trace.proto 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891
  1. // Copyright 2021 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.networkmanagement.v1;
  16. import "google/api/annotations.proto";
  17. option csharp_namespace = "Google.Cloud.NetworkManagement.V1";
  18. option go_package = "google.golang.org/genproto/googleapis/cloud/networkmanagement/v1;networkmanagement";
  19. option java_multiple_files = true;
  20. option java_outer_classname = "TraceProto";
  21. option java_package = "com.google.cloud.networkmanagement.v1";
  22. option php_namespace = "Google\\Cloud\\NetworkManagement\\V1";
  23. option ruby_package = "Google::Cloud::NetworkManagement::V1";
  24. // Trace represents one simulated packet forwarding path.
  25. //
  26. // * Each trace contains multiple ordered steps.
  27. // * Each step is in a particular state with associated configuration.
  28. // * State is categorized as final or non-final states.
  29. // * Each final state has a reason associated.
  30. // * Each trace must end with a final state (the last step).
  31. // ```
  32. // |---------------------Trace----------------------|
  33. // Step1(State) Step2(State) --- StepN(State(final))
  34. // ```
  35. message Trace {
  36. // Derived from the source and destination endpoints definition specified by
  37. // user request, and validated by the data plane model.
  38. // If there are multiple traces starting from different source locations, then
  39. // the endpoint_info may be different between traces.
  40. EndpointInfo endpoint_info = 1;
  41. // A trace of a test contains multiple steps from the initial state to the
  42. // final state (delivered, dropped, forwarded, or aborted).
  43. //
  44. // The steps are ordered by the processing sequence within the simulated
  45. // network state machine. It is critical to preserve the order of the steps
  46. // and avoid reordering or sorting them.
  47. repeated Step steps = 2;
  48. }
  49. // A simulated forwarding path is composed of multiple steps.
  50. // Each step has a well-defined state and an associated configuration.
  51. message Step {
  52. // Type of states that are defined in the network state machine.
  53. // Each step in the packet trace is in a specific state.
  54. enum State {
  55. // Unspecified state.
  56. STATE_UNSPECIFIED = 0;
  57. // Initial state: packet originating from a Compute Engine instance.
  58. // An InstanceInfo is populated with starting instance information.
  59. START_FROM_INSTANCE = 1;
  60. // Initial state: packet originating from the internet.
  61. // The endpoint information is populated.
  62. START_FROM_INTERNET = 2;
  63. // Initial state: packet originating from a VPC or on-premises network
  64. // with internal source IP.
  65. // If the source is a VPC network visible to the user, a NetworkInfo
  66. // is populated with details of the network.
  67. START_FROM_PRIVATE_NETWORK = 3;
  68. // Initial state: packet originating from a Google Kubernetes Engine cluster
  69. // master. A GKEMasterInfo is populated with starting instance information.
  70. START_FROM_GKE_MASTER = 21;
  71. // Initial state: packet originating from a Cloud SQL instance.
  72. // A CloudSQLInstanceInfo is populated with starting instance information.
  73. START_FROM_CLOUD_SQL_INSTANCE = 22;
  74. // Config checking state: verify ingress firewall rule.
  75. APPLY_INGRESS_FIREWALL_RULE = 4;
  76. // Config checking state: verify egress firewall rule.
  77. APPLY_EGRESS_FIREWALL_RULE = 5;
  78. // Config checking state: verify route.
  79. APPLY_ROUTE = 6;
  80. // Config checking state: match forwarding rule.
  81. APPLY_FORWARDING_RULE = 7;
  82. // Config checking state: packet sent or received under foreign IP
  83. // address and allowed.
  84. SPOOFING_APPROVED = 8;
  85. // Forwarding state: arriving at a Compute Engine instance.
  86. ARRIVE_AT_INSTANCE = 9;
  87. // Forwarding state: arriving at a Compute Engine internal load balancer.
