Network Management V1 API - Module Google::Cloud::NetworkManagement::V1::DropInfo::Cause (v1.2.0)

Reference documentation and code samples for the Network Management V1 API module Google::Cloud::NetworkManagement::V1::DropInfo::Cause.

Drop cause types:

value: 0
Cause is unspecified.

value: 1
Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input.

value: 2
A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled.

value: 3
Dropped due to a firewall rule, unless allowed due to connection tracking.

value: 4
Dropped due to no matching routes.

value: 5
Dropped due to invalid route. Route's next hop is a blackhole.

value: 6
Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3.

value: 42
Route's next hop IP address cannot be resolved to a GCP resource.

value: 43
Route's next hop resource is not found.

value: 49
Route's next hop instance doesn't have a NIC in the route's network.

value: 50
Route's next hop IP address is not a primary IP address of the next hop instance.

value: 51
Route's next hop forwarding rule doesn't match next hop IP address.

value: 52
Route's next hop VPN tunnel is down (does not have valid IKE SAs).

value: 53
Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer).

value: 44
Packet is sent from the Internet to the private IPv6 address.

value: 45
The packet does not match a policy-based VPN tunnel local selector.

value: 46
The packet does not match a policy-based VPN tunnel remote selector.

value: 7
Packet with internal destination address sent to the internet gateway.

value: 8
Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled in the subnet.

value: 47
Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network.

value: 9
Instance with only an internal IP address tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allow this connection.

value: 10
Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project.

value: 11
Forwarding rule's protocol and ports do not match the packet header.

value: 12
Forwarding rule does not have backends configured.

value: 13
Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules.

value: 14
Packet is sent from or to a Compute Engine instance that is not in a running state.

value: 27
Packet sent from or to a GKE cluster that is not in running state.

value: 28
Packet sent from or to a Cloud SQL instance that is not in running state.

value: 68
Packet sent from or to a Redis Instance that is not in running state.

value: 69
Packet sent from or to a Redis Cluster that is not in running state.

value: 15
The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details.

value: 16
Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See Access to the cluster endpoints for more details.

value: 17
Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks for more details.

value: 18
Packet was dropped inside Google Kubernetes Engine Service.

value: 19
Packet was dropped inside Cloud SQL Service.

value: 20
Packet was dropped because there is no peering between the originating network and the Google Managed Services Network.

value: 38
Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.

value: 36
Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project.

value: 21
Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address.

value: 30
Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region.

value: 31
Packet sent from a public GKE cluster control plane to a private IP address.

value: 32
Packet was dropped because there is no route from a GKE cluster control plane to a destination network.

value: 33
Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses.

value: 34
Packet sent from a Cloud SQL instance with only a public IP address to a private IP address.

value: 35
Packet was dropped because there is no route from a Cloud SQL instance to a destination network.

value: 63
Packet was dropped because the Cloud SQL instance requires all connections to use Cloud SQL connectors and to target the Cloud SQL proxy port (3307).

value: 22
Packet could be dropped because the Cloud Function is not in an active status.

value: 23
Packet could be dropped because no VPC connector is set.

value: 24
Packet could be dropped because the VPC connector is not in a running state.

value: 60
Packet could be dropped because the traffic from the serverless service to the VPC connector is not allowed.

value: 61
Packet could be dropped because the health check traffic to the VPC connector is not allowed.

value: 25
Packet could be dropped because it was sent from a different region to a regional forwarding without global access.

value: 26
The Private Service Connect endpoint is in a project that is not approved to connect to the service.

value: 41
The packet is sent to the Private Service Connect endpoint over the peering, but it's not supported.

value: 48
The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled.

value: 54
The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified.

value: 58
The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported.

value: 57
No NAT subnets are defined for the PSC service attachment.

value: 64
PSC endpoint is accessed via NCC, but PSC transitivity configuration is not yet propagated.

value: 55
The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported.

value: 56
The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported.

value: 29
Packet sent from a Cloud Run revision that is not ready.

value: 37
Packet was dropped inside Private Service Connect service producer.

value: 39
Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found.

value: 40
Packet sent to Cloud Nat without active NAT IPs.

value: 59
Packet is stuck in a routing loop.

value: 62
Packet is dropped inside a Google-managed service due to being delivered in return trace to an endpoint that doesn't match the endpoint the packet was sent from in forward trace. Used only for return traces.

value: 65
Packet is dropped due to a load balancer backend instance not having a network interface in the network expected by the load balancer.

value: 66
Packet is dropped due to a backend service named port not being defined on the instance group level.

value: 67
Packet is dropped due to a destination IP range being part of a Private NAT IP range.

value: 70
Generic drop cause for a packet being dropped inside a Redis Instance service project.

value: 71
Packet is dropped due to an unsupported port being used to connect to a Redis Instance. Port 6379 should be used to connect to a Redis Instance.

value: 72
Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance.

value: 73
Packet is dropped due to no route to the destination network.

value: 74
Redis Instance does not have an external IP address.

value: 78
Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance.

value: 75
Generic drop cause for a packet being dropped inside a Redis Cluster service project.

value: 76
Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster.

value: 77
Redis Cluster does not have an external IP address.

value: 79
Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster.

value: 80
Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router.

value: 81
Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel.

value: 82
Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address.

value: 83
Sending packets processed by the Private NAT Gateways to the Private Service Connect endpoints is not supported.