Websocket proxy issues
Hello, we run a websocket game server, yesterday I switched it to a CF proxy for DDoS protection.
The issue is that it works fine for some players, but some get randomly disconnected while some aren't even able to connect properly.
Is there any solution for this? Thanks!
43 Replies
Do you have any metrics showing disconnects? Could it be user internet issues?
you mean cloudflare logs?
it's not internet issues because, there were no problems when we connected directly to the IP
since then many players have issues (including me)
When you say websocket game, is it conencting to a port other than 80/443?
@MinatoTW
it happens for various people in various countries
I connect with the domain ws://
but in CF rules I set it to rewrite port to 7350
I'm on pro
around 800 players right now
@MinatoTW and you are NOT using Spectrum is this correct?
nope
oh, it's web sockets. The normal proxy supports that.
would really appreciate any help here because I need the DDoS protection cus we got ddosed last week
someone just reported disconnects, I made them use a VPN
it worked fine, then they stopped the VPN and now it's working fine
Very weird
I'm not sure if it's DNS stuff
websockets have a rather random disconnection thing for persistently open connections due to metal restarts. Our colos' individual machines restart themselves as needed to deploy new code, as part of watchdog events, network problems, etc.
https://developers.cloudflare.com/network/websockets/#technical-note
Cloudflare Docs
WebSockets
Cloudflare supports proxied WebSocket connections without additional configuration.
the keepalive option would be good since it could "refresh" a websocket connection every x seconds so a disconnect can be reconnected and persisted instead of the user needing to re-init the connection
we have an automatic reconnection but it gets rather annoying mid battle
players just have 30s to take a turn
if they disconnect say at 3s then they lose turn
is this a web browser based game?
the client does a ping pong as well
no it's Godot
oh nifty.
is there anything which can help me at business tier?
how frequent are the restarts btw?
sometimes I myself get disconnected within 10 mins
it's not scheduled.
No... as much as I hate to say this, Cloudflare's proxy is not great for persistent connections for gaming applications...
The only major exception to this would be Spectrum, but that does come with a cost because raw tcp/udp and http/https applications (including wss) are Enterprise plan add-ons that aren't available on pro/biz. :pepe_sadgers:
unfortunate, I can't really enterprise rn
and I can't afford not using the DDoS protection either ðŸ˜
I do know there are other services that offer gaming ddos protection but i don't know if they support websockets.
can you name them?
btw any idea why this fixed it?
another user reported being able to play on his mac but not windows on the same network
I asked him to purge DNS but still no dice
if its VPN/on the same network its most likley bypassing all of Cloudflare in of itself, depending on how those networks/vpn is set up.
how would it bypass CF?
VPNs are point to point - they're connecting directly to the endpoint, not through Cloudflare.
yeah but my origin IP isn't known right?
the DNS still needs to be resolved
Which resolved to a CF IP
That depends on how you have your VPn setup, if its sitting on the same network as the game host, then it connects via a local IP. or directly to the games IP itself.
oh you mean a public vpn. hmm, yeah a lot of unknowns here.
no it's not
the user is in Philippines my server is in Germany
and after he disconnected the VPN the game turned stable
I specifically remember working a couple cases on websockets where this sort of thing was happening (the random disconnects) but I don't remember the outcome of the investigation...
I can look those cases up when I'm on shift again tomorrow and get back to you about it.
appreciate it, thanks a lot
specially since I didn't get a response to my ticket ðŸ˜
What's your case number? @MinatoTW
01522339
Got it - I just took it and will check it tomorrow.
thank you
@MinatoTW actually i just looked something up.
i'm going to check two settings for your zone internally and see if it can help out. I need to see if the settings can be applied to your zone, and check if it will terminate existing connections first. If so I will work with you for a possible maintenance window.
Case update shortly, standby.
got it
hey @Ramstik
sorry for the ping, any luck?
if not, maybe we can continue tomorrow?
because it's late here
I just replied to your case - need you to read over and confirm via a reply.
that's what i'm looking at. I wasn't aware that feature's name was public.
nvm, just replied
thanks
um?
@MinatoTW It's done.
Monitor it over the next couple days and let me know if you see any improvement. :thumbsup:
thank you!
@MinatoTW see if you can run a couple tests on your end, make sure that origin rule doesn't mess with the new WSS logic.
I'm using ws right now, not wss
I've found wss to have higher performance impact
plus there's nothing sensitive transferred
Oh my bad. Still, just thinking and I want to make sure that rule is not a factor.
yeah will do, thanks
:thumbsup: @ me anytime here if something urgent comes up.
in the works.