  88. ARRIVE_AT_INTERNAL_LOAD_BALANCER = 10;
  89. // Forwarding state: arriving at a Compute Engine external load balancer.
  90. ARRIVE_AT_EXTERNAL_LOAD_BALANCER = 11;
  91. // Forwarding state: arriving at a Cloud VPN gateway.
  92. ARRIVE_AT_VPN_GATEWAY = 12;
  93. // Forwarding state: arriving at a Cloud VPN tunnel.
  94. ARRIVE_AT_VPN_TUNNEL = 13;
  95. // Transition state: packet header translated.
  96. NAT = 14;
  97. // Transition state: original connection is terminated and a new proxied
  98. // connection is initiated.
  99. PROXY_CONNECTION = 15;
  100. // Final state: packet could be delivered.
  101. DELIVER = 16;
  102. // Final state: packet could be dropped.
  103. DROP = 17;
  104. // Final state: packet could be forwarded to a network with an unknown
  105. // configuration.
  106. FORWARD = 18;
  107. // Final state: analysis is aborted.
  108. ABORT = 19;
  109. // Special state: viewer of the test result does not have permission to
  110. // see the configuration in this step.
  111. VIEWER_PERMISSION_MISSING = 20;
  112. }
  113. // A description of the step. Usually this is a summary of the state.
  114. string description = 1;
  115. // Each step is in one of the pre-defined states.
  116. State state = 2;
  117. // This is a step that leads to the final state Drop.
  118. bool causes_drop = 3;
  119. // Project ID that contains the configuration this step is validating.
  120. string project_id = 4;
  121. // Configuration or metadata associated with each step.
  122. // The configuration is filtered based on viewer's permission. If a viewer
  123. // has no permission to view the configuration in this step, for non-final
  124. // states a special state is populated (VIEWER_PERMISSION_MISSING), and for
  125. // final state the configuration is cleared.
  126. oneof step_info {
  127. // Display information of a Compute Engine instance.
  128. InstanceInfo instance = 5;
  129. // Display information of a Compute Engine firewall rule.
  130. FirewallInfo firewall = 6;
  131. // Display information of a Compute Engine route.
  132. RouteInfo route = 7;
  133. // Display information of the source and destination under analysis.
  134. // The endpoint information in an intermediate state may differ with the
  135. // initial input, as it might be modified by state like NAT,
  136. // or Connection Proxy.
  137. EndpointInfo endpoint = 8;
  138. // Display information of a Compute Engine forwarding rule.
  139. ForwardingRuleInfo forwarding_rule = 9;
  140. // Display information of a Compute Engine VPN gateway.
  141. VpnGatewayInfo vpn_gateway = 10;
  142. // Display information of a Compute Engine VPN tunnel.
  143. VpnTunnelInfo vpn_tunnel = 11;
  144. // Display information of the final state "deliver" and reason.
  145. DeliverInfo deliver = 12;
  146. // Display information of the final state "forward" and reason.
  147. ForwardInfo forward = 13;
  148. // Display information of the final state "abort" and reason.
  149. AbortInfo abort = 14;
  150. // Display information of the final state "drop" and reason.
  151. DropInfo drop = 15;
  152. // Display information of the load balancers.
  153. LoadBalancerInfo load_balancer = 16;
  154. // Display information of a Google Cloud network.
  155. NetworkInfo network = 17;
  156. // Display information of a Google Kubernetes Engine cluster master.
  157. GKEMasterInfo gke_master = 18;
  158. // Display information of a Cloud SQL instance.
  159. CloudSQLInstanceInfo cloud_sql_instance = 19;
  160. }
  161. }
  162. // For display only. Metadata associated with a Compute Engine instance.
  163. message InstanceInfo {
  164. // Name of a Compute Engine instance.
  165. string display_name = 1;
  166. // URI of a Compute Engine instance.
  167. string uri = 2;
  168. // Name of the network interface of a Compute Engine instance.
