[Jool-list] Default pool4 hashing does not work well with some video CDNs
Alberto Leiva
ydahhrk at gmail.com
Thu Apr 20 09:07:03 CST 2023
> I wonder whether this is a
> proper solution or there's some better way to tackle this problem.
Yes, you found the intended solution.
> Also I feel like this would be a nice addition to the FAQ, since such
> problems are really hard to spot.
Agree.
> Or perhaps even change the pool4
> allocation algorithm so that it tries to stick to one IPv4 address for
> one source address and just randomize ports used.
But how is this different from f-args 8?
On Wed, Apr 19, 2023 at 4:04 AM Ondřej Caletka via Jool-list
<jool-list at nic.mx> wrote:
>
> Hello,
>
> after using Jool for years in a home environment behind double NAT44
> without issues, I recently deployed Jool with a pool of public IPv4
> addresses.
>
> Everything seems to work well, except some online web-based video
> services (for instance videos on nos.nl website) do not play. Inspecting
> from browser console, I can see some HTTP 403 errors from the video CDN.
>
> Long story short, it seems that the root cause is that when playing a
> video, the browser first asks one server for a token and then starts
> downloading video from a completely different server providing that
> token. The token seems to be only valid from the IP address that
> requested it.
>
> When pool4 contains more than one IPv4 address, it is very likely that
> connections to two different servers will use two different IPv4
> addresses. This breaks this kind of video delivery. It's sort of similar
> story to [Tore's problem with FTP][ftp], except that here it's not the
> destination port change, but the destination address change that is
> causing issues.
>
> ftp: https://github.com/NICMx/Jool/issues/175#issuecomment-162601374
>
> I resolved the problem by changing the `f-args` option to 8 - so hashing
> only source address, which seems to make Jool using the same IPv4
> address for the same source IPv6 address. I wonder whether this is a
> proper solution or there's some better way to tackle this problem.
>
> Also I feel like this would be a nice addition to the FAQ, since such
> problems are really hard to spot. Or perhaps even change the pool4
> allocation algorithm so that it tries to stick to one IPv4 address for
> one source address and just randomize ports used.
>
> --
> Cheers
>
> Ondřej Caletka
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list
More information about the Jool-list
mailing list