Netflix VPN detection - actual engineer needed

Cryptographrix cryptographrix at gmail.com
Sat Jun 4 02:19:44 UTC 2016


"A /48 is officially the smallest"...but apparently smaller gets advertised
all over, and I imagine esp for private ASNs...sooooo we buy a /40 and 256
people here get /48s?

That would also be hilarious if Netflix blocking HE resulted in 256-some
people each getting a /48.



On Fri, Jun 3, 2016 at 10:11 PM Cryptographrix <cryptographrix at gmail.com>
wrote:

> Nope - You'd have the /56 and only people within your /56 (or /64 if you
> sliced it up nicely) would be able to do things with it routed by your ISP.
>
> Of course this means we'll have to get our ISPs to listen for our BGP
> advertisement...
>
>
> On Fri, Jun 3, 2016 at 10:09 PM Mansoor Nathani <mnathani.lists at gmail.com>
> wrote:
>
>> Wouldn't the /56 get blocked as soon as Netflix detects multiple accounts
>> logging in from the same IPv6 range?
>>
>> On Fri, Jun 3, 2016 at 9:49 PM, Cryptographrix <cryptographrix at gmail.com>
>> wrote:
>>
>>> This is a good idea. We should do this.
>>>
>>>
>>>
>>> On Fri, Jun 3, 2016 at 9:48 PM Raymond Beaudoin <
>>> raymond.beaudoin at icarustech.com> wrote:
>>>
>>> > Make it a /56 each and you've got a deal. Hell, I'll throw in a round
>>> of
>>> > drinks.
>>> >
>>> > On Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix <
>>> cryptographrix at gmail.com>
>>> > wrote:
>>> >
>>> >> We should crowdsource a /40 and split it up into /64's for each of us.
>>> >>
>>> >>
>>> >> On Fri, Jun 3, 2016 at 9:38 PM Matthew Kaufman <matthew at matthew.at>
>>> >> wrote:
>>> >>
>>> >> > If early adopter PI IPv6 was the same price as early adopter PI v4
>>> >> space,
>>> >> > my wife would be totally on board with this solution.
>>> >> >
>>> >> > Matthew Kaufman
>>> >> >
>>> >> > (Sent from my iPhone)
>>> >> >
>>> >> > > On Jun 3, 2016, at 6:27 PM, Spencer Ryan <sryan at arbor.net> wrote:
>>> >> > >
>>> >> > > Well if you have PI space just use HE's BGP tunnel offerings.
>>> >> > >
>>> >> > >
>>> >> > > *Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
>>> >> > > *Arbor Networks*
>>> >> > > +1.734.794.5033 (d) | +1.734.846.2053 (m)
>>> >> > > www.arbornetworks.com
>>> >> > >
>>> >> > > On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
>>> >> > > raymond.beaudoin at icarustech.com> wrote:
>>> >> > >
>>> >> > >> As an alternative, there are multiple cloud service offerings
>>> that
>>> >> will
>>> >> > >> advertise your IPv6 allocations on your behalf direct to a
>>> server in
>>> >> > their
>>> >> > >> data centers. It seems pretty tongue-in-cheek, and satisfying, to
>>> >> turn
>>> >> > >> up a *<insert
>>> >> > >> favorite virtual router instance> *and then route through it. The
>>> >> > Internet
>>> >> > >> is such an amazing place.
>>> >> > >>
>>> >> > >> On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <
>>> >> > cryptographrix at gmail.com>
>>> >> > >> wrote:
>>> >> > >>
>>> >> > >>> Yeah I RAWRed to them pretty hard whilst being as understanding
>>> to
>>> >> the
>>> >> > CS
>>> >> > >>> rep that it wasn't their fault.
>>> >> > >>>
>>> >> > >>> They thought I was weird as anything.
>>> >> > >>>
>>> >> > >>> If there are any Verizon FiOS network engineers on the thread, a
>>> >> fellow
>>> >> > >>> Verizon employee would thank you kindly for an off-thread email