  169. string interface = 3;
  170. // URI of a Compute Engine network.
  171. string network_uri = 4;
  172. // Internal IP address of the network interface.
  173. string internal_ip = 5;
  174. // External IP address of the network interface.
  175. string external_ip = 6;
  176. // Network tags configured on the instance.
  177. repeated string network_tags = 7;
  178. // Service account authorized for the instance.
  179. string service_account = 8 [deprecated = true];
  180. }
  181. // For display only. Metadata associated with a Compute Engine network.
  182. message NetworkInfo {
  183. // Name of a Compute Engine network.
  184. string display_name = 1;
  185. // URI of a Compute Engine network.
  186. string uri = 2;
  187. // The IP range that matches the test.
  188. string matched_ip_range = 4;
  189. }
  190. // For display only. Metadata associated with a VPC firewall rule, an implied
  191. // VPC firewall rule, or a hierarchical firewall policy rule.
  192. message FirewallInfo {
  193. // The firewall rule's type.
  194. enum FirewallRuleType {
  195. // Unspecified type.
  196. FIREWALL_RULE_TYPE_UNSPECIFIED = 0;
  197. // Hierarchical firewall policy rule. For details, see
  198. // [Hierarchical firewall policies
  199. // overview](https://cloud.google.com/vpc/docs/firewall-policies).
  200. HIERARCHICAL_FIREWALL_POLICY_RULE = 1;
  201. // VPC firewall rule. For details, see
  202. // [VPC firewall rules
  203. // overview](https://cloud.google.com/vpc/docs/firewalls).
  204. VPC_FIREWALL_RULE = 2;
  205. // Implied VPC firewall rule. For details, see
  206. // [Implied
  207. // rules](https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules).
  208. IMPLIED_VPC_FIREWALL_RULE = 3;
  209. }
  210. // The display name of the VPC firewall rule. This field is not applicable
  211. // to hierarchical firewall policy rules.
  212. string display_name = 1;
  213. // The URI of the VPC firewall rule. This field is not applicable to
  214. // implied firewall rules or hierarchical firewall policy rules.
  215. string uri = 2;
  216. // Possible values: INGRESS, EGRESS
  217. string direction = 3;
  218. // Possible values: ALLOW, DENY
  219. string action = 4;
  220. // The priority of the firewall rule.
  221. int32 priority = 5;
  222. // The URI of the VPC network that the firewall rule is associated with.
  223. // This field is not applicable to hierarchical firewall policy rules.
  224. string network_uri = 6;
  225. // The target tags defined by the VPC firewall rule. This field is not
  226. // applicable to hierarchical firewall policy rules.
  227. repeated string target_tags = 7;
  228. // The target service accounts specified by the firewall rule.
  229. repeated string target_service_accounts = 8;
  230. // The hierarchical firewall policy that this rule is associated with.
  231. // This field is not applicable to VPC firewall rules.
  232. string policy = 9;
  233. // The firewall rule's type.
  234. FirewallRuleType firewall_rule_type = 10;
  235. }
  236. // For display only. Metadata associated with a Compute Engine route.
  237. message RouteInfo {
  238. // Type of route:
  239. enum RouteType {
  240. // Unspecified type. Default value.
  241. ROUTE_TYPE_UNSPECIFIED = 0;
  242. // Route is a subnet route automatically created by the system.
  243. SUBNET = 1;
  244. // Static route created by the user, including the default route to the
  245. // internet.
  246. STATIC = 2;
  247. // Dynamic route exchanged between BGP peers.
  248. DYNAMIC = 3;
  249. // A subnet route received from peering network.
  250. PEERING_SUBNET = 4;
  251. // A static route received from peering network.
  252. PEERING_STATIC = 5;
  253. // A dynamic route received from peering network.
  254. PEERING_DYNAMIC = 6;
  255. }
  256. // Type of next hop:
  257. enum NextHopType {
  258. // Unspecified type. Default value.
  259. NEXT_HOP_TYPE_UNSPECIFIED = 0;
  260. // Next hop is an IP address.
  261. NEXT_HOP_IP = 1;
  262. // Next hop is a Compute Engine instance.
  263. NEXT_HOP_INSTANCE = 2;
  264. // Next hop is a VPC network gateway.
  265. NEXT_HOP_NETWORK = 3;
  266. // Next hop is a peering VPC.
  267. NEXT_HOP_PEERING = 4;
  268. // Next hop is an interconnect.
  269. NEXT_HOP_INTERCONNECT = 5;
  270. // Next hop is a VPN tunnel.
  271. NEXT_HOP_VPN_TUNNEL = 6;
  272. // Next hop is a VPN gateway. This scenario only happens when tracing
  273. // connectivity from an on-premises network to Google Cloud through a VPN.
  274. // The analysis simulates a packet departing from the on-premises network
  275. // through a VPN tunnel and arriving at a Cloud VPN gateway.
  276. NEXT_HOP_VPN_GATEWAY = 7;
  277. // Next hop is an internet gateway.
  278. NEXT_HOP_INTERNET_GATEWAY = 8;
  279. // Next hop is blackhole; that is, the next hop either does not exist or is
  280. // not running.
  281. NEXT_HOP_BLACKHOLE = 9;
  282. // Next hop is the forwarding rule of an Internal Load Balancer.
  283. NEXT_HOP_ILB = 10;
  284. }
  285. // Type of route.
  286. RouteType route_type = 8;
  287. // Type of next hop.
  288. NextHopType next_hop_type = 9;
  289. // Name of a Compute Engine route.
  290. string display_name = 1;
  291. // URI of a Compute Engine route.
  292. // Dynamic route from cloud router does not have a URI.
  293. // Advertised route from Google Cloud VPC to on-premises network also does
  294. // not have a URI.
  295. string uri = 2;
  296. // Destination IP range of the route.
  297. string dest_ip_range = 3;
  298. // Next hop of the route.
  299. string next_hop = 4;
  300. // URI of a Compute Engine network.
  301. string network_uri = 5;
  302. // Priority of the route.
  303. int32 priority = 6;
  304. // Instance tags of the route.
  305. repeated string instance_tags = 7;
  306. }
  307. // For display only. Metadata associated with a Compute Engine forwarding rule.
  308. message ForwardingRuleInfo {
  309. // Name of a Compute Engine forwarding rule.
  310. string display_name = 1;
  311. // URI of a Compute Engine forwarding rule.
  312. string uri = 2;
  313. // Protocol defined in the forwarding rule that matches the test.
  314. string matched_protocol = 3;
  315. // Port range defined in the forwarding rule that matches the test.
  316. string matched_port_range = 6;
  317. // VIP of the forwarding rule.
  318. string vip = 4;
  319. // Target type of the forwarding rule.
  320. string target = 5;
  321. // Network URI. Only valid for Internal Load Balancer.
  322. string network_uri = 7;
  323. }
  324. // For display only. Metadata associated with a load balancer.
  325. message LoadBalancerInfo {
  326. // The type definition for a load balancer:
  327. enum LoadBalancerType {
  328. // Type is unspecified.
  329. LOAD_BALANCER_TYPE_UNSPECIFIED = 0;
  330. // Internal TCP/UDP load balancer.
  331. INTERNAL_TCP_UDP = 1;
  332. // Network TCP/UDP load balancer.
  333. NETWORK_TCP_UDP = 2;
  334. // HTTP(S) proxy load balancer.
  335. HTTP_PROXY = 3;
  336. // TCP proxy load balancer.
  337. TCP_PROXY = 4;
  338. // SSL proxy load balancer.
  339. SSL_PROXY = 5;
  340. }
  341. // The type definition for a load balancer backend configuration:
  342. enum BackendType {
  343. // Type is unspecified.
