Class Cause (1.17.1)

Drop cause types:

Values: CAUSE_UNSPECIFIED (0): Cause is unspecified. UNKNOWN_EXTERNAL_ADDRESS (1): Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input. FOREIGN_IP_DISALLOWED (2): A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled. FIREWALL_RULE (3): Dropped due to a firewall rule, unless allowed due to connection tracking. NO_ROUTE (4): Dropped due to no matching routes. ROUTE_BLACKHOLE (5): Dropped due to invalid route. Route's next hop is a blackhole. ROUTE_WRONG_NETWORK (6): Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3. ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED (42): Route's next hop IP address cannot be resolved to a GCP resource. ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND (43): Route's next hop resource is not found. ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK (49): Route's next hop instance doesn't have a NIC in the route's network. ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP (50): Route's next hop IP address is not a primary IP address of the next hop instance. ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH (51): Route's next hop forwarding rule doesn't match next hop IP address. ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED (52): Route's next hop VPN tunnel is down (does not have valid IKE SAs). ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID (53): Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer). NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS (44): Packet is sent from the Internet to the private IPv6 address. VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH (45): The packet does not match a policy-based VPN tunnel local selector. VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH (46): The packet does not match a policy-based VPN tunnel remote selector. PRIVATE_TRAFFIC_TO_INTERNET (7): Packet with internal destination address sent to the internet gateway. PRIVATE_GOOGLE_ACCESS_DISALLOWED (8): Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled in the subnet. PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED (47): Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network. NO_EXTERNAL_ADDRESS (9): Instance with only an internal IP address tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allow this connection. UNKNOWN_INTERNAL_ADDRESS (10): Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project. FORWARDING_RULE_MISMATCH (11): Forwarding rule's protocol and ports do not match the packet header. FORWARDING_RULE_NO_INSTANCES (12): Forwarding rule does not have backends configured. FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK (13): Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules <https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules>. INSTANCE_NOT_RUNNING (14): Packet is sent from or to a Compute Engine instance that is not in a running state. GKE_CLUSTER_NOT_RUNNING (27): Packet sent from or to a GKE cluster that is not in running state. CLOUD_SQL_INSTANCE_NOT_RUNNING (28): Packet sent from or to a Cloud SQL instance that is not in running state. TRAFFIC_TYPE_BLOCKED (15): The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic <https://cloud.google.com/vpc/docs/firewalls#blockedtraffic> for more details. GKE_MASTER_UNAUTHORIZED_ACCESS (16): Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See Access to the cluster endpoints <https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints> for more details. CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS (17): Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks <https://cloud.google.com/sql/docs/mysql/authorize-networks> for more details. DROPPED_INSIDE_GKE_SERVICE (18): Packet was dropped inside Google Kubernetes Engine Service. DROPPED_INSIDE_CLOUD_SQL_SERVICE (19): Packet was dropped inside Cloud SQL Service. GOOGLE_MANAGED_SERVICE_NO_PEERING (20): Packet was dropped because there is no peering between the originating network and the Google Managed Services Network. GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT (38): Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. GKE_PSC_ENDPOINT_MISSING (36): Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. CLOUD_SQL_INSTANCE_NO_IP_ADDRESS (21): Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address. GKE_CONTROL_PLANE_REGION_MISMATCH (30): Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region. PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION (31): Packet sent from a public GKE cluster control plane to a private IP address. GKE_CONTROL_PLANE_NO_ROUTE (32): Packet was dropped because there is no route from a GKE cluster control plane to a destination network. CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC (33): Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses. PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION (34): Packet sent from a Cloud SQL instance with only a public IP address to a private IP address. CLOUD_SQL_INSTANCE_NO_ROUTE (35): Packet was dropped because there is no route from a Cloud SQL instance to a destination network. CLOUD_FUNCTION_NOT_ACTIVE (22): Packet could be dropped because the Cloud Function is not in an active status. VPC_CONNECTOR_NOT_SET (23): Packet could be dropped because no VPC connector is set. VPC_CONNECTOR_NOT_RUNNING (24): Packet could be dropped because the VPC connector is not in a running state. FORWARDING_RULE_REGION_MISMATCH (25): Packet could be dropped because it was sent from a different region to a regional forwarding without global access. PSC_CONNECTION_NOT_ACCEPTED (26): The Private Service Connect endpoint is in a project that is not approved to connect to the service. PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK (41): The packet is sent to the Private Service Connect endpoint over the peering, but it's not supported <https://cloud.google.com/vpc/docs/configure-private-service-connect-services#on-premises>__. PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS (48): The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled. PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS (54): The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified. CLOUD_SQL_PSC_NEG_UNSUPPORTED (58): The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported. NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT (57): No NAT subnets are defined for the PSC service attachment. HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED (55): The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported. HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED (56): The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported. CLOUD_RUN_REVISION_NOT_READY (29): Packet sent from a Cloud Run revision that is not ready. DROPPED_INSIDE_PSC_SERVICE_PRODUCER (37): Packet was dropped inside Private Service Connect service producer. LOAD_BALANCER_HAS_NO_PROXY_SUBNET (39): Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found. CLOUD_NAT_NO_ADDRESSES (40): Packet sent to Cloud Nat without active NAT IPs. ROUTING_LOOP (59): Packet is stuck in a routing loop.