Netflix VPN detection - actual engineer needed
Mark Andrews
marka at isc.org
Wed Jun 8 05:27:04 UTC 2016
In message <20160608070525.06fd5995 at echo.ms.redpill-linpro.com>, Tore Anderson writes:
> * Davide Davini <diotonante at gmail.com>
>
> > On 04/06/2016 20:46, Owen DeLong wrote:
> > > Get your own /48 and advertise to HE Tunnel via BGP. Problem
> > > solved.
> >
> > Even though that sounds like an awesome idea it does not seem trivial
> > to me to obtain your own /48.
>
> Which is a good thing, as every new PI /48 advertised to the DFZ will
> bloat the routing tables of thousands upon thousands of routers world
> wide. It might solve the Netflix problem, but what has actually
> happened is that you've split the original problem into a thousand
> small bits and thrown one piece into each of your neighbours' gardens.
>
> I'd encourage everyone to try to fix their Netflix problem a more proper
> way before deciding to litter everyone else's routing tables with
> another PI prefix.
>
> Blocking access to Netflix via the tunnel seems like an obvious
> solution to me, for what it's worth.
And which set of prefixes is that? How often do they change? etc.
When Netfix turned on IPv6 support HE's tunnels existed. They
should be dealing with the existing environment rather than making
others work around their short comings. Tunnels, as much as some
people may not like them, will continue to be a part of the IPv6
landscape for many years to come.
Mark
> I wonder if anyone has attempted to estimate approx. how much RIB/FIB
> space a single DFZ route requires in total across the entire internet...
>
> Tore
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list