netflix proxy/unblocker false detection

Owen DeLong owen at delong.com
Fri Jun 26 13:48:49 UTC 2020


> On Jun 25, 2020, at 8:38 AM, Mark Tinka <mark.tinka at seacom.com> wrote:
> 
> 
> 
> On 25/Jun/20 16:45, Christian wrote:
>> wow. blaming support for IPv6 rather than using cgnat is a huge
>> stretch of credibility
> 
> I have no idea what's going through Netflix's mind - it's all, as my
> American friend would say, conjecturbation on my part.
> 
> CG-NAT isn't new, and if Netflix are still not able to consider it a
> "fixed issue", there is probably a reason why that is.
> 
> Ultimately, reaching out to them and asking their position on the matter
> seems like a path to an answer.
> 
> Mark.

I can’t speak for Netflix, but the reality is that there’s really no good
way to “fix” CGNAT other than migrating to IPv6 and eliminating it.

CGNAT by its nature combines multiple subscribers behind a single address.

When you make subscribers indistinguishable to the content provider, then
any subscriber in the group committing abuse is likely to get all the
subscribers in the group cut off. There’s no good way around that.

Expecting content providers to maintain some sort of record of every
eyeball provider’s CGNAT port mapping policy in order to do more granular
filtering simply does not scale.

So I don’t know how (or even if) Netflix will answer, but were I in their
shoes, I’d probably answer as follows:

	“IPv4 is a technology which has been extended well past its
	ability to provide a good user experience. CGNAT, while it
	allows providers to try and extend the lifetime of IPv4
	ultimately provides an increasingly degraded user experience.
	We fully support IPv6. Deploying IPv6 support is the best
	path to providing an improved user experience on Netflix
	vs. CGNAT and IPv