DropInfo(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Details of the final state "drop" and associated resource.
Attributes |
|
---|---|
Name | Description |
cause |
google.cloud.network_management_v1.types.DropInfo.Cause
Cause that the packet is dropped. |
resource_uri |
str
URI of the resource that caused the drop. |
source_ip |
str
Source IP address of the dropped packet (if relevant). |
destination_ip |
str
Destination IP address of the dropped packet (if relevant). |
region |
str
Region of the dropped packet (if relevant). |
Classes
Cause
Cause(value)
Drop cause types:
Values:
CAUSE_UNSPECIFIED (0):
Cause is unspecified.
UNKNOWN_EXTERNAL_ADDRESS (1):
Destination external address cannot be
resolved to a known target. If the address is
used in a Google Cloud project, provide the
project ID as test input.
FOREIGN_IP_DISALLOWED (2):
A Compute Engine instance can only send or receive a packet
with a foreign IP address if ip_forward is enabled.
FIREWALL_RULE (3):
Dropped due to a firewall rule, unless
allowed due to connection tracking.
NO_ROUTE (4):
Dropped due to no matching routes.
ROUTE_BLACKHOLE (5):
Dropped due to invalid route. Route's next
hop is a blackhole.
ROUTE_WRONG_NETWORK (6):
Packet is sent to a wrong (unintended)
network. Example: you trace a packet from
VM1:Network1 to VM2:Network2, however, the route
configured in Network1 sends the packet destined
for VM2's IP address to Network3.
ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED (42):
Route's next hop IP address cannot be
resolved to a GCP resource.
ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND (43):
Route's next hop resource is not found.
ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK (49):
Route's next hop instance doesn't have a NIC
in the route's network.
ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP (50):
Route's next hop IP address is not a primary
IP address of the next hop instance.
ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH (51):
Route's next hop forwarding rule doesn't
match next hop IP address.
ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED (52):
Route's next hop VPN tunnel is down (does not
have valid IKE SAs).
ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID (53):
Route's next hop forwarding rule type is
invalid (it's not a forwarding rule of the
internal passthrough load balancer).
NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS (44):
Packet is sent from the Internet to the
private IPv6 address.
VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH (45):
The packet does not match a policy-based VPN
tunnel local selector.
VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH (46):
The packet does not match a policy-based VPN
tunnel remote selector.
PRIVATE_TRAFFIC_TO_INTERNET (7):
Packet with internal destination address sent
to the internet gateway.
PRIVATE_GOOGLE_ACCESS_DISALLOWED (8):
Instance with only an internal IP address
tries to access Google API and services, but
private Google access is not enabled in the
subnet.
PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED (47):
Source endpoint tries to access Google API
and services through the VPN tunnel to another
network, but Private Google Access needs to be
enabled in the source endpoint network.
NO_EXTERNAL_ADDRESS (9):
Instance with only an internal IP address
tries to access external hosts, but Cloud NAT is
not enabled in the subnet, unless special
configurations on a VM allow this connection.
UNKNOWN_INTERNAL_ADDRESS (10):
Destination internal address cannot be
resolved to a known target. If this is a shared
VPC scenario, verify if the service project ID
is provided as test input. Otherwise, verify if
the IP address is being used in the project.
FORWARDING_RULE_MISMATCH (11):
Forwarding rule's protocol and ports do not
match the packet header.
FORWARDING_RULE_NO_INSTANCES (12):
Forwarding rule does not have backends
configured.
FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK (13):
Firewalls block the health check probes to the backends and
cause the backends to be unavailable for traffic from the
load balancer. For more details, see Health check firewall
rules <https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules>
.
INSTANCE_NOT_RUNNING (14):
Packet is sent from or to a Compute Engine
instance that is not in a running state.
GKE_CLUSTER_NOT_RUNNING (27):
Packet sent from or to a GKE cluster that is
not in running state.
CLOUD_SQL_INSTANCE_NOT_RUNNING (28):
Packet sent from or to a Cloud SQL instance
that is not in running state.
TRAFFIC_TYPE_BLOCKED (15):
The type of traffic is blocked and the user cannot configure
a firewall rule to enable it. See Always blocked
traffic <https://cloud.google.com/vpc/docs/firewalls#blockedtraffic>
for more details.
