Why are files available via gateways even though 4001 is not exposed?

Help
, ,
1

I have set up an IPFS cluster on Kubernetes (following this guide), except that I have used a Headless service rather than a LoadBalancer (I think Headless is what the guide used to instruct, but GitHub suggests my memory is faulty :thinking: :grimacing: :sweat_smile: ).

Port 4001 does not have a public IP address and, because I have usually been able to retrieve files I added to the IPFS cluster from public gateways (e.g., IPFS, Cloudflare), I did not realize this was an issue. I only learned of it recently, when I added a new node to the cluster and none of the previously-pinned files were successfully pinning (they all stayed at PINNING status) and, when debugging, I could not successfully get a file pinned to nodes in the cluster with ipfs pin add from an IPFS peer outside the cluster.

Could someone explain to me why, if 4001 does not have a public IP address, I can get files via a public gateway but the files will not be successfully pinned by a new node in the IPFS cluster or by a peer outside the cluster? Or point me to where I can look for definitive answers? In posts in this forum, port-opening magic and port-punching are referencedā€”is that it?

My networking understanding is practically coextensive with my IPFS understanding, so Iā€™m learning as I go.

ipfs: go-ipfs:v0.4.23
ipfs-cluster: ipfs-cluster:v0.12.1

2

Hi,

First, please upgrade to latest versions.

Could someone explain to me why, if 4001 does not have a public IP address, I can get files via a public gateway but the files will not be successfully pinned by a new node in the IPFS cluster or by a peer outside the cluster? Or point me to where I can look for definitive answers? In posts in this forum, port-opening magic and port-punching are referencedā€”is that it?

I guess because the nodes managed to connect to other nodes that are publicly accessible by themselves and once they are connected the others can retrieve content. But two nodes which are not publicly accessible are going to have a hard time stablishing a connection between them.

3

But the two nodes publicly connected have to be on a specific port. They cannot just connect on any port and retrieve or allow retrieval of content

4

Even if they are not listening on any port, they can open connections to other places. In that case you normally get an ā€œephemeralā€ port for that outgoing connection.

5

Will do!

And thanks! I still donā€™t totally understand, but I think this gives me enough to do further reading/investigation.