Load balancing implementation problem

Hi Team,
I am working on load balancing implementation and following a tutorial by @flyinghuman - https://github.com/jitsi/jitsi-meet/wiki/jitsi-meet-load-balancing-installation-Ubuntu-18.04-with-MUC-and-JID

After restarting the services, ideally, I should see the newly added bridge(JVB) in jicofo logs as mentioned in the doc -
Jicofo INFORMATION: [30] org.jitsi.jicofo.xmpp.BaseBrewery.processInstanceStatusChanged().329 Added brewery instance: jvb

brewery@internal.auth.<my_domain_name>/<your second JVB NICKNAME like jvb2> Jicofo INFORMATION: [30] org.jitsi.jicofo.bridge.BridgeSelector.log() Added videobridge: jvbbrewery@internal.auth.<my_domain_name>/<your second JVB NICKNAME like jvb2> v: null

But instead, I am seeing the first video bridge installed on JMS -
INFO: [38] org.jitsi.jicofo.xmpp.BaseBrewery.log() Added brewery instance: jvbbrewery@internal.auth.<my_domain_name>/3f33d92b-ca2b-4b2e-bb2b-7f97ddd74bbc

INFO: [38] org.jitsi.jicofo.bridge.BridgeSelector.log() Added new videobridge: Bridge[jid=jvbbrewery@internal.auth.<my_domain_name>/<jvb1_nickname>, relayId=null, region=null, stress=0.00]

Also, on the second videobridge(JVB), I am seeing this error being logged -
WARNING: [25] [hostname=<my_domain_name> id=shard] MucClient.lambda$getConnectAndLoginCallable$7#673: [MucClient id=shard hostname=<my_domain_name>] error connecting org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: '<my_domain_name>:5222' failed because: <my_domain_name>/<my_domain_ip_address> exception: java.net.SocketTimeoutException: connect timed out

I can see 5222 port on main(first) videobridge is open to the internet, Also I have added following config in prosody main config file just to make sure prosody listens to other IPs as well.
component_ports = { 5347 }
component_interface = "0.0.0.0"

I have also set the parameter -
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
as suggested by @RubensRainelli
I am not able to get the exact problem here. Any help would be much appreciated!

can you post the content from /etc/jitsi/videobridge/sip-communicator.properties on JMS and JVB?
i assume local firewall policy is not set correct? can you post ufw status?

Hi @flyinghuman, Thank you for replying. First of all, thank you for documenting your research.
From JMS -
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.<jms_domain_name> org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb org.jitsi.videobridge.xmpp.user.shard.PASSWORD=<jms_secret> org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.<jms_domain_name> org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb1 org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

From JVB -
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=<jms_ip_address> org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.<jms_domain_name> org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb org.jitsi.videobridge.xmpp.user.shard.PASSWORD=<jms_secret> org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.<jms_domain_name> org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=jvb2 org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

And there is no ufw configured on both JMS as well as JVB.
I also tried to change the <jms_ip_address> to <jms_domain_name> for org.jitsi.videobridge.xmpp.user.shard.HOSTNAME parameter, but still same error.

is this on one line in your config or only here at this forum? should be on two lines; maybe it crashes and does not come up therefore it also cannot connect to it :wink:

if not:
can you reach JMS from JVP?
ping <jms_ip_address>
telnet <jms_ip_address> 5222 -> timeout or a cursor/prompt?

also, have look at this howto: https://doganbros.com/index.php/jitsi/scaling-up-your-jitsi-with-jitsi-bridges/ maybe you missed something

Hi, This is on two different lines, I copied it directly which would have disorientated it.

I get the correct packet transmission for this.

But for this, strangely I get no response. But when I checked the port on an online open port checker, I could see that 5222 is open. I get this output for the above command -
telnet: Unable to connect to remote host: Connection timed out
Do I need to change any port configuration on JMS?

i just now check the new docs site, check here: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-scalable

Port 5222 must be reachable; if it is not a local firewall check the provider-firewall.

I am able to access the JMS port over internet, but not through the JVB. It’s strange, also I check my JVB for any other firewall that is involved, but there is nothing such configured.
image

I just read the doc which says,

Open to the videobridges only

  • 5222 TCP (for Prosody)
  • 5347 TCP (for Jicofo)
    Any configuration how to open ports for video-bridges only?

you could open these ports to the whole internet (0.0.0.0) or only your ip-range for the JVB’s.
do you host it in the cloud? maybe there are rules that deny traffic to the same subnet (but why)? it is a connection issue; try to get any firewall down which is involved and if it is working; enable it step wise.

strange that ping is working then.

good luck; i must go now.

Edit: try a netstat -pan | grep 5222on JMS; it should output 0.0.0.0:5222 to process lua5.1

1 Like

Sure, I will check the firewall once. Thanks alot mate, and once again thank you for documenting. Cheers!

Edit: Yup I get the same on JMS

@flyinghuman, It was indeed a problem with port 5222, which was due to a firewall in between. Thank you for your support.

I told to Jitsi team to use standard ports months ago… hope they’ll fix one day :frowning: