Netflix VPN detection - actual engineer needed

Sat Jun 4 01:32:45 UTC 2016

Fair point, Spencer! Only Netflix engineers could tell us how they're
determining networks to be blocked, but I'm paranoid they're dynamically
updating based  AS PATH. I figured HE's ASN may have made the naughty list.
Admittedly, that would be pretty drastic. Time to do some testing. :>

On Fri, Jun 3, 2016 at 8:27 PM, Spencer Ryan <sryan at arbor.net> wrote:

> Well if you have PI space just use HE's BGP tunnel offerings.
>
>
> *Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
> *Arbor Networks*
> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> www.arbornetworks.com
>
> On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
> raymond.beaudoin at icarustech.com> wrote:
>
>> As an alternative, there are multiple cloud service offerings that will
>> advertise your IPv6 allocations on your behalf direct to a server in their
>> data centers. It seems pretty tongue-in-cheek, and satisfying, to turn
>> up a *<insert
>> favorite virtual router instance> *and then route through it. The Internet
>>
>> is such an amazing place.
>>
>> On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <cryptographrix at gmail.com>
>> wrote:
>>
>> > Yeah I RAWRed to them pretty hard whilst being as understanding to the
>> CS
>> > rep that it wasn't their fault.
>> >
>> > They thought I was weird as anything.
>> >
>> > If there are any Verizon FiOS network engineers on the thread, a fellow
>> > Verizon employee would thank you kindly for an off-thread email
>> regarding
>> > BGP advertisement (I'll buy the IPv6 block and the drink-of-choice, you
>> > configure my account to listen for route advertisement).
>> >
>> > Strange that it has to come to this to get "legit" IPv6 service.
>> >
>> >
>> >
>> >
>> > On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
>> > raymond.beaudoin at icarustech.com> wrote:
>> >
>> >> I wasn't originally affected on my he.net tunnel, but this evening it
>> >> started blocking. The recommended ACLs are a functional temporary
>> >> workaround, but I've also opened a request with Netflix.
>> >>
>> >> On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <ganzer at spawar.navy.mil
>> >
>> >> wrote:
>> >>
>> >> > So far I am not seeing a Netflix block on my he.net tunnel yet. I
>> >> connect
>> >> > to the Los Angeles node, so maybe not all of HE's address space is
>> being
>> >> > blocked.
>> >> >
>> >> > Not going to be disabling IPv6 here either. + HAD native IPv6 from
>> Time
>> >> > Warner, but they decided to in their wisdom to disable IPv6 service
>> for
>> >> > anyone that has an Arris SB6183 due to an Arris firmware bug.  And
>> they
>> >> are
>> >> > taking their sweet time pushing out the fixed firmware update that
>> >> Comcast
>> >> > and Cox seemed to be able to push to their customers last fall.
>> >> >
>> >> > -Mark Ganzer
>> >> >
>> >> >
>> >> > On 6/3/2016 4:49 PM, Cryptographrix wrote:
>> >> >
>> >> >> Depends - how many US users have native IPv6 through their ISPs?
>> >> >>
>> >> >> If I remember correctly (I can't find the source at the moment),
>> HE.net
>> >> >> represents something like 70% of IPv6 traffic in the US.
>> >> >>
>> >> >> And yeah, not doing that - actually in the middle of an IPv6
>> project at
>> >> >> work at the moment that's a bit important to me.
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <
>> >> baldur.norddahl at gmail.com
>> >> >> >
>> >> >> wrote:
>> >> >>
>> >> >> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <
>> >> cryptographrix at gmail.com>:
>> >> >>>
>> >> >>>> The information I'm getting from Netflix support now is explicitly
>> >> >>>>
>> >> >>> telling
>> >> >>>
>> >> >>>> me to turn off IPv6 - someone might want to stop them before they
>> >> >>>> completely kill US IPv6 adoption.
>> >> >>>>
>> >> >>> Not allowing he.net tunnels is not killing ipv6. You just need
>> need
>> >> >>> native
>> >> >>> ipv6.
>> >> >>>
>> >> >>> On the other hand it would be nice if Netflix would try the other
>> >> >>> protocol
>> >> >>> before blocking.
>> >> >>>
>> >> >>>
>> >> >
>> >>
>> >
>>
>
>