  344. BACKEND_TYPE_UNSPECIFIED = 0;
  345. // Backend Service as the load balancer's backend.
  346. BACKEND_SERVICE = 1;
  347. // Target Pool as the load balancer's backend.
  348. TARGET_POOL = 2;
  349. }
  350. // Type of the load balancer.
  351. LoadBalancerType load_balancer_type = 1;
  352. // URI of the health check for the load balancer.
  353. string health_check_uri = 2;
  354. // Information for the loadbalancer backends.
  355. repeated LoadBalancerBackend backends = 3;
  356. // Type of load balancer's backend configuration.
  357. BackendType backend_type = 4;
  358. // Backend configuration URI.
  359. string backend_uri = 5;
  360. }
  361. // For display only. Metadata associated with a specific load balancer backend.
  362. message LoadBalancerBackend {
  363. // State of a health check firewall configuration:
  364. enum HealthCheckFirewallState {
  365. // State is unspecified. Default state if not populated.
  366. HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED = 0;
  367. // There are configured firewall rules to allow health check probes to the
  368. // backend.
  369. CONFIGURED = 1;
  370. // There are firewall rules configured to allow partial health check ranges
  371. // or block all health check ranges.
  372. // If a health check probe is sent from denied IP ranges,
  373. // the health check to the backend will fail. Then, the backend will be
  374. // marked unhealthy and will not receive traffic sent to the load balancer.
  375. MISCONFIGURED = 2;
  376. }
  377. // Name of a Compute Engine instance or network endpoint.
  378. string display_name = 1;
  379. // URI of a Compute Engine instance or network endpoint.
  380. string uri = 2;
  381. // State of the health check firewall configuration.
  382. HealthCheckFirewallState health_check_firewall_state = 3;
  383. // A list of firewall rule URIs allowing probes from health check IP ranges.
  384. repeated string health_check_allowing_firewall_rules = 4;
  385. // A list of firewall rule URIs blocking probes from health check IP ranges.
  386. repeated string health_check_blocking_firewall_rules = 5;
  387. }
  388. // For display only. Metadata associated with a Compute Engine VPN gateway.
  389. message VpnGatewayInfo {
  390. // Name of a VPN gateway.
  391. string display_name = 1;
  392. // URI of a VPN gateway.
  393. string uri = 2;
  394. // URI of a Compute Engine network where the VPN gateway is configured.
  395. string network_uri = 3;
  396. // IP address of the VPN gateway.
  397. string ip_address = 4;
  398. // A VPN tunnel that is associated with this VPN gateway.
  399. // There may be multiple VPN tunnels configured on a VPN gateway, and only
  400. // the one relevant to the test is displayed.
  401. string vpn_tunnel_uri = 5;
  402. // Name of a Google Cloud region where this VPN gateway is configured.
  403. string region = 6;
  404. }
  405. // For display only. Metadata associated with a Compute Engine VPN tunnel.
  406. message VpnTunnelInfo {
  407. // Types of VPN routing policy. For details, refer to [Networks and Tunnel
  408. // routing](https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing/).
  409. enum RoutingType {
  410. // Unspecified type. Default value.
  411. ROUTING_TYPE_UNSPECIFIED = 0;
  412. // Route based VPN.
  413. ROUTE_BASED = 1;
  414. // Policy based routing.
  415. POLICY_BASED = 2;
  416. // Dynamic (BGP) routing.
  417. DYNAMIC = 3;
  418. }
  419. // Name of a VPN tunnel.
  420. string display_name = 1;
  421. // URI of a VPN tunnel.
  422. string uri = 2;
  423. // URI of the VPN gateway at local end of the tunnel.
  424. string source_gateway = 3;
  425. // URI of a VPN gateway at remote end of the tunnel.
  426. string remote_gateway = 4;
  427. // Remote VPN gateway's IP address.
