public enum DropInfo.Types.Cause
Reference documentation and code samples for the Network Management v1 API enum DropInfo.Types.Cause.
Drop cause types:
Namespace
Google.Cloud.NetworkManagement.V1Assembly
Google.Cloud.NetworkManagement.V1.dll
Fields | |
---|---|
Name | Description |
CloudFunctionNotActive | Packet could be dropped because the Cloud Function is not in an active status. |
CloudNatNoAddresses | Packet sent to Cloud Nat without active NAT IPs. |
CloudRunRevisionNotReady | Packet sent from a Cloud Run revision that is not ready. |
CloudSqlInstanceNoIpAddress | Packet was dropped because the Cloud SQL instance has neither a private nor a public IP address. |
CloudSqlInstanceNoRoute | Packet was dropped because there is no route from a Cloud SQL instance to a destination network. |
CloudSqlInstanceNotConfiguredForExternalTraffic | Packet sent from a Cloud SQL instance to an external IP address is not allowed. The Cloud SQL instance is not configured to send packets to external IP addresses. |
CloudSqlInstanceNotRunning | Packet sent from or to a Cloud SQL instance that is not in running state. |
CloudSqlInstanceUnauthorizedAccess | Access to the Cloud SQL instance endpoint is not authorized. See Authorizing with authorized networks for more details. |
CloudSqlPscNegUnsupported | The packet is sent to the Private Service Connect backend (network endpoint group) targeting a Cloud SQL service attachment, but this configuration is not supported. |
DroppedInsideCloudSqlService | Packet was dropped inside Cloud SQL Service. |
DroppedInsideGkeService | Packet was dropped inside Google Kubernetes Engine Service. |
DroppedInsidePscServiceProducer | Packet was dropped inside Private Service Connect service producer. |
FirewallBlockingLoadBalancerBackendHealthCheck | Firewalls block the health check probes to the backends and cause the backends to be unavailable for traffic from the load balancer. For more details, see Health check firewall rules. |
FirewallRule | Dropped due to a firewall rule, unless allowed due to connection tracking. |
ForeignIpDisallowed | A Compute Engine instance can only send or receive a packet with a foreign IP address if ip_forward is enabled. |
ForwardingRuleMismatch | Forwarding rule's protocol and ports do not match the packet header. |
ForwardingRuleNoInstances | Forwarding rule does not have backends configured. |
ForwardingRuleRegionMismatch | Packet could be dropped because it was sent from a different region to a regional forwarding without global access. |
GkeClusterNotRunning | Packet sent from or to a GKE cluster that is not in running state. |
GkeControlPlaneNoRoute | Packet was dropped because there is no route from a GKE cluster control plane to a destination network. |
GkeControlPlaneRegionMismatch | Packet was dropped because a GKE cluster private endpoint is unreachable from a region different from the cluster's region. |
GkeMasterUnauthorizedAccess | Access to Google Kubernetes Engine cluster master's endpoint is not authorized. See Access to the cluster endpoints for more details. |
GkePscEndpointMissing | Packet was dropped because the GKE cluster uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. |
GoogleManagedServiceNoPeering | Packet was dropped because there is no peering between the originating network and the Google Managed Services Network. |
GoogleManagedServiceNoPscEndpoint | Packet was dropped because the Google-managed service uses Private Service Connect (PSC), but the PSC endpoint is not found in the project. |
HybridNegNonDynamicRouteMatched | The packet sent from the hybrid NEG proxy matches a non-dynamic route, but such a configuration is not supported. |
HybridNegNonLocalDynamicRouteMatched | The packet sent from the hybrid NEG proxy matches a dynamic route with a next hop in a different region, but such a configuration is not supported. |
InstanceNotRunning | Packet is sent from or to a Compute Engine instance that is not in a running state. |
LoadBalancerHasNoProxySubnet | Packet sent to a load balancer, which requires a proxy-only subnet and the subnet is not found. |
NoExternalAddress | Instance with only an internal IP address tries to access external hosts, but Cloud NAT is not enabled in the subnet, unless special configurations on a VM allow this connection. |
NoNatSubnetsForPscServiceAttachment | No NAT subnets are defined for the PSC service attachment. |
NoRoute | Dropped due to no matching routes. |
NoRouteFromInternetToPrivateIpv6Address | Packet is sent from the Internet to the private IPv6 address. |
PrivateGoogleAccessDisallowed | Instance with only an internal IP address tries to access Google API and services, but private Google access is not enabled in the subnet. |
PrivateGoogleAccessViaVpnTunnelUnsupported | Source endpoint tries to access Google API and services through the VPN tunnel to another network, but Private Google Access needs to be enabled in the source endpoint network. |
PrivateTrafficToInternet | Packet with internal destination address sent to the internet gateway. |
PscConnectionNotAccepted | The Private Service Connect endpoint is in a project that is not approved to connect to the service. |
PscEndpointAccessedFromPeeredNetwork | The packet is sent to the Private Service Connect endpoint over the peering, but it's not supported. |
PscNegProducerEndpointNoGlobalAccess | The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule does not have global access enabled. |
PscNegProducerForwardingRuleMultiplePorts | The packet is sent to the Private Service Connect backend (network endpoint group), but the producer PSC forwarding rule has multiple ports specified. |
PublicCloudSqlInstanceToPrivateDestination | Packet sent from a Cloud SQL instance with only a public IP address to a private IP address. |
PublicGkeControlPlaneToPrivateDestination | Packet sent from a public GKE cluster control plane to a private IP address. |
RouteBlackhole | Dropped due to invalid route. Route's next hop is a blackhole. |
RouteNextHopForwardingRuleIpMismatch | Route's next hop forwarding rule doesn't match next hop IP address. |
RouteNextHopForwardingRuleTypeInvalid | Route's next hop forwarding rule type is invalid (it's not a forwarding rule of the internal passthrough load balancer). |
RouteNextHopInstanceNonPrimaryIp | Route's next hop IP address is not a primary IP address of the next hop instance. |
RouteNextHopInstanceWrongNetwork | Route's next hop instance doesn't hace a NIC in the route's network. |
RouteNextHopIpAddressNotResolved | Route's next hop IP address cannot be resolved to a GCP resource. |
RouteNextHopResourceNotFound | Route's next hop resource is not found. |
RouteNextHopVpnTunnelNotEstablished | Route's next hop VPN tunnel is down (does not have valid IKE SAs). |
RouteWrongNetwork | Packet is sent to a wrong (unintended) network. Example: you trace a packet from VM1:Network1 to VM2:Network2, however, the route configured in Network1 sends the packet destined for VM2's IP address to Network3. |
RoutingLoop | Packet is stuck in a routing loop. |
TrafficTypeBlocked | The type of traffic is blocked and the user cannot configure a firewall rule to enable it. See Always blocked traffic for more details. |
UnknownExternalAddress | Destination external address cannot be resolved to a known target. If the address is used in a Google Cloud project, provide the project ID as test input. |
UnknownInternalAddress | Destination internal address cannot be resolved to a known target. If this is a shared VPC scenario, verify if the service project ID is provided as test input. Otherwise, verify if the IP address is being used in the project. |
Unspecified | Cause is unspecified. |
VpcConnectorNotRunning | Packet could be dropped because the VPC connector is not in a running state. |
VpcConnectorNotSet | Packet could be dropped because no VPC connector is set. |
VpnTunnelLocalSelectorMismatch | The packet does not match a policy-based VPN tunnel local selector. |
VpnTunnelRemoteSelectorMismatch | The packet does not match a policy-based VPN tunnel remote selector. |