Cause(value)Drop cause types:
Values:
CAUSE_UNSPECIFIED (0):
Cause is unspecified.
UNKNOWN_EXTERNAL_ADDRESS (1):
Destination external address cannot be
resolved to a known target. If the address is
used in a Google Cloud project, provide the
project ID as test input.
FOREIGN_IP_DISALLOWED (2):
A Compute Engine instance can only send or receive a packet
with a foreign IP address if ip_forward is enabled.
FIREWALL_RULE (3):
Dropped due to a firewall rule, unless
allowed due to connection tracking.
NO_ROUTE (4):
Dropped due to no routes.
ROUTE_BLACKHOLE (5):
Dropped due to invalid route. Route's next
hop is a blackhole.
ROUTE_WRONG_NETWORK (6):
Packet is sent to a wrong (unintended)
network. Example: you trace a
packet from VM1:Network1 to VM2:Network2,
however, the route configured in Network1 sends
the packet destined for VM2's IP addresss to
Network3.
PRIVATE_TRAFFIC_TO_INTERNET (7):
Packet with internal destination address sent
to the internet gateway.
PRIVATE_GOOGLE_ACCESS_DISALLOWED (8):
Instance with only an internal IP address
tries to access Google API and services, but
private Google access is not enabled.
NO_EXTERNAL_ADDRESS (9):
Instance with only an internal IP address
tries to access external hosts, but Cloud NAT is
not enabled in the subnet, unless special
configurations on a VM allow this connection.
UNKNOWN_INTERNAL_ADDRESS (10):
Destination internal address cannot be
resolved to a known target. If this is a shared
VPC scenario, verify if the service project ID
is provided as test input. Otherwise, verify if
the IP address is being used in the project.
FORWARDING_RULE_MISMATCH (11):
Forwarding rule's protocol and ports do not
match the packet header.
FORWARDING_RULE_REGION_MISMATCH (25):
Packet could be dropped because it was sent
from a different region to a regional forwarding
without global access.
FORWARDING_RULE_NO_INSTANCES (12):
Forwarding rule does not have backends
configured.
FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK (13):
Firewalls block the health check probes to the backends and
cause the backends to be unavailable for traffic from the
load balancer. For more details, see Health check firewall
rules <https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules>.
INSTANCE_NOT_RUNNING (14):
Packet is sent from or to a Compute Engine
instance that is not in a running state.
GKE_CLUSTER_NOT_RUNNING (27):
Packet sent from or to a GKE cluster that is
not in running state.
CLOUD_SQL_INSTANCE_NOT_RUNNING (28):
Packet sent from or to a Cloud SQL instance
that is not in running state.
TRAFFIC_TYPE_BLOCKED (15):
The type of traffic is blocked and the user cannot configure
a firewall rule to enable it. See Always blocked
traffic <https://cloud.google.com/vpc/docs/firewalls#blockedtraffic>
for more details.
GKE_MASTER_UNAUTHORIZED_ACCESS (16):
Access to Google Kubernetes Engine cluster master's endpoint
is not authorized. See Access to the cluster
endpoints <https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints>
for more details.
CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS (17):
Access to the Cloud SQL instance endpoint is not authorized.
See Authorizing with authorized
networks <https://cloud.google.com/sql/docs/mysql/authorize-networks>
for more details.
DROPPED_INSIDE_GKE_SERVICE (18):
Packet was dropped inside Google Kubernetes
Engine Service.
DROPPED_INSIDE_CLOUD_SQL_SERVICE (19):
Packet was dropped inside Cloud SQL Service.
GOOGLE_MANAGED_SERVICE_NO_PEERING (20):
Packet was dropped because there is no
peering between the originating network and the
Google Managed Services Network.
GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT (38):
Packet was dropped because the Google-managed
service uses Private Service Connect (PSC), but
the PSC endpoint is not found in the project.
GKE_PSC_ENDPOINT_MISSING (36):
Packet was dropped because the GKE cluster
uses Private Service Connect (PSC), but the PSC
endpoint is not found in the project.
CLOUD_SQL_INSTANCE_NO_IP_ADDRESS (21):
Packet was dropped because the Cloud SQL
instance has neither a private nor a public IP
address.
GKE_CONTROL_PLANE_REGION_MISMATCH (30):
Packet was dropped because a GKE cluster
private endpoint is unreachable from a region
different from the cluster's region.
PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION (31):
Packet sent from a public GKE cluster control
plane to a private IP address.
GKE_CONTROL_PLANE_NO_ROUTE (32):
Packet was dropped because there is no route
from a GKE cluster control plane to a
destination network.
CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC (33):
Packet sent from a Cloud SQL instance to an
external IP address is not allowed. The Cloud
SQL instance is not configured to send packets
to external IP addresses.
PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION (34):
Packet sent from a Cloud SQL instance with
only a public IP address to a private IP
address.
CLOUD_SQL_INSTANCE_NO_ROUTE (35):
Packet was dropped because there is no route
from a Cloud SQL instance to a destination
network.
CLOUD_FUNCTION_NOT_ACTIVE (22):
Packet could be dropped because the Cloud
Function is not in an active status.
VPC_CONNECTOR_NOT_SET (23):
Packet could be dropped because no VPC
connector is set.
VPC_CONNECTOR_NOT_RUNNING (24):
Packet could be dropped because the VPC
connector is not in a running state.
PSC_CONNECTION_NOT_ACCEPTED (26):
The Private Service Connect endpoint is in a
project that is not approved to connect to the
service.
CLOUD_RUN_REVISION_NOT_READY (29):
Packet sent from a Cloud Run revision that is
not ready.
DROPPED_INSIDE_PSC_SERVICE_PRODUCER (37):
Packet was dropped inside Private Service
Connect service producer.
LOAD_BALANCER_HAS_NO_PROXY_SUBNET (39):
Packet sent to a load balancer, which
requires a proxy-only subnet and the subnet is
not found.