  428. string remote_gateway_ip = 5;
  429. // Local VPN gateway's IP address.
  430. string source_gateway_ip = 6;
  431. // URI of a Compute Engine network where the VPN tunnel is configured.
  432. string network_uri = 7;
  433. // Name of a Google Cloud region where this VPN tunnel is configured.
  434. string region = 8;
  435. // Type of the routing policy.
  436. RoutingType routing_type = 9;
  437. }
  438. // For display only. The specification of the endpoints for the test.
  439. // EndpointInfo is derived from source and destination Endpoint and validated
  440. // by the backend data plane model.
  441. message EndpointInfo {
  442. // Source IP address.
  443. string source_ip = 1;
  444. // Destination IP address.
  445. string destination_ip = 2;
  446. // IP protocol in string format, for example: "TCP", "UDP", "ICMP".
  447. string protocol = 3;
  448. // Source port. Only valid when protocol is TCP or UDP.
  449. int32 source_port = 4;
  450. // Destination port. Only valid when protocol is TCP or UDP.
  451. int32 destination_port = 5;
  452. // URI of the network where this packet originates from.
  453. string source_network_uri = 6;
  454. // URI of the network where this packet is sent to.
  455. string destination_network_uri = 7;
  456. }
  457. // Details of the final state "deliver" and associated resource.
  458. message DeliverInfo {
  459. // Deliver target types:
  460. enum Target {
  461. // Target not specified.
  462. TARGET_UNSPECIFIED = 0;
  463. // Target is a Compute Engine instance.
  464. INSTANCE = 1;
  465. // Target is the internet.
  466. INTERNET = 2;
  467. // Target is a Google API.
  468. GOOGLE_API = 3;
  469. // Target is a Google Kubernetes Engine cluster master.
  470. GKE_MASTER = 4;
  471. // Target is a Cloud SQL instance.
  472. CLOUD_SQL_INSTANCE = 5;
  473. }
  474. // Target type where the packet is delivered to.
  475. Target target = 1;
  476. // URI of the resource that the packet is delivered to.
  477. string resource_uri = 2;
  478. }
  479. // Details of the final state "forward" and associated resource.
  480. message ForwardInfo {
  481. // Forward target types.
  482. enum Target {
  483. // Target not specified.
  484. TARGET_UNSPECIFIED = 0;
  485. // Forwarded to a VPC peering network.
  486. PEERING_VPC = 1;
  487. // Forwarded to a Cloud VPN gateway.
  488. VPN_GATEWAY = 2;
  489. // Forwarded to a Cloud Interconnect connection.
  490. INTERCONNECT = 3;
  491. // Forwarded to a Google Kubernetes Engine Container cluster master.
  492. GKE_MASTER = 4;
  493. // Forwarded to the next hop of a custom route imported from a peering VPC.
  494. IMPORTED_CUSTOM_ROUTE_NEXT_HOP = 5;
  495. // Forwarded to a Cloud SQL instance.
  496. CLOUD_SQL_INSTANCE = 6;
  497. }
  498. // Target type where this packet is forwarded to.
  499. Target target = 1;
  500. // URI of the resource that the packet is forwarded to.
  501. string resource_uri = 2;
  502. }
  503. // Details of the final state "abort" and associated resource.
  504. message AbortInfo {
  505. // Abort cause types:
  506. enum Cause {
  507. // Cause is unspecified.
  508. CAUSE_UNSPECIFIED = 0;
  509. // Aborted due to unknown network.
  510. // The reachability analysis cannot proceed because the user does not have
  511. // access to the host project's network configurations, including firewall
  512. // rules and routes. This happens when the project is a service project and
  513. // the endpoints being traced are in the host project's network.
  514. UNKNOWN_NETWORK = 1;
  515. // Aborted because the IP address(es) are unknown.
