# grpc::UNAVAILABLE: No route to host on connection attempt to remote endpoint

- **ID:** `communication/grpc-unavailable-no-route-to-host`
- **Domain:** communication
- **Category:** network_error
- **Error Code:** `UNAVAILABLE`
- **Verification:** ai_generated
- **Fix Rate:** 86%

## Root Cause

gRPC client fails to establish TCP connection because the target IP address is unreachable due to network partition, firewall blocking, or incorrect DNS resolution.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| gRPC 1.45.0 | active | — | — |
| gRPC 1.50.2 | active | — | — |
| gRPC 1.56.0 | active | — | — |

## Workarounds

1. **Verify network connectivity using 'ping' and 'traceroute' to the target host: ensure the IP address is reachable and no intermediate hops are dropping packets. Then fix DNS if needed by updating /etc/hosts or DNS server records.** (90% success)
   ```
   Verify network connectivity using 'ping' and 'traceroute' to the target host: ensure the IP address is reachable and no intermediate hops are dropping packets. Then fix DNS if needed by updating /etc/hosts or DNS server records.
   ```
2. **Check firewall rules on both client and server: ensure the gRPC port (default 50051) is open. Use 'iptables -L' or 'ufw status' to verify, and add allow rules if blocked.** (85% success)
   ```
   Check firewall rules on both client and server: ensure the gRPC port (default 50051) is open. Use 'iptables -L' or 'ufw status' to verify, and add allow rules if blocked.
   ```
3. **If using Kubernetes, verify network policies and service endpoints: 'kubectl get endpoints <service-name>' to ensure pods are correctly targeted, and check for misconfigured network policies blocking cross-namespace traffic.** (80% success)
   ```
   If using Kubernetes, verify network policies and service endpoints: 'kubectl get endpoints <service-name>' to ensure pods are correctly targeted, and check for misconfigured network policies blocking cross-namespace traffic.
   ```

## Dead Ends

- **** — Increasing gRPC client timeout (e.g., setting 'grpc.timeout' to 60s) only delays failure; the underlying network issue persists. (80% fail)
- **** — Disabling TLS verification ('GRPC_SSL_CIPHER_SUITES=ALL') does not resolve routing issues and introduces security vulnerabilities. (95% fail)
- **** — Retrying with exponential backoff (e.g., using gRPC retry policy) may mask the issue temporarily but doesn't fix the route, leading to eventual timeout. (70% fail)