Netflix VPN detection - actual engineer needed

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Jun 6 19:44:14 UTC 2016


On Mon, 06 Jun 2016 20:30:02 +0100, Aled Morris said:
> Maybe HE's IPv6 tunnel packets could be flagged with a destination option
> (extension header field) that records the end-user's IPv4 tunnel endpoint
> so geolocation could be done in the "old fashioned" way on that address.
>
> Similar to the way that edns-client-subnet records the end user's address
> for geolocation purposes.

First, you'd need buy-in from other tunnel providers.  Doing it one-off for HE
isn't a scalable answer.  And if Netflix can't be bothered to consult rwhois
for the ownership (which could be used for other use cases as well), they
certainly aren't going to do *new* code as a one-off.

Second, you'd need to make sure the extension header didn't get molested or
dropped by anything on its way to Netflix.  (edns-client-subnet leaves its
cookie crumbs a few levels higher in the stack, so is less likely to be mangled
by recalcitrant routers)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160606/d31c8967/attachment.sig>


More information about the NANOG mailing list