, see Implied rules.

RouteInfo

For display only. Metadata associated with a Compute Engine route.

JSON representation
{
  "routeType": enum (RouteType),
  "nextHopType": enum (NextHopType),
  "displayName": string,
  "uri": string,
  "destIpRange": string,
  "nextHop": string,
  "networkUri": string,
  "priority": integer,
  "instanceTags": [
    string
  ]
}
Fields
routeType

enum (RouteType)

Type of route.

nextHopType

enum (NextHopType)

Type of next hop.

displayName

string

Name of a Compute Engine route.

uri

string

URI of a Compute Engine route. Dynamic route from cloud router does not have a URI. Advertised route from Google Cloud VPC to on-premises network also does not have a URI.

destIpRange

string

Destination IP range of the route.

nextHop

string

Next hop of the route.

networkUri

string

URI of a Compute Engine network.

priority

integer

Priority of the route.

instanceTags[]

string

Instance tags of the route.

RouteType

Type of route:

Enums
ROUTE_TYPE_UNSPECIFIED Unspecified type. Default value.
SUBNET Route is a subnet route automatically created by the system.
STATIC Static route created by the user, including the default route to the Internet.
DYNAMIC Dynamic route exchanged between BGP peers.
PEERING_SUBNET A subnet route received from peering network.
PEERING_STATIC A static route received from peering network.
PEERING_DYNAMIC A dynamic route received from peering network.

NextHopType

Type of next hop:

Enums
NEXT_HOP_TYPE_UNSPECIFIED Unspecified type. Default value.
NEXT_HOP_IP Next hop is an IP address.
NEXT_HOP_INSTANCE Next hop is a Compute Engine instance.
NEXT_HOP_NETWORK Next hop is a VPC network gateway.
NEXT_HOP_PEERING Next hop is a peering VPC.
NEXT_HOP_INTERCONNECT Next hop is an interconnect.
NEXT_HOP_VPN_TUNNEL Next hop is a VPN tunnel.
NEXT_HOP_VPN_GATEWAY Next hop is a VPN Gateway. This scenario happens only when tracing connectivity from an on-premises network to GCP through a VPN. The analysis simulates a packet departing from the on-premises network through a VPN tunnel and arriving at a Cloud VPN gateway.
NEXT_HOP_INTERNET_GATEWAY Next hop is an internet gateway.
NEXT_HOP_BLACKHOLE Next hop is blackhole; that is, the next hop either does not exist or is not running.
NEXT_HOP_ILB Next hop is the forwarding rule of an Internal Load Balancer.

ForwardingRuleInfo

For display only. Metadata associated with a Compute Engine forwarding rule.

JSON representation
{
  "displayName": string,
  "uri": string,
  "matchedProtocol": string,
  "matchedPortRange": string,
  "vip": string,
  "target": string,
  "networkUri": string
}
Fields
displayName

string

Name of a Compute Engine forwarding rule.

uri

string

URI of a Compute Engine forwarding rule.

matchedProtocol

string

Protocol defined in the forwarding rule that matches the test.

matchedPortRange

string

Port range defined in the forwarding rule that matches the test.

vip

string

VIP of the forwarding rule.

target

string

Target type of the forwarding rule.

networkUri

string

Network URI. Only valid for Internal Load Balancer.

VpnGatewayInfo

For display only. Metadata associated with a Compute Engine VPN gateway.

JSON representation
{
  "displayName": string,
  "uri": string,
  "networkUri": string,
  "ipAddress": string,
  "vpnTunnelUri": string,
  "region": string
}
Fields
displayName

string

Name of a VPN gateway.

uri

string

URI of a VPN gateway.

networkUri

string

URI of a Compute Engine network where the VPN gateway is configured.

ipAddress

string

IP address of the VPN gateway.

vpnTunnelUri

string

A VPN tunnel that is associated with this VPN gateway. There may be multiple VPN tunnels configured on a VPN gateway, and only the one relevant to the test is displayed.

region

string

Name of a GCP region where this VPN gateway is configured.

VpnTunnelInfo

For display only. Metadata associated with a Compute Engine VPN tunnel.

JSON representation
{
  "displayName": string,
  "uri": string,
  "sourceGateway": string,
  "remoteGateway": string,
  "remoteGatewayIp": string,
  "sourceGatewayIp": string,
  "networkUri": string,
  "region": string,
  "routingType": enum (RoutingType)
}
Fields
displayName

string

Name of a VPN tunnel.

uri

string

URI of a VPN tunnel.

sourceGateway

string

URI of the VPN gateway at local end of the tunnel.

remoteGateway

string

URI of a VPN gateway at remote end of the tunnel.

remoteGatewayIp

string

Remote VPN gateway's IP address.

sourceGatewayIp

string

Local VPN gateway's IP address.

networkUri

string

URI of a Compute Engine network where the VPN tunnel is configured.

region

string

Name of a GCP region where this VPN tunnel is configured.

routingType

enum (RoutingType)

Type of the routing policy.

