Troubleshoot cross-cloud Lakehouse for Apache Iceberg issues

This page shows you how to resolve common connectivity and routing issues when you use a private interconnect with cross-cloud Lakehouse for Apache Iceberg.

Connectivity or routing issues

If you encounter connectivity or routing issues when you use a private interconnect, verify the following:

• Verify route propagation: Check the Cloud Router in Google Cloud to verify that it has learned the AWS VPC prefixes. Check your AWS route tables to verify that they have routes back to your Google Cloud VPC.
• Check ILB health: In the Google Cloud console, go to Network Services > Load balancing. Check whether the backends (NEGs) for your ILB backend service are healthy. If they aren't, verify network connectivity and AWS Security Group rules.
• Test connectivity from Google Cloud: Launch a test VM instance in the same Google Cloud VPC and subnet as the ILB or Service Directory endpoint and try to connect to the AWS ENI IP addresses on port 443 (for example, by using curl or telnet).
• Service Directory resolution: Verify that the catalog's service account has permissions to resolve Service Directory endpoints (roles/servicedirectory.viewer, roles/servicedirectory.pscAuthorizedService).
• Security Groups and firewall rules: Verify that Google Cloud firewall rules and AWS Security Groups allow traffic on TCP port 443 between the relevant IP ranges.