>>> >> > regarding
>>> >> > >>> BGP advertisement (I'll buy the IPv6 block and the
>>> drink-of-choice,
>>> >> you
>>> >> > >>> configure my account to listen for route advertisement).
>>> >> > >>>
>>> >> > >>> Strange that it has to come to this to get "legit" IPv6 service.
>>> >> > >>>
>>> >> > >>>
>>> >> > >>>
>>> >> > >>>
>>> >> > >>> On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
>>> >> > >>> raymond.beaudoin at icarustech.com> wrote:
>>> >> > >>>
>>> >> > >>>> I wasn't originally affected on my he.net tunnel, but this
>>> >> evening it
>>> >> > >>>> started blocking. The recommended ACLs are a functional
>>> temporary
>>> >> > >>>> workaround, but I've also opened a request with Netflix.
>>> >> > >>>>
>>> >> > >>>> On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <
>>> >> > ganzer at spawar.navy.mil>
>>> >> > >>>> wrote:
>>> >> > >>>>
>>> >> > >>>>> So far I am not seeing a Netflix block on my he.net tunnel
>>> yet. I
>>> >> > >>>> connect
>>> >> > >>>>> to the Los Angeles node, so maybe not all of HE's address
>>> space is
>>> >> > >> being
>>> >> > >>>>> blocked.
>>> >> > >>>>>
>>> >> > >>>>> Not going to be disabling IPv6 here either. + HAD native IPv6
>>> from
>>> >> > >> Time
>>> >> > >>>>> Warner, but they decided to in their wisdom to disable IPv6
>>> >> service
>>> >> > >> for
>>> >> > >>>>> anyone that has an Arris SB6183 due to an Arris firmware
>>> bug.  And
>>> >> > >> they
>>> >> > >>>> are
>>> >> > >>>>> taking their sweet time pushing out the fixed firmware update
>>> that
>>> >> > >>>> Comcast
>>> >> > >>>>> and Cox seemed to be able to push to their customers last
>>> fall.
>>> >> > >>>>>
>>> >> > >>>>> -Mark Ganzer
>>> >> > >>>>>
>>> >> > >>>>>
>>> >> > >>>>>> On 6/3/2016 4:49 PM, Cryptographrix wrote:
>>> >> > >>>>>>
>>> >> > >>>>>> Depends - how many US users have native IPv6 through their
>>> ISPs?
>>> >> > >>>>>>
>>> >> > >>>>>> If I remember correctly (I can't find the source at the
>>> moment),
>>> >> > >> HE.net
>>> >> > >>>>>> represents something like 70% of IPv6 traffic in the US.
>>> >> > >>>>>>
>>> >> > >>>>>> And yeah, not doing that - actually in the middle of an IPv6
>>> >> project
>>> >> > >> at
>>> >> > >>>>>> work at the moment that's a bit important to me.
>>> >> > >>>>>>
>>> >> > >>>>>>
>>> >> > >>>>>>
>>> >> > >>>>>>
>>> >> > >>>>>> On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <
>>> >> > >>>> baldur.norddahl at gmail.com
>>> >> > >>>>>> wrote:
>>> >> > >>>>>>
>>> >> > >>>>>> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <
>>> >> > >>>> cryptographrix at gmail.com>:
>>> >> > >>>>>>>
>>> >> > >>>>>>>> The information I'm getting from Netflix support now is
>>> >> explicitly
>>> >> > >>>>>>> telling
>>> >> > >>>>>>>
>>> >> > >>>>>>>> me to turn off IPv6 - someone might want to stop them
>>> before
>>> >> they
>>> >> > >>>>>>>> completely kill US IPv6 adoption.
>>> >> > >>>>>>> Not allowing he.net tunnels is not killing ipv6. You just
>>> need
>>> >> > need
>>> >> > >>>>>>> native
>>> >> > >>>>>>> ipv6.
>>> >> > >>>>>>>
>>> >> > >>>>>>> On the other hand it would be nice if Netflix would try the
>>> >> other
>>> >> > >>>>>>> protocol
>>> >> > >>>>>>> before blocking.
>>> >> > >>
>>> >> >
>>> >> >
>>> >>
>>> >
>>> >
>>>
>>
>>



More information about the NANOG mailing list