Netflix VPN detection - actual engineer needed

Mansoor Nathani mnathani.lists at gmail.com
Sat Jun 4 02:58:13 UTC 2016


How is this better than getting native IPv6 from a provider? If they are
willing to run a BGP session with you (that too with a private ASN), surely
they can offer native IPv6 as well.

On Fri, Jun 3, 2016 at 10:19 PM, Cryptographrix <cryptographrix at gmail.com>
wrote:

> "A /48 is officially the smallest"...but apparently smaller gets
> advertised all over, and I imagine esp for private ASNs...sooooo we buy a
> /40 and 256 people here get /48s?
>
> That would also be hilarious if Netflix blocking HE resulted in 256-some
> people each getting a /48.
>
>
>
> On Fri, Jun 3, 2016 at 10:11 PM Cryptographrix <cryptographrix at gmail.com>
> wrote:
>
>> Nope - You'd have the /56 and only people within your /56 (or /64 if you
>> sliced it up nicely) would be able to do things with it routed by your ISP.
>>
>> Of course this means we'll have to get our ISPs to listen for our BGP
>> advertisement...
>>
>>
>> On Fri, Jun 3, 2016 at 10:09 PM Mansoor Nathani <mnathani.lists at gmail.com>
>> wrote:
>>
>>> Wouldn't the /56 get blocked as soon as Netflix detects multiple
>>> accounts logging in from the same IPv6 range?
>>>
>>> On Fri, Jun 3, 2016 at 9:49 PM, Cryptographrix <cryptographrix at gmail.com
>>> > wrote:
>>>
>>>> This is a good idea. We should do this.
>>>>
>>>>
>>>>
>>>> On Fri, Jun 3, 2016 at 9:48 PM Raymond Beaudoin <
>>>> raymond.beaudoin at icarustech.com> wrote:
>>>>
>>>> > Make it a /56 each and you've got a deal. Hell, I'll throw in a round
>>>> of
>>>> > drinks.
>>>> >
>>>> > On Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix <
>>>> cryptographrix at gmail.com>
>>>> > wrote:
>>>> >
>>>> >> We should crowdsource a /40 and split it up into /64's for each of
>>>> us.
>>>> >>
>>>> >>
>>>> >> On Fri, Jun 3, 2016 at 9:38 PM Matthew Kaufman <matthew at matthew.at>
>>>> >> wrote:
>>>> >>
>>>> >> > If early adopter PI IPv6 was the same price as early adopter PI v4
>>>> >> space,
>>>> >> > my wife would be totally on board with this solution.
>>>> >> >
>>>> >> > Matthew Kaufman
>>>> >> >
>>>> >> > (Sent from my iPhone)
>>>> >> >
>>>> >> > > On Jun 3, 2016, at 6:27 PM, Spencer Ryan <sryan at arbor.net>
>>>> wrote:
>>>> >> > >
>>>> >> > > Well if you have PI space just use HE's BGP tunnel offerings.
>>>> >> > >
>>>> >> > >
>>>> >> > > *Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
>>>> >> > > *Arbor Networks*
>>>> >> > > +1.734.794.5033 (d) | +1.734.846.2053 (m)
>>>> >> > > www.arbornetworks.com
>>>> >> > >
>>>> >> > > On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
>>>> >> > > raymond.beaudoin at icarustech.com> wrote:
>>>> >> > >
>>>> >> > >> As an alternative, there are multiple cloud service offerings
>>>> that
>>>> >> will
>>>> >> > >> advertise your IPv6 allocations on your behalf direct to a
>>>> server in
>>>> >> > their
>>>> >> > >> data centers. It seems pretty tongue-in-cheek, and satisfying,
>>>> to
>>>> >> turn
>>>> >> > >> up a *<insert
>>>> >> > >> favorite virtual router instance> *and then route through it.
>>>> The
>>>> >> > Internet
>>>> >> > >> is such an amazing place.
>>>> >> > >>
>>>> >> > >> On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <
>>>> >> > cryptographrix at gmail.com>
>>>> >> > >> wrote:
>>>> >> > >>
>>>> >> > >>> Yeah I RAWRed to them pretty hard whilst being as
>>>> understanding to
>>>> >> the
>>>> >> > CS
>>>> >> > >>> rep that it wasn't their fault.
>>>> >> > >>>
>>>> >> > >>> They thought I was weird as anything.
>>>> >> > >>>
>>>> >> > >>> If there are any Verizon FiOS network engineers on the thread,
>>>> a
>>>> >> fellow
>>>> >> > >>> Verizon employee would thank you kindly for an off-thread email
>>>> >> > regarding
>>>> >> > >>> BGP advertisement (I'll buy the IPv6 block and the
>>>> drink-of-choice,
>>>> >> you
>>>> >> > >>> configure my account to listen for route advertisement).
>>>> >> > >>>
>>>> >> > >>> Strange that it has to come to this to get "legit" IPv6
>>>> service.
>>>> >> > >>>
>>>> >> > >>>
>>>> >> > >>>
>>>> >> > >>>
>>>> >> > >>> On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
>>>> >> > >>> raymond.beaudoin at icarustech.com> wrote:
>>>> >> > >>>
>>>> >> > >>>> I wasn't originally affected on my he.net tunnel, but this
>>>> >> evening it
>>>> >> > >>>> started blocking. The recommended ACLs are a functional
>>>> temporary
>>>> >> > >>>> workaround, but I've also opened a request with Netflix.
>>>> >> > >>>>
>>>> >> > >>>> On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <
>>>> >> > ganzer at spawar.navy.mil>
>>>> >> > >>>> wrote:
>>>> >> > >>>>
>>>> >> > >>>>> So far I am not seeing a Netflix block on my he.net tunnel
>>>> yet. I
>>>> >> > >>>> connect
>>>> >> > >>>>> to the Los Angeles node, so maybe not all of HE's address
>>>> space is
>>>> >> > >> being
>>>> >> > >>>>> blocked.
>>>> >> > >>>>>
>>>> >> > >>>>> Not going to be disabling IPv6 here either. + HAD native
>>>> IPv6 from
>>>> >> > >> Time
>>>> >> > >>>>> Warner, but they decided to in their wisdom to disable IPv6
>>>> >> service
>>>> >> > >> for
>>>> >> > >>>>> anyone that has an Arris SB6183 due to an Arris firmware
>>>> bug.  And
>>>> >> > >> they
>>>> >> > >>>> are
>>>> >> > >>>>> taking their sweet time pushing out the fixed firmware
>>>> update that
>>>> >> > >>>> Comcast
>>>> >> > >>>>> and Cox seemed to be able to push to their customers last
>>>> fall.
>>>> >> > >>>>>
>>>> >> > >>>>> -Mark Ganzer
>>>> >> > >>>>>
>>>> >> > >>>>>
>>>> >> > >>>>>> On 6/3/2016 4:49 PM, Cryptographrix wrote:
>>>> >> > >>>>>>
>>>> >> > >>>>>> Depends - how many US users have native IPv6 through their
>>>> ISPs?
>>>> >> > >>>>>>
>>>> >> > >>>>>> If I remember correctly (I can't find the source at the
>>>> moment),
>>>> >> > >> HE.net
>>>> >> > >>>>>> represents something like 70% of IPv6 traffic in the US.
>>>> >> > >>>>>>
>>>> >> > >>>>>> And yeah, not doing that - actually in the middle of an IPv6
>>>> >> project
>>>> >> > >> at
>>>> >> > >>>>>> work at the moment that's a bit important to me.
>>>> >> > >>>>>>
>>>> >> > >>>>>>
>>>> >> > >>>>>>
>>>> >> > >>>>>>
>>>> >> > >>>>>> On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <
>>>> >> > >>>> baldur.norddahl at gmail.com
>>>> >> > >>>>>> wrote:
>>>> >> > >>>>>>
>>>> >> > >>>>>> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <
>>>> >> > >>>> cryptographrix at gmail.com>:
>>>> >> > >>>>>>>
>>>> >> > >>>>>>>> The information I'm getting from Netflix support now is
>>>> >> explicitly
>>>> >> > >>>>>>> telling
>>>> >> > >>>>>>>
>>>> >> > >>>>>>>> me to turn off IPv6 - someone might want to stop them
>>>> before
>>>> >> they
>>>> >> > >>>>>>>> completely kill US IPv6 adoption.
>>>> >> > >>>>>>> Not allowing he.net tunnels is not killing ipv6. You just
>>>> need
>>>> >> > need
>>>> >> > >>>>>>> native
>>>> >> > >>>>>>> ipv6.
>>>> >> > >>>>>>>
>>>> >> > >>>>>>> On the other hand it would be nice if Netflix would try the
>>>> >> other
>>>> >> > >>>>>>> protocol
>>>> >> > >>>>>>> before blocking.
>>>> >> > >>
>>>> >> >
>>>> >> >
>>>> >>
>>>> >
>>>> >
>>>>
>>>
>>>



More information about the NANOG mailing list