[Jool-list] Default pool4 hashing does not work well with some video CDNs
Ondřej Caletka
ondrej at caletka.cz
Wed Apr 19 04:04:33 CST 2023
Hello,
after using Jool for years in a home environment behind double NAT44
without issues, I recently deployed Jool with a pool of public IPv4
addresses.
Everything seems to work well, except some online web-based video
services (for instance videos on nos.nl website) do not play. Inspecting
from browser console, I can see some HTTP 403 errors from the video CDN.
Long story short, it seems that the root cause is that when playing a
video, the browser first asks one server for a token and then starts
downloading video from a completely different server providing that
token. The token seems to be only valid from the IP address that
requested it.
When pool4 contains more than one IPv4 address, it is very likely that
connections to two different servers will use two different IPv4
addresses. This breaks this kind of video delivery. It's sort of similar
story to [Tore's problem with FTP][ftp], except that here it's not the
destination port change, but the destination address change that is
causing issues.
ftp: https://github.com/NICMx/Jool/issues/175#issuecomment-162601374
I resolved the problem by changing the `f-args` option to 8 - so hashing
only source address, which seems to make Jool using the same IPv4
address for the same source IPv6 address. I wonder whether this is a
proper solution or there's some better way to tackle this problem.
Also I feel like this would be a nice addition to the FAQ, since such
problems are really hard to spot. Or perhaps even change the pool4
allocation algorithm so that it tries to stick to one IPv4 address for
one source address and just randomize ports used.
--
Cheers
Ondřej Caletka
More information about the Jool-list
mailing list