REST Resource: projects.locations.global.policyBasedRoutes

Resource: PolicyBasedRoute

Policy-based routes route L4 network traffic based on not just destination IP address, but also source IP address, protocol, and more. If a policy-based route conflicts with other types of routes, the policy-based route always takes precedence.

JSON representation
{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "labels": {
    string: string,
    ...
  },
  "description": string,
  "network": string,
  "filter": {
    object (Filter)
  },
  "priority": integer,
  "warnings": [
    {
      object (Warnings)
    }
  ],
  "selfLink": string,
  "kind": string,

  // Union field target can be only one of the following:
  "virtualMachine": {
    object (VirtualMachine)
  },
  "interconnectAttachment": {
    object (InterconnectAttachment)
  }
  // End of list of possible types for union field target.

  // Union field next_hop can be only one of the following:
  "nextHopIlbIp": string,
  "nextHopOtherRoutes": enum (OtherRoutes)
  // End of list of possible types for union field next_hop.
}
Fields
name

string

Immutable. A unique name of the resource in the form of projects/{projectNumber}/locations/global/PolicyBasedRoutes/{policyBasedRouteId}

createTime

string (Timestamp format)

Output only. Time when the policy-based route was created.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

updateTime

string (Timestamp format)

Output only. Time when the policy-based route was updated.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

labels

map (key: string, value: string)

User-defined labels.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

description

string

Optional. An optional description of this resource. Provide this field when you create the resource.

network

string

Required. Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.

filter

object (Filter)

Required. The filter to match L4 traffic.

priority

integer

Optional. The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.

warnings[]

object (Warnings)

Output only. If potential misconfigurations are detected for this route, this field will be populated with warning messages.

kind

string

Output only. Type of this resource. Always networkconnectivity#policyBasedRoute for policy-based Route resources.

Union field target. Target specifies network endpoints that this policy-based route applies to. If no target is specified, the PBR will be installed on all network endpoints (e.g. VMs, VPNs, and Interconnects) in the VPC. target can be only one of the following:
virtualMachine

object (VirtualMachine)

Optional. VM instances that this policy-based route applies to.

interconnectAttachment

object (InterconnectAttachment)

Optional. The interconnect attachments that this policy-based route applies to.

Union field next_hop.

next_hop can be only one of the following:

nextHopIlbIp

string

Optional. The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets. For this version, only nextHopIlbIp is supported.

nextHopOtherRoutes

enum (OtherRoutes)

Optional. Other routes that will be referenced to determine the next hop of the packet.

VirtualMachine

VM instances that this policy-based route applies to.

JSON representation
{
  "tags": [
    string
  ]
}
Fields
tags[]

string

Optional. A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here installs this PBR.

InterconnectAttachment

InterconnectAttachment that this route applies to.

JSON representation
{
  "region": string
}
Fields
region

string

Optional. Cloud region to install this policy-based route on interconnect attachment. Use all to install it on all interconnect attachments.

OtherRoutes

The other routing cases.

Enums
OTHER_ROUTES_UNSPECIFIED Default value.
DEFAULT_ROUTING Use the routes from the default routing tables (system-generated routes, custom routes, peering route) to determine the next hop. This effectively excludes matching packets being applied on other PBRs with a lower priority.

Filter

Filter matches L4 traffic.

JSON representation
{
  "ipProtocol": string,
  "srcRange": string,
  "destRange": string,
  "protocolVersion": enum (ProtocolVersion)
}
Fields
ipProtocol

string

Optional. The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.

srcRange

string

Optional. The source IP range of outgoing packets that this policy-based route applies to. Default is "0.0.0.0/0" if protocol version is IPv4 and "::/0" if protocol version is IPv6.

destRange

string

Optional. The destination IP range of outgoing packets that this policy-based route applies to. Default is "0.0.0.0/0" if protocol version is IPv4 and "::/0" if protocol version is IPv6.

protocolVersion

enum (ProtocolVersion)

Required. Internet protocol versions this policy-based route applies to. IPV4 and IPV6 is supported.

ProtocolVersion

The internet protocol version.

Enums
PROTOCOL_VERSION_UNSPECIFIED Default value.
IPV4 The PBR is for IPv4 internet protocol traffic.
IPV6 The PBR is for IPv6 internet protocol traffic.

Warnings

Informational warning message.

JSON representation
{
  "code": enum (Code),
  "data": {
    string: string,
    ...
  },
  "warningMessage": string
}
Fields
code

enum (Code)

Output only. A warning code, if applicable.

data

map (key: string, value: string)

Output only. Metadata about this warning in key: value format. The key should provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

warningMessage

string

Output only. A human-readable description of the warning code.

Code

Warning code for policy-based routing. Expect to add values in the future.

Enums
WARNING_UNSPECIFIED Default value.
RESOURCE_NOT_ACTIVE The policy-based route is not active and functioning. Common causes are that the dependent network was deleted or the resource project was turned off.
RESOURCE_BEING_MODIFIED The policy-based route is being modified (e.g. created/deleted) at this time.

Methods

create

The method google.cloud.networkconnectivity.v1beta.PolicyBasedRoutingService.CreatePolicyBasedRoute is not available in Cloud de Confiance by S3NS.

delete

The method google.cloud.networkconnectivity.v1beta.PolicyBasedRoutingService.DeletePolicyBasedRoute is not available in Cloud de Confiance by S3NS.

get

The method google.cloud.networkconnectivity.v1beta.PolicyBasedRoutingService.GetPolicyBasedRoute is not available in Cloud de Confiance by S3NS.

getIamPolicy

The method google.iam.v1.IAMPolicy.GetIamPolicy is not available in Cloud de Confiance by S3NS.

list

The method google.cloud.networkconnectivity.v1beta.PolicyBasedRoutingService.ListPolicyBasedRoutes is not available in Cloud de Confiance by S3NS.

setIamPolicy

The method google.iam.v1.IAMPolicy.SetIamPolicy is not available in Cloud de Confiance by S3NS.

testIamPermissions

The method google.iam.v1.IAMPolicy.TestIamPermissions is not available in Cloud de Confiance by S3NS.