  516. UNKNOWN_IP = 2;
  517. // Aborted because no project information can be derived from the test
  518. // input.
  519. UNKNOWN_PROJECT = 3;
  520. // Aborted because the user lacks the permission to access all or part of
  521. // the network configurations required to run the test.
  522. PERMISSION_DENIED = 4;
  523. // Aborted because no valid source endpoint is derived from the input test
  524. // request.
  525. NO_SOURCE_LOCATION = 5;
  526. // Aborted because the source and/or destination endpoint specified in
  527. // the test are invalid. The possible reasons that an endpoint is
  528. // invalid include: malformed IP address; nonexistent instance or
  529. // network URI; IP address not in the range of specified network URI; and
  530. // instance not owning the network interface in the specified network.
  531. INVALID_ARGUMENT = 6;
  532. // Aborted because traffic is sent from a public IP to an instance without
  533. // an external IP.
  534. NO_EXTERNAL_IP = 7;
  535. // Aborted because none of the traces matches destination information
  536. // specified in the input test request.
  537. UNINTENDED_DESTINATION = 8;
  538. // Aborted because the number of steps in the trace exceeding a certain
  539. // limit which may be caused by routing loop.
  540. TRACE_TOO_LONG = 9;
  541. // Aborted due to internal server error.
  542. INTERNAL_ERROR = 10;
  543. // Aborted because the source endpoint could not be found.
  544. SOURCE_ENDPOINT_NOT_FOUND = 11;
  545. // Aborted because the source network does not match the source endpoint.
  546. MISMATCHED_SOURCE_NETWORK = 12;
  547. // Aborted because the destination endpoint could not be found.
  548. DESTINATION_ENDPOINT_NOT_FOUND = 13;
  549. // Aborted because the destination network does not match the destination
  550. // endpoint.
  551. MISMATCHED_DESTINATION_NETWORK = 14;
  552. }
  553. // Causes that the analysis is aborted.
  554. Cause cause = 1;
  555. // URI of the resource that caused the abort.
  556. string resource_uri = 2;
  557. }
  558. // Details of the final state "drop" and associated resource.
  559. message DropInfo {
  560. // Drop cause types:
  561. enum Cause {
  562. // Cause is unspecified.
  563. CAUSE_UNSPECIFIED = 0;
  564. // Destination external address cannot be resolved to a known target. If
  565. // the address is used in a Google Cloud project, provide the project ID
  566. // as test input.
  567. UNKNOWN_EXTERNAL_ADDRESS = 1;
  568. // A Compute Engine instance can only send or receive a packet with a
  569. // foreign IP address if ip_forward is enabled.
  570. FOREIGN_IP_DISALLOWED = 2;
  571. // Dropped due to a firewall rule, unless allowed due to connection
  572. // tracking.
  573. FIREWALL_RULE = 3;
  574. // Dropped due to no routes.
  575. NO_ROUTE = 4;
  576. // Dropped due to invalid route. Route's next hop is a blackhole.
  577. ROUTE_BLACKHOLE = 5;
  578. // Packet is sent to a wrong (unintended) network. Example: you trace a
  579. // packet from VM1:Network1 to VM2:Network2, however, the route configured
  580. // in Network1 sends the packet destined for VM2's IP addresss to Network3.
  581. ROUTE_WRONG_NETWORK = 6;
  582. // Packet with internal destination address sent to the internet gateway.
  583. PRIVATE_TRAFFIC_TO_INTERNET = 7;
  584. // Instance with only an internal IP address tries to access Google API and
  585. // services, but private Google access is not enabled.
  586. PRIVATE_GOOGLE_ACCESS_DISALLOWED = 8;
  587. // Instance with only an internal IP address tries to access external hosts,
  588. // but Cloud NAT is not enabled in the subnet, unless special configurations
  589. // on a VM allow this connection. For more details, see [Special
  590. // configurations for VM
  591. // instances](https://cloud.google.com/vpc/docs/special-configurations).
