Introduction
This article introduces the steps for troubleshooting VDS-IS delivery service got 403 access issue on the client side.
Problem Description
Sometimes it is reported to receive an access denied when trying play video stream through the CDS-IS platform, the http error code was seen as 403(Access Denied).
Troubleshooting Steps
1, Collect some details about the issue:
Device list:
IP address of Service Engine 1: xxx.xxx.xxx.xxx SENMAE001
IP address of Service Engine 2: yyy.yyy.yyy.yyy SENMAE002
(Note: also checked the configuration, device SENMAE001 was assigned for the affected delivery service but SENMAE002 was not)
Service router domain name (SRDN):
http://<srdn>
Delivery Service Name:
<DSName>
Affected video file (example):
http://<srdn>/<directory>/<filename.mp4>
2, Check the cache-route for the affected content:
Content URL: http://<srdn>/<directory>/<filename.mp4>
It always show the cache route point to yyy.yyy.yyy.yyy which is SENAME002, but for the actual delivery service configuration had only SENAME001 assigned.
SENAME001#show cache-router routes web-engine http://<srdn>/<directory>/<filename.mp4>;
The route: [ yyy.yyy.yyy.yyy/ ] will be used to cache the asset for URL=http://<srdn>/<directory>/<filename.mp4>
3, Try to remove the device SENAME001 from the delivery service
But the issue might still persist, the cache route would stuck on the un-assigned device:
SENAME001#show cache-router routes web-engine http://<srdn>/<directory>/<filename>.mp4
The route: [ yyy.yyy.yyy.yyy/ ] will be used to cache the asset for URL=http://<srdn>/<directory>/<filename>.mp4
If the cache route stuck on yyy.yyy.yyy.yyy (SENAME002) while it is not assigned for the delivery service, that’s why the client will get 403 rejection when try to download the files.
4, Workaround
As workaround, please remove device SENAME001 from the CDSM management, and add it back, this would trigger the cache route to be cleared and updated.
Afterwards we could see the cache route for content http://<OS Domain Name>/<directory>/<filename>.mp4 should be updated to be null, (please note the null is expected in this case because there is only 1 device was assigned to the delivery service)
SENAME001#show cache-router routes web-engine http://<srdn>/<directory>/<filename>.mp4
The route: [ (null) ] will be used to cache the asset for URL=http://<srdn>/<directory>/<filename>.mp4
Now from the clients side the delivery service should start to work fine.
Conclusion
As explained above in troubleshooting steps 3, the 403 was returned to the client’s request was because the clients' request went to device SENAME002 above while it was not assigned to the delivery service
Potential root cause for cache route stuck on SENAME002:
1, The device SENAME002 might be configured as one of the cache engine previously but the device was removed before it was un-offloaded, thus the cache route got stuck
2, There might be some unknown issue for the service router to handle in such situation
Recommendation
Upgrade to a later version of VDS-IS software, 3.3.1 b120 would be recommended