RoutingType

Types of VPN routing policy. For details, refer to Networks and Tunnel routing.

Enums
ROUTING_TYPE_UNSPECIFIED Unspecified type. Default value.
ROUTE_BASED Route based VPN.
POLICY_BASED Policy based routing.
DYNAMIC Dynamic (BGP) routing.

DeliverInfo

Details of the final state "deliver" and associated resource.

JSON representation
{
  "target": enum (Target),
  "resourceUri": string
}
Fields
target

enum (Target)

Target type where the packet is delivered to.

resourceUri

string

URI of the resource that the packet is delivered to.

Target

Deliver target types:

Enums
TARGET_UNSPECIFIED Target not specified.
INSTANCE Target is a Compute Engine instance.
INTERNET Target is the Internet.
GOOGLE_API Target is a Google API.

ForwardInfo

Details of the final state "forward" and associated resource.

JSON representation
{
  "target": enum (Target),
  "resourceUri": string
}
Fields
target

enum (Target)

Target type where this packet is forwarded to.

resourceUri

string

URI of the resource that the packet is forwarded to.

Target

Forward target types.

Enums
TARGET_UNSPECIFIED Target not specified.
PEERING_VPC Forwarded to a VPC peering network.
VPN_GATEWAY Forwarded to a Cloud VPN gateway.
INTERCONNECT Forwarded to a Cloud Interconnect connection.
GKE_MASTER Forwarded to a Google Kubernetes Engine Container cluster master.
IMPORTED_CUSTOM_ROUTE_NEXT_HOP Forwarded to the next hop of a custom route imported from a peering VPC.

AbortInfo

Details of the final state "abort" and associated resource.

JSON representation
{
  "cause": enum (Cause),
  "resourceUri": string
}
Fields
cause

enum (Cause)

Causes that the analysis is aborted.

resourceUri

string

URI of the resource that caused the abort.

Cause

Abort cause types:

Enums
CAUSE_UNSPECIFIED Cause is unspecified.
UNKNOWN_NETWORK Aborted due to unknown network. The reachability analysis cannot proceed because the user does not have access to the host project's network configurations, including firewall rules and routes. This happens when the project is a service project and the endpoints being traced are in the host project's network.
UNKNOWN_IP Aborted because the IP address(es) are unknown.
UNKNOWN_PROJECT Aborted because no project information can be derived from the test input.
PERMISSION_DENIED Aborted because the user lacks the permission to access all or part of the network configurations required to run the test.
NO_SOURCE_LOCATION Aborted because no valid source endpoint is derived from the input test request.
INVALID_ARGUMENT Aborted because the source and/or destination endpoint specified in the test are invalid. The possible reasons that an endpoint is invalid include: malformed IP address; nonexistent instance or network URI; IP address not in the range of specified network URI; and instance not owning the network interface in the specified network.
NO_EXTERNAL_IP Aborted because traffic is sent from a public IP to an instance without an external IP.
UNINTENDED_DESTINATION Aborted because none of the traces matches destination information specified in the input test request.
TRACE_TOO_LONG Aborted because the number of steps in the trace exceeding a certain limit which may be caused by routing loop.
INTERNAL_ERROR Aborted due to internal server error.

DropInfo

Details of the final state "drop" and associated resource.

JSON representation
{
  "cause": enum (Cause),
  "resourceUri": string
}
Fields
cause

enum (Cause)

Cause that the packet is dropped.

resourceUri

string

URI of the resource that caused the drop.

Cause

Drop cause types:

Enums
CAUSE_UNSPECIFIED Cause is unspecified.
UNKNOWN_EXTERNAL_ADDRESS Destination external address cannot be resolved to a known target. If the address is used in a GCP project, provide the project ID as test input.
FOREIGN_IP_DISALLOWED A Compute Engine instance can send or receive a packet with a foreign IP only if ip_forward is enabled.
FIREWALL_RULE Dropped due to a firewall rule, unless allowed due to connection tracking.
NO_ROUTE Dropped due to no routes.
ROUTE_BLACKHOLE Dropped due to invalid route. Route's next hop is a blackhole.
ROUTE_WRONG_NETWORK Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP addresss to Network3.
PRIVATE_TRAFFIC_TO_INTERNET Packet with internal destination address sent to Internet gateway.
PRIVATE_GOOGLE_ACCESS_DISALLOWED Instance with only an internal IP tries to access Google API and Services, and private Google access is not enabled.
NO_EXTERNAL_ADDRESS Instance with only internal IP tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allows this connection. See Special Configurations for VM instances for details.
UNKNOWN_INTERNAL_ADDRESS Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project.
FORWARDING_RULE_MISMATCH Forwarding rule's protocol and ports do not match the packet header.
FORWARDING_RULE_NO_INSTANCES Forwarding rule does not have backends configured.
FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. See Health check firewall rules for more details.
INSTANCE_NOT_RUNNING Packet is sent from or to a Compute Engine instance that is not in a running state.
TRAFFIC_TYPE_BLOCKED The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details.
GKE_MASTER_UNAUTHORIZED_ACCESS Access to GKE master's endpoint is not authorized. See Access to the cluster endpoints for more details.

LoadBalancerInfo

For display only. Metadata associated with a load balancer.

JSON representation
{
  "loadBalancerType": enum (LoadBalancerType),
  "healthCheckUri": string,
  "backends": [
    {
      object (LoadBalancerBackend)
    }
  ],
  "backendType": enum (BackendType),
  "backendUri": string
}
Fields
loadBalancerType

enum (LoadBalancerType)

Type of the load balancer.

healthCheckUri

string

URI of the health check for the load balancer.

backends[]

object (LoadBalancerBackend)

Information for the loadbalancer backends.

backendType

enum (BackendType)

Type of load balancer's backend configuration.

backendUri

string

Backend configuration URI.

LoadBalancerType

The type definition for a load balancer:

Enums
LOAD_BALANCER_TYPE_UNSPECIFIED Type is unspecified.
INTERNAL_TCP_UDP Internal TCP/UDP load balancer.
NETWORK_TCP_UDP Network TCP/UDP load balancer.
HTTP_PROXY HTTP(S) proxy load balancer.
TCP_PROXY TCP proxy load balancer.
SSL_PROXY SSL proxy load balancer.

LoadBalancerBackend

For display only. Metadata associated with a specific load balancer backend.

JSON representation
{
  "displayName": string,
  "uri": string,
  "healthCheckFirewallState": enum (HealthCheckFirewallState),
  "healthCheckAllowingFirewallRules": [
    string
  ],
  "healthCheckBlockingFirewallRules": [
    string
  ]
}
Fields
displayName

string

Name of a Compute Engine instance or network endpoint.

uri

string

URI of a Compute Engine instance or network endpoint.

healthCheckFirewallState

enum (HealthCheckFirewallState)

State of the health check firewall configuration.

healthCheckAllowingFirewallRules[]

string

A list of firewall rule URIs allowing probes from health check IP ranges.

healthCheckBlockingFirewallRules[]

string

A list of firewall rule URIs blocking probes from health check IP ranges.

HealthCheckFirewallState

State of a health check firewall configuration:

Enums
HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED State is unspecified. Default state if not populated.
CONFIGURED There are configured firewall rules to allow health check probes to the backend.
MISCONFIGURED There are firewall rules configured to allow partial health check ranges or block all health check ranges. If a health check probe is sent from denied IP ranges, the health check to the backend will fail. Then, the backend will be marked unhealthy and will not receive traffic sent to the load balancer.

BackendType

The type definition for a load balancer backend configuration:

Enums
BACKEND_TYPE_UNSPECIFIED Type is unspecified.
BACKEND_SERVICE Backend Service as the load balancer's backend.
TARGET_POOL Target Pool as the load balancer's backend.

NetworkInfo

For display only. Metadata associated with a Compute Engine network.

JSON representation
{
  "displayName": string,
  "uri": string,
  "matchedIpRange": string
}
Fields
displayName

string

Name of a Compute Engine network.

uri

string

URI of a Compute Engine network.

matchedIpRange

string

The IP range that matches the test.

Methods

create

Creates a new Connectivity Test.

delete

Deletes a specific ConnectivityTest.

get

Gets the details of a specific Connectivity Test.

getIamPolicy

Gets the access control policy for a resource.

list

Lists all Connectivity Tests owned by a project.

patch

Updates the configuration of an existing ConnectivityTest.

rerun

Rerun an existing ConnectivityTest.

setIamPolicy

Sets the access control policy on the specified resource.

testIamPermissions

Returns permissions that a caller has on the specified resource.