  592. NO_EXTERNAL_ADDRESS = 9;
  593. // Destination internal address cannot be resolved to a known target. If
  594. // this is a shared VPC scenario, verify if the service project ID is
  595. // provided as test input. Otherwise, verify if the IP address is being
  596. // used in the project.
  597. UNKNOWN_INTERNAL_ADDRESS = 10;
  598. // Forwarding rule's protocol and ports do not match the packet header.
  599. FORWARDING_RULE_MISMATCH = 11;
  600. // Forwarding rule does not have backends configured.
  601. FORWARDING_RULE_NO_INSTANCES = 12;
  602. // Firewalls block the health check probes to the backends and cause
  603. // the backends to be unavailable for traffic from the load balancer.
  604. // For more details, see [Health check firewall
  605. // rules](https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules).
  606. FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK = 13;
  607. // Packet is sent from or to a Compute Engine instance that is not in a
  608. // running state.
  609. INSTANCE_NOT_RUNNING = 14;
  610. // The type of traffic is blocked and the user cannot configure a firewall
  611. // rule to enable it. See [Always blocked
  612. // traffic](https://cloud.google.com/vpc/docs/firewalls#blockedtraffic) for
  613. // more details.
  614. TRAFFIC_TYPE_BLOCKED = 15;
  615. // Access to Google Kubernetes Engine cluster master's endpoint is not
  616. // authorized. See [Access to the cluster
  617. // endpoints](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#access_to_the_cluster_endpoints)
  618. // for more details.
  619. GKE_MASTER_UNAUTHORIZED_ACCESS = 16;
  620. // Access to the Cloud SQL instance endpoint is not authorized.
  621. // See [Authorizing with authorized
  622. // networks](https://cloud.google.com/sql/docs/mysql/authorize-networks) for
  623. // more details.
  624. CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS = 17;
  625. // Packet was dropped inside Google Kubernetes Engine Service.
  626. DROPPED_INSIDE_GKE_SERVICE = 18;
  627. // Packet was dropped inside Cloud SQL Service.
  628. DROPPED_INSIDE_CLOUD_SQL_SERVICE = 19;
  629. // Packet was dropped because there is no peering between the originating
  630. // network and the Google Managed Services Network.
  631. GOOGLE_MANAGED_SERVICE_NO_PEERING = 20;
  632. // Packet was dropped because the Cloud SQL instance has neither a private
  633. // nor a public IP address.
  634. CLOUD_SQL_INSTANCE_NO_IP_ADDRESS = 21;
  635. }
  636. // Cause that the packet is dropped.
  637. Cause cause = 1;
  638. // URI of the resource that caused the drop.
  639. string resource_uri = 2;
  640. }
  641. // For display only. Metadata associated with a Google Kubernetes Engine (GKE)
  642. // cluster master.
  643. message GKEMasterInfo {
  644. // URI of a GKE cluster.
  645. string cluster_uri = 2;
  646. // URI of a GKE cluster network.
  647. string cluster_network_uri = 4;
  648. // Internal IP address of a GKE cluster master.
  649. string internal_ip = 5;
  650. // External IP address of a GKE cluster master.
  651. string external_ip = 6;
  652. }
  653. // For display only. Metadata associated with a Cloud SQL instance.
  654. message CloudSQLInstanceInfo {
  655. // Name of a Cloud SQL instance.
  656. string display_name = 1;
  657. // URI of a Cloud SQL instance.
  658. string uri = 2;
  659. // URI of a Cloud SQL instance network or empty string if the instance does
  660. // not have one.
  661. string network_uri = 4;
  662. // Internal IP address of a Cloud SQL instance.
  663. string internal_ip = 5;
  664. // External IP address of a Cloud SQL instance.
  665. string external_ip = 6;
  666. // Region in which the Cloud SQL instance is running.
  667. string region = 7;
  668. }