GKE_MASTER_UNAUTHORIZED_ACCESS (16):
Access to Google Kubernetes Engine cluster master's endpoint
is not authorized. See Access to the cluster
endpoints <https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints>
for more details.
CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS (17):
Access to the Cloud SQL instance endpoint is not authorized.
See Authorizing with authorized
networks <https://cloud.google.com/sql/docs/mysql/authorize-networks>
for more details.
DROPPED_INSIDE_GKE_SERVICE (18):
Packet was dropped inside Google Kubernetes
Engine Service.
DROPPED_INSIDE_CLOUD_SQL_SERVICE (19):
Packet was dropped inside Cloud SQL Service.
GOOGLE_MANAGED_SERVICE_NO_PEERING (20):
Packet was dropped because there is no
peering between the originating network and the
Google Managed Services Network.
GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT (38):
Packet was dropped because the Google-managed
service uses Private Service Connect (PSC), but
the PSC endpoint is not found in the project.
GKE_PSC_ENDPOINT_MISSING (36):
Packet was dropped because the GKE cluster
uses Private Service Connect (PSC), but the PSC
endpoint is not found in the project.
CLOUD_SQL_INSTANCE_NO_IP_ADDRESS (21):
Packet was dropped because the Cloud SQL
instance has neither a private nor a public IP
address.
GKE_CONTROL_PLANE_REGION_MISMATCH (30):
Packet was dropped because a GKE cluster
private endpoint is unreachable from a region
different from the cluster's region.
PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION (31):
Packet sent from a public GKE cluster control
plane to a private IP address.
GKE_CONTROL_PLANE_NO_ROUTE (32):
Packet was dropped because there is no route
from a GKE cluster control plane to a
destination network.
CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC (33):
Packet sent from a Cloud SQL instance to an
external IP address is not allowed. The Cloud
SQL instance is not configured to send packets
to external IP addresses.
PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION (34):
Packet sent from a Cloud SQL instance with
only a public IP address to a private IP
address.
CLOUD_SQL_INSTANCE_NO_ROUTE (35):
Packet was dropped because there is no route
from a Cloud SQL instance to a destination
network.
CLOUD_FUNCTION_NOT_ACTIVE (22):
Packet could be dropped because the Cloud
Function is not in an active status.
VPC_CONNECTOR_NOT_SET (23):
Packet could be dropped because no VPC
connector is set.
VPC_CONNECTOR_NOT_RUNNING (24):
Packet could be dropped because the VPC
connector is not in a running state.
FORWARDING_RULE_REGION_MISMATCH (25):
Packet could be dropped because it was sent
from a different region to a regional forwarding
without global access.
PSC_CONNECTION_NOT_ACCEPTED (26):
The Private Service Connect endpoint is in a
project that is not approved to connect to the
service.
PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK (41):
The packet is sent to the Private Service Connect endpoint
over the peering, but it's not
supported <https://cloud.google.com/vpc/docs/configure-private-service-connect-services#on-premises>
__.
PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS (48):
The packet is sent to the Private Service
Connect backend (network endpoint group), but
the producer PSC forwarding rule does not have
global access enabled.
PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS (54):
The packet is sent to the Private Service
Connect backend (network endpoint group), but
the producer PSC forwarding rule has multiple
ports specified.
CLOUD_SQL_PSC_NEG_UNSUPPORTED (58):
The packet is sent to the Private Service
Connect backend (network endpoint group)
targeting a Cloud SQL service attachment, but
this configuration is not supported.
NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT (57):
No NAT subnets are defined for the PSC
service attachment.
HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED (55):
The packet sent from the hybrid NEG proxy
matches a non-dynamic route, but such a
configuration is not supported.
HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED (56):
The packet sent from the hybrid NEG proxy
matches a dynamic route with a next hop in a
different region, but such a configuration is
not supported.
CLOUD_RUN_REVISION_NOT_READY (29):
Packet sent from a Cloud Run revision that is
not ready.
DROPPED_INSIDE_PSC_SERVICE_PRODUCER (37):
Packet was dropped inside Private Service
Connect service producer.
LOAD_BALANCER_HAS_NO_PROXY_SUBNET (39):
Packet sent to a load balancer, which
requires a proxy-only subnet and the subnet is
not found.
CLOUD_NAT_NO_ADDRESSES (40):
Packet sent to Cloud Nat without active NAT
IPs.
ROUTING_LOOP (59):
Packet is stuck in a routing loop.