Netflix VPN detection - actual engineer needed

Sat Jun 4 03:12:19 UTC 2016

And yeah, most every US ISP *can* route IPv6, but they just haven't for
absolutely no reason.

On Fri, Jun 3, 2016 at 11:11 PM Cryptographrix <cryptographrix at gmail.com>
wrote:

> Surely they could - for some reason they haven't.
>
> It's not better - it's desperate.
>
> But it's more than nothing.
>
> Of course, there's always the possibility that I/we will be left with 300
> septillion IPv6 IPs and nobody to route them.
>
>
> On Fri, Jun 3, 2016 at 10:58 PM Mansoor Nathani <mnathani.lists at gmail.com>
> wrote:
>
>> How is this better than getting native IPv6 from a provider? If they are
>> willing to run a BGP session with you (that too with a private ASN), surely
>> they can offer native IPv6 as well.
>>
>> On Fri, Jun 3, 2016 at 10:19 PM, Cryptographrix <cryptographrix at gmail.com
>> > wrote:
>>
>>> "A /48 is officially the smallest"...but apparently smaller gets
>>> advertised all over, and I imagine esp for private ASNs...sooooo we buy a
>>> /40 and 256 people here get /48s?
>>>
>>> That would also be hilarious if Netflix blocking HE resulted in 256-some
>>> people each getting a /48.
>>>
>>>
>>>
>>> On Fri, Jun 3, 2016 at 10:11 PM Cryptographrix <cryptographrix at gmail.com>
>>> wrote:
>>>
>>>> Nope - You'd have the /56 and only people within your /56 (or /64 if
>>>> you sliced it up nicely) would be able to do things with it routed by your
>>>> ISP.
>>>>
>>>> Of course this means we'll have to get our ISPs to listen for our BGP
>>>> advertisement...
>>>>
>>>>
>>>> On Fri, Jun 3, 2016 at 10:09 PM Mansoor Nathani <
>>>> mnathani.lists at gmail.com> wrote:
>>>>
>>>>> Wouldn't the /56 get blocked as soon as Netflix detects multiple
>>>>> accounts logging in from the same IPv6 range?
>>>>>
>>>>> On Fri, Jun 3, 2016 at 9:49 PM, Cryptographrix <
>>>>> cryptographrix at gmail.com> wrote:
>>>>>
>>>>>> This is a good idea. We should do this.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 3, 2016 at 9:48 PM Raymond Beaudoin <
>>>>>> raymond.beaudoin at icarustech.com> wrote:
>>>>>>
>>>>>> > Make it a /56 each and you've got a deal. Hell, I'll throw in a
>>>>>> round of
>>>>>> > drinks.
>>>>>> >
>>>>>> > On Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix <
>>>>>> cryptographrix at gmail.com>
>>>>>> > wrote:
>>>>>> >
>>>>>> >> We should crowdsource a /40 and split it up into /64's for each of
>>>>>> us.
>>>>>> >>
>>>>>> >>
>>>>>> >> On Fri, Jun 3, 2016 at 9:38 PM Matthew Kaufman <matthew at matthew.at
>>>>>> >
>>>>>> >> wrote:
>>>>>> >>
>>>>>> >> > If early adopter PI IPv6 was the same price as early adopter PI
>>>>>> v4
>>>>>> >> space,
>>>>>> >> > my wife would be totally on board with this solution.
>>>>>> >> >
>>>>>> >> > Matthew Kaufman
>>>>>> >> >
>>>>>> >> > (Sent from my iPhone)
>>>>>> >> >
>>>>>> >> > > On Jun 3, 2016, at 6:27 PM, Spencer Ryan <sryan at arbor.net>
>>>>>> wrote:
>>>>>> >> > >
>>>>>> >> > > Well if you have PI space just use HE's BGP tunnel offerings.
>>>>>> >> > >
>>>>>> >> > >
>>>>>> >> > > *Spencer Ryan* | Senior Systems Administrator |
>>>>>> sryan at arbor.net
>>>>>> >> > > *Arbor Networks*
>>>>>> >> > > +1.734.794.5033 (d) | +1.734.846.2053 (m)
>>>>>> >> > > www.arbornetworks.com
>>>>>> >> > >
>>>>>> >> > > On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
>>>>>> >> > > raymond.beaudoin at icarustech.com> wrote:
>>>>>> >> > >
>>>>>> >> > >> As an alternative, there are multiple cloud service offerings
>>>>>> that
>>>>>> >> will
>>>>>> >> > >> advertise your IPv6 allocations on your behalf direct to a
>>>>>> server in
>>>>>> >> > their
>>>>>> >> > >> data centers. It seems pretty tongue-in-cheek, and
>>>>>> satisfying, to
>>>>>> >> turn
>>>>>> >> > >> up a *<insert
>>>>>> >> > >> favorite virtual router instance> *and then route through it.
>>>>>> The
>>>>>> >> > Internet
>>>>>> >> > >> is such an amazing place.
>>>>>> >> > >>
>>>>>> >> > >> On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <
>>>>>> >> > cryptographrix at gmail.com>
>>>>>> >> > >> wrote:
>>>>>> >> > >>
>>>>>> >> > >>> Yeah I RAWRed to them pretty hard whilst being as
>>>>>> understanding to
>>>>>> >> the
>>>>>> >> > CS
>>>>>> >> > >>> rep that it wasn't their fault.
>>>>>> >> > >>>
>>>>>> >> > >>> They thought I was weird as anything.
>>>>>> >> > >>>
>>>>>> >> > >>> If there are any Verizon FiOS network engineers on the
>>>>>> thread, a
>>>>>> >> fellow
>>>>>> >> > >>> Verizon employee would thank you kindly for an off-thread
>>>>>> email
>>>>>> >> > regarding
>>>>>> >> > >>> BGP advertisement (I'll buy the IPv6 block and the
>>>>>> drink-of-choice,
>>>>>> >> you
>>>>>> >> > >>> configure my account to listen for route advertisement).
>>>>>> >> > >>>
>>>>>> >> > >>> Strange that it has to come to this to get "legit" IPv6
>>>>>> service.
>>>>>> >> > >>>
>>>>>> >> > >>>
>>>>>> >> > >>>
>>>>>> >> > >>>
>>>>>> >> > >>> On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
>>>>>> >> > >>> raymond.beaudoin at icarustech.com> wrote:
>>>>>> >> > >>>
>>>>>> >> > >>>> I wasn't originally affected on my he.net tunnel, but this
>>>>>> >> evening it
>>>>>> >> > >>>> started blocking. The recommended ACLs are a functional
>>>>>> temporary
>>>>>> >> > >>>> workaround, but I've also opened a request with Netflix.
>>>>>> >> > >>>>
>>>>>> >> > >>>> On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <
>>>>>> >> > ganzer at spawar.navy.mil>
>>>>>> >> > >>>> wrote:
>>>>>> >> > >>>>
>>>>>> >> > >>>>> So far I am not seeing a Netflix block on my he.net
>>>>>> tunnel yet. I
>>>>>> >> > >>>> connect
>>>>>> >> > >>>>> to the Los Angeles node, so maybe not all of HE's address
>>>>>> space is
>>>>>> >> > >> being
>>>>>> >> > >>>>> blocked.
>>>>>> >> > >>>>>
>>>>>> >> > >>>>> Not going to be disabling IPv6 here either. + HAD native
>>>>>> IPv6 from
>>>>>> >> > >> Time
>>>>>> >> > >>>>> Warner, but they decided to in their wisdom to disable IPv6
>>>>>> >> service
>>>>>> >> > >> for
>>>>>> >> > >>>>> anyone that has an Arris SB6183 due to an Arris firmware
>>>>>> bug.  And
>>>>>> >> > >> they
>>>>>> >> > >>>> are
>>>>>> >> > >>>>> taking their sweet time pushing out the fixed firmware
>>>>>> update that
>>>>>> >> > >>>> Comcast
>>>>>> >> > >>>>> and Cox seemed to be able to push to their customers last
>>>>>> fall.
>>>>>> >> > >>>>>
>>>>>> >> > >>>>> -Mark Ganzer
>>>>>> >> > >>>>>
>>>>>> >> > >>>>>
>>>>>> >> > >>>>>> On 6/3/2016 4:49 PM, Cryptographrix wrote:
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>> Depends - how many US users have native IPv6 through
>>>>>> their ISPs?
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>> If I remember correctly (I can't find the source at the
>>>>>> moment),
>>>>>> >> > >> HE.net
>>>>>> >> > >>>>>> represents something like 70% of IPv6 traffic in the US.
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>> And yeah, not doing that - actually in the middle of an
>>>>>> IPv6
>>>>>> >> project
>>>>>> >> > >> at
>>>>>> >> > >>>>>> work at the moment that's a bit important to me.
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>> On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <
>>>>>> >> > >>>> baldur.norddahl at gmail.com
>>>>>> >> > >>>>>> wrote:
>>>>>> >> > >>>>>>
>>>>>> >> > >>>>>> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <
>>>>>> >> > >>>> cryptographrix at gmail.com>:
>>>>>> >> > >>>>>>>
>>>>>> >> > >>>>>>>> The information I'm getting from Netflix support now is
>>>>>> >> explicitly
>>>>>> >> > >>>>>>> telling
>>>>>> >> > >>>>>>>
>>>>>> >> > >>>>>>>> me to turn off IPv6 - someone might want to stop them
>>>>>> before
>>>>>> >> they
>>>>>> >> > >>>>>>>> completely kill US IPv6 adoption.
>>>>>> >> > >>>>>>> Not allowing he.net tunnels is not killing ipv6. You
>>>>>> just need
>>>>>> >> > need
>>>>>> >> > >>>>>>> native
>>>>>> >> > >>>>>>> ipv6.
>>>>>> >> > >>>>>>>
>>>>>> >> > >>>>>>> On the other hand it would be nice if Netflix would try
>>>>>> the
>>>>>> >> other
>>>>>> >> > >>>>>>> protocol
>>>>>> >> > >>>>>>> before blocking.
>>>>>> >> > >>
>>>>>> >> >
>>>>>> >> >
>>>>>> >>
>>>>>> >
>>>>>> >
>>>>>>
>>>>>
>>>>>
>>