Youtube Problems with LoadBalancing on



  • Hey guys,

    I am using pfsense with loadbalancing on three DSL connections since two month now and I am very happy with it up to now. But now I encountered problems with youtube: The page loads very fast, but often the video does not open at all. To me it seems the player opens a new connection and if this uses another DSL-connection then the page it does not work. If I turn sticky connections on, youtube works fine but other pages don't…

    I tried to configure policy based routing for youtube, but the problem is, I cannot enter a domain in the destination field and I do not know all the Ips the youttube servers use (and I suppose they are changin from time to time). Any idea for me what to try next?

    Martin



  • I have the same issue, posted here
    http://forum.pfsense.org/index.php/topic,8880.0.html

    once the videos start loading, they download extremely fast.. but sometimes it takes many refreshes to get it to start to stream the video.  the rest of the page loads fine but the videos can stall from anywhere to a minute to indefinitely



  • @extremelymild:

    I tried to configure policy based routing for youtube, but the problem is, I cannot enter a domain in the destination field and I do not know all the Ips the youttube servers use (and I suppose they are changin from time to time). Any idea for me what to try next?

    I am not 100% sure of all the youtube ip ranges, but you could use the following I found for their three main subnet ranges:

    YouTube1 = 208.65.152.0/22
    YouTube2 = 64.15.112.0/20
    YouTube3 = 208.117.224.0/19

    Make an alias inside of pfsense, call it 'youtube' or whatever you'd like, and add those respective three ranges in there.  From there, edit one of your LAN rules to make sure it only goes out one of your WAN links.

    Give it a try and see if all the youtube sites and ip addresses have been covered (for now…)

    Good luck! :)



  • youtube has made some interface upgrades..  I still have problems with youtube and multiwan, now it comes back almost immediately with "We're sorry, this video is no longer available" whereas before it would just endlessly try to load. However if you refresh the page enough times, the request will go out the "correct" wan connection and the video loads fine.

    I haven't tried the instructions above, making aliases and such.. this of course won't help if they add new servers or change the IP's.   would be nice to have domain based routing somehow, make any traffic to *.youtube.com go out only one wan connection



  • In 1.3 it should be possible to use domain names. But I'm not even sure it will be good enough because when i try http://youtube.com/watch?v=fawOrelje7k&feature=related it shows an ip wheres on http://youtube.com/watch?v=LVlbpJPocsI&feature=related it's a domain.

    If you almost never use the combine download speed of the loadbalancing pool you could split the load of your clients by source instead.
    Lan firewall rule:
    Source = 192.168.1.0/25 gateway WanFailsToWan2
    Source = 192.168.1.128/25 gateway Wan2FailsToWan



  • I don't think we'll be able to accommodate policy routing by hostname for something like youtube. The IPs its DNS returns change every time you query. That means you would have to do a DNS lookup for every packet, which isn't feasible (you don't want to introduce maybe 100 ms latency waiting for DNS replies to the forwarding of all traffic, and it isn't technically feasible with the underlying software).

    In combination with some squid improvements this might be possible, that's something I want to look into further.



  • I don't think we'll be able to accommodate policy routing by hostname for something like youtube. The IPs its DNS returns change every time you query. That means you would have to do a DNS lookup for every packet, which isn't feasible (you don't want to introduce maybe 100 ms latency waiting for DNS replies to the forwarding of all traffic, and it isn't technically feasible with the underlying software).

    that's exactly what I was thinking.

    Why does youtube have a problem with 2 IPs requesting a single page???



  • @jonnytabpni:

    that's exactly what I was thinking.

    Why does youtube have a problem with 2 IPs requesting a single page???

    There's the million dollar question.  :)

    The connection that pulls the video should be on only one WAN (it's one state), so apparently there is something in the session info with the remainder of the things on the page.

    You can lookup youtube's IP assignments on arin.net, they were listed by someone previously in this thread, then create an alias including those IP blocks and add a rule to the top that routes all that traffic out one specific WAN. Their IP blocks probably don't and won't change much.



  • @razor2000:

    @extremelymild:

    I tried to configure policy based routing for youtube, but the problem is, I cannot enter a domain in the destination field and I do not know all the Ips the youttube servers use (and I suppose they are changin from time to time). Any idea for me what to try next?

    I am not 100% sure of all the youtube ip ranges, but you could use the following I found for their three main subnet ranges:

    YouTube1 = 208.65.152.0/22
    YouTube2 = 64.15.112.0/20
    YouTube3 = 208.117.224.0/19

    Make an alias inside of pfsense, call it 'youtube' or whatever you'd like, and add those respective three ranges in there.  From there, edit one of your LAN rules to make sure it only goes out one of your WAN links.

    Give it a try and see if all the youtube sites and ip addresses have been covered (for now…)

    Good luck! :)

    I've set this alias up and set it to go down 1 WAN instead of LoadBalance, but I still have issues.. obviously missing some ip ranges or something.  =P  now my users are giving me crap about it too, was hoping they'd just assume it was youtube's fault for a while  ;)



  • does Flash video get downloaded from port 80 http as normal websites are?  I thought I read somewhere like flash video server runs off a diff standard port, like maybe we could do a policy route for flash video on port 'x' to go over 1 wan

    I think I've seen this issue with other flash video sites besides youtube



  • If you almost never use the combine download speed of the loadbalancing pool you could split the load of your clients by source instead.
    Lan firewall rule:
    Source = 192.168.1.0/25 gateway WanFailsToWan2
    Source = 192.168.1.128/25 gateway Wan2FailsToWan

    What was your thoughts on my solution?



  • @Perry:

    If you almost never use the combine download speed of the loadbalancing pool you could split the load of your clients by source instead.
    Lan firewall rule:
    Source = 192.168.1.0/25 gateway WanFailsToWan2
    Source = 192.168.1.128/25 gateway Wan2FailsToWan

    What was your thoughts on my solution?

    it is interesting, I would say I'm the only 'power user' who uses the combined speed at times, but the users know about the load balancing and often like to appease themselves by doing things like going to download bandwidth speed test sites and refreshing ip-checking sites to verify 2 ip's come up alternating, etc.. its stuff I showed them once when they claimed loadbalancing made their internet 'slower' than before when we were on 1 wan only, and now any time they think they see a slowdown they are always looking for evidence it almost seems to complain with
    in other words they would probably bitch and moan if I didn't give every access to both wan's even if it fixed their youtube problem



  • Yet another poor admin being beating blue and yellow ;D

    You could also add more ip's to the loadbalancing pool. like 8 for each line



  • well I submitted a bug request/complaint to youtube via their automated help form linking them to this thread and briefly describing the problem accessing youtube from behind a load balancing router. I doubt it will do anything, if I even get a reply I'm expecting something like "This is by design"



  • Whats the easiest method to lookup all the potential IP's associated with a particular site ?    I am now getting Myspace, Facebook, Rapidshare etc. issues.    One particularly noisy user got segregated to Failover only instead of LoadBalance as Perry suggested above.. But I'd prefer having a few aliases like the youtube I have setup, so I can still use LoadBalance but seperate some websites off to only one wan



  • My guess
    http://www.squish.net/dnscheck/

    Now i also see that youtube uses googlevideo.com



  • Hi there,

    Thanks for informing us of this issue. We're currently investigating the
    situation and the issue should be resolved shortly. Thank you for your
    patience and I apologize for any inconvenience.

    Regards,

    Mydhili
    The YouTube Team

    +1 for Google if they fix this one.  Although -1 for me and my employees in lost productivity time spent watching youtubes  :D


Log in to reply