# grpc::UNAVAILABLE：连接远程端点时无到达主机的路由

- **ID:** `communication/grpc-unavailable-no-route-to-host`
- **领域:** communication
- **类别:** network_error
- **错误码:** `UNAVAILABLE`
- **验证级别:** ai_generated
- **修复率:** 86%

## 根因

gRPC 客户端无法建立 TCP 连接，因为目标 IP 地址由于网络分区、防火墙阻止或 DNS 解析错误而不可达。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| gRPC 1.45.0 | active | — | — |
| gRPC 1.50.2 | active | — | — |
| gRPC 1.56.0 | active | — | — |

## 解决方案

1. ```
   Verify network connectivity using 'ping' and 'traceroute' to the target host: ensure the IP address is reachable and no intermediate hops are dropping packets. Then fix DNS if needed by updating /etc/hosts or DNS server records.
   ```
2. ```
   Check firewall rules on both client and server: ensure the gRPC port (default 50051) is open. Use 'iptables -L' or 'ufw status' to verify, and add allow rules if blocked.
   ```
3. ```
   If using Kubernetes, verify network policies and service endpoints: 'kubectl get endpoints <service-name>' to ensure pods are correctly targeted, and check for misconfigured network policies blocking cross-namespace traffic.
   ```

## 无效尝试

- **** — Increasing gRPC client timeout (e.g., setting 'grpc.timeout' to 60s) only delays failure; the underlying network issue persists. (80% 失败率)
- **** — Disabling TLS verification ('GRPC_SSL_CIPHER_SUITES=ALL') does not resolve routing issues and introduces security vulnerabilities. (95% 失败率)
- **** — Retrying with exponential backoff (e.g., using gRPC retry policy) may mask the issue temporarily but doesn't fix the route, leading to eventual timeout. (70% 失败率)