> I wonder whether this is a > proper solution or there's some better way to tackle this problem.
Yes, you found the intended solution. > Also I feel like this would be a nice addition to the FAQ, since such > problems are really hard to spot. Agree. > Or perhaps even change the pool4 > allocation algorithm so that it tries to stick to one IPv4 address for > one source address and just randomize ports used. But how is this different from f-args 8? On Wed, Apr 19, 2023 at 4:04 AM Ondřej Caletka via Jool-list <[email protected]> wrote: > > Hello, > > after using Jool for years in a home environment behind double NAT44 > without issues, I recently deployed Jool with a pool of public IPv4 > addresses. > > Everything seems to work well, except some online web-based video > services (for instance videos on nos.nl website) do not play. Inspecting > from browser console, I can see some HTTP 403 errors from the video CDN. > > Long story short, it seems that the root cause is that when playing a > video, the browser first asks one server for a token and then starts > downloading video from a completely different server providing that > token. The token seems to be only valid from the IP address that > requested it. > > When pool4 contains more than one IPv4 address, it is very likely that > connections to two different servers will use two different IPv4 > addresses. This breaks this kind of video delivery. It's sort of similar > story to [Tore's problem with FTP][ftp], except that here it's not the > destination port change, but the destination address change that is > causing issues. > > ftp: https://github.com/NICMx/Jool/issues/175#issuecomment-162601374 > > I resolved the problem by changing the `f-args` option to 8 - so hashing > only source address, which seems to make Jool using the same IPv4 > address for the same source IPv6 address. I wonder whether this is a > proper solution or there's some better way to tackle this problem. > > Also I feel like this would be a nice addition to the FAQ, since such > problems are really hard to spot. Or perhaps even change the pool4 > allocation algorithm so that it tries to stick to one IPv4 address for > one source address and just randomize ports used. > > -- > Cheers > > Ondřej Caletka > _______________________________________________ > Jool-list mailing list > [email protected] > https://mail-lists.nic.mx/listas/listinfo/jool-list _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
