Cause(value)
Drop cause types:
Values:
CAUSE_UNSPECIFIED (0):
Cause is unspecified.
UNKNOWN_EXTERNAL_ADDRESS (1):
Destination external address cannot be
resolved to a known target. If the address is
used in a Google Cloud project, provide the
project ID as test input.
FOREIGN_IP_DISALLOWED (2):
A Compute Engine instance can only send or receive a packet
with a foreign IP address if ip_forward is enabled.
FIREWALL_RULE (3):
Dropped due to a firewall rule, unless
allowed due to connection tracking.
NO_ROUTE (4):
Dropped due to no routes.
ROUTE_BLACKHOLE (5):
Dropped due to invalid route. Route's next
hop is a blackhole.
ROUTE_WRONG_NETWORK (6):
Packet is sent to a wrong (unintended)
network. Example: you trace a packet from
VM1:Network1 to VM2:Network2, however, the route
configured in Network1 sends the packet destined
for VM2's IP addresss to Network3.
PRIVATE_TRAFFIC_TO_INTERNET (7):
Packet with internal destination address sent
to the internet gateway.
PRIVATE_GOOGLE_ACCESS_DISALLOWED (8):
Instance with only an internal IP address
tries to access Google API and services, but
private Google access is not enabled.
NO_EXTERNAL_ADDRESS (9):
Instance with only an internal IP address
tries to access external hosts, but Cloud NAT is
not enabled in the subnet, unless special
configurations on a VM allow this connection.
UNKNOWN_INTERNAL_ADDRESS (10):
Destination internal address cannot be
resolved to a known target. If this is a shared
VPC scenario, verify if the service project ID
is provided as test input. Otherwise, verify if
the IP address is being used in the project.
FORWARDING_RULE_MISMATCH (11):
Forwarding rule's protocol and ports do not
match the packet header.
FORWARDING_RULE_NO_INSTANCES (12):
Forwarding rule does not have backends
configured.
FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK (13):
Firewalls block the health check probes to the backends and
cause the backends to be unavailable for traffic from the
load balancer. For more details, see Health check firewall
rules <https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules>
.
INSTANCE_NOT_RUNNING (14):
Packet is sent from or to a Compute Engine
instance that is not in a running state.
TRAFFIC_TYPE_BLOCKED (15):
The type of traffic is blocked and the user cannot configure
a firewall rule to enable it. See Always blocked
traffic <https://cloud.google.com/vpc/docs/firewalls#blockedtraffic>
for more details.
GKE_MASTER_UNAUTHORIZED_ACCESS (16):
Access to Google Kubernetes Engine cluster master's endpoint
is not authorized. See Access to the cluster
endpoints <https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints>
for more details.
CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS (17):
Access to the Cloud SQL instance endpoint is not authorized.
See Authorizing with authorized
networks <https://cloud.google.com/sql/docs/mysql/authorize-networks>
for more details.
DROPPED_INSIDE_GKE_SERVICE (18):
Packet was dropped inside Google Kubernetes
Engine Service.
DROPPED_INSIDE_CLOUD_SQL_SERVICE (19):
Packet was dropped inside Cloud SQL Service.
GOOGLE_MANAGED_SERVICE_NO_PEERING (20):
Packet was dropped because there is no
peering between the originating network and the
Google Managed Services Network.
CLOUD_SQL_INSTANCE_NO_IP_ADDRESS (21):
Packet was dropped because the Cloud SQL
instance has neither a private nor a public IP
address.