This page describes the Network Analyzer insights for routes with an invalid next hop. For information about all the insight types, see Insight groups and types.
View insights in the Recommender API
To view these insights in the gcloud CLI or the Recommender API, use the following insight type:
google.networkanalyzer.vpcnetwork.connectivityInsight
You need the following permissions:
recommender.networkAnalyzerConnectivityInsights.listrecommender.networkAnalyzerConnectivityInsights.get
For more information about using the Recommender API for Network Analyzer insights, see Use the Recommender CLI and API.
IP address forwarding is disabled for the VM instance
This insight indicates that the VM as the next hop of the route cannot forward packets. This insight includes the following information: route name, network name, and the next hop.
Related topics
For more information about IP address forwarding, see Enable IP forwarding for instances.
Recommendations
Enable the canIpForward property of the VM instance by using the gcloud CLI.
For more information about using the CLI or API, see
Updating instance properties.
Export the existing instance properties, modify the canIpForward field,
and then upload the updated property file.
The canIpForward field in an exported instance property file appears as
follows:
canIpForward: false
If it is true, the instance has canIpForward already enabled. If
canIpForward is false, change the value to true, and update the instance
properties by using the modified file. To change this property, set the
most-disruptive-allowed-action flag value to REFRESH because it does not
require an instance restart.
For more information, see Update instance properties.
VM is deleted
This insight indicates that the next hop of the route is invalid because the VM instance has been deleted. This insight includes the following information: route name, network name, and the next hop.
Related topics
For more information about IP address forwarding, see Considerations common to instance and internal passthrough Network Load Balancer next hops.
Recommendations
Verify if the VM is still needed. If the VM is no longer needed, delete this invalid route. Otherwise, recover the deleted VM.
VM is stopped
This insight indicates that the next hop of the route is invalid because the VM instance has been stopped. This insight includes the following information: route name, network name, and the next hop.
Related topics
For more information about the next hop of a route, see Enable IP forwarding for instances.
Recommendations
Restart the VM instance.
Internal load balancer is misconfigured
This insight indicates that the next hop in the route is invalid because the internal load balancer used as the next hop of the route is deleted. This insight includes the following information: route name, network name, and the next hop.
Related topics
For more information, see Considerations common to instance and internal passthrough Network Load Balancer next hops.
Recommendations
Verify the load balancer is still needed. If the load balancer is no longer needed, delete the invalid route. Otherwise, recreate the deleted load balancer.
VPN tunnel is deleted
This insight shows that the route will drop packets because the next hop of the route is a VPN tunnel that has been deleted. This insight includes the following information: route name, network name, and the next hop.
Related topics
For more information, see Considerations common to instance and internal passthrough Network Load Balancer next hops.
Recommendations
Recover the deleted VPN tunnel. If you do not need the route, you can delete this invalid route.
IP address forwarding is disabled for the internal load balancer backend
This insight shows that the route cannot forward traffic as expected because
the route has a next hop of an internal TCP/UDP load balancer. The load
balancer's backend instances did not enable the canIpForward property. Without
enabling IP forwarding, the backend VM cannot forward packets with any source IP
address, hence the route is not usable.
This insight includes the following information: route name, network name, and the next hop IP address.
Related topics
For more information, see Considerations common to instance and internal passthrough Network Load Balancer next hops.
Recommendations
To fix this issue, first determine if the route with a next hop as an internal
TCP/UDP load balancer is needed. If the route is no longer needed, deleting the
route fixes this insight. If the route is needed, locate the backend instances
of the load balancer, and use the gcloud CLI or API to enable IP forwarding on
these backend instances. For more information about using the CLI/API, see
Updating instance properties.
Export the existing instance properties, modify the canIpForward field,
and upload the updated property file.
The canIpForward field in an exported instance property file appears as
follows:
canIpForward: false
If it is true, the instance has canIpForward already enabled. If it is
set to false, change the value to true, and update the instance
properties by using the modified file. To change this property, set the
most-disruptive-allowed-action flag value to REFRESH* because it does not
require an instance restart.
Virtual IP address is not assigned for the internal load balancer backend
This insight shows that the next hop IP address is not assigned to any forwarding rule in the relevant networks.
This insight includes the following information: route name, network name, and the next hop IP address.
Related topics
For more information, see Considerations common to instance and internal passthrough Network Load Balancer next hops.
Recommendations
If the unassigned IP address must be included, create an internal load balancer with this IP address. If it shouldn't be included, remove the route and create a new route with the correct IP address of the internal load balancer instead.