Recently, we've seen partners run into issues with subscribers subscribing to another publisher. The typical symptoms manifest as attempting to subscribe, and the subscriber sometimes successfully seeing video/audio for some seconds, then an abrupt cut to a black screen with the message "The stream was unable to connect due to a network error. Make sure your connection isn't blocked by a firewall."
We've discovered this could be due to a Meraki appliances, which are cloud managed wireless access points. Meraki's firewall configuration has an option labeled "Layer 7 filtering", which allows for a rule called "Peer-to-peer (P2P)". If the configuration is set to "Deny" and "All" under this rule, this falsely identifies subscriber video and audio connections as P2P traffic, and blocks the pings messages for one of the media streams. This, in turn, causes OpenTok's media server to assume the lack of response to its server pings to mean that the client has dropped the connection, causing OpenTok to drop the media stream to the subscriber, resulting in the black screen scenario outlined from earlier.
There are specific subsets of the "Peer-to-peer (P2P)" rule - please see the following Meraki documentation:
These are the results of our in-house tests for the specific configurations:
- All P2P traffic denied = OpenTok subscriber failure
- BitTorrent traffic denied = OpenTok subscriber failure
- DC++ traffic denied = Success
- eDonkeytraffic denied = Success
- Encrypted P2P traffic denied = OpenTok subscriber failure
- Gnutella traffic denied = Success
- Kazaa traffic denied = Success