grpc::UNAVAILABLE:连接远程端点时无到达主机的路由
grpc::UNAVAILABLE: No route to host on connection attempt to remote endpoint
ID: communication/grpc-unavailable-no-route-to-host
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| gRPC 1.45.0 | active | — | — | — |
| gRPC 1.50.2 | active | — | — | — |
| gRPC 1.56.0 | active | — | — | — |
根因分析
gRPC 客户端无法建立 TCP 连接,因为目标 IP 地址由于网络分区、防火墙阻止或 DNS 解析错误而不可达。
English
gRPC client fails to establish TCP connection because the target IP address is unreachable due to network partition, firewall blocking, or incorrect DNS resolution.
官方文档
https://grpc.io/docs/guides/error-codes/解决方案
-
Verify network connectivity using 'ping' and 'traceroute' to the target host: ensure the IP address is reachable and no intermediate hops are dropping packets. Then fix DNS if needed by updating /etc/hosts or DNS server records.
-
Check firewall rules on both client and server: ensure the gRPC port (default 50051) is open. Use 'iptables -L' or 'ufw status' to verify, and add allow rules if blocked.
-
If using Kubernetes, verify network policies and service endpoints: 'kubectl get endpoints <service-name>' to ensure pods are correctly targeted, and check for misconfigured network policies blocking cross-namespace traffic.
无效尝试
常见但无效的做法:
-
80% 失败
Increasing gRPC client timeout (e.g., setting 'grpc.timeout' to 60s) only delays failure; the underlying network issue persists.
-
95% 失败
Disabling TLS verification ('GRPC_SSL_CIPHER_SUITES=ALL') does not resolve routing issues and introduces security vulnerabilities.
-
70% 失败
Retrying with exponential backoff (e.g., using gRPC retry policy) may mask the issue temporarily but doesn't fix the route, leading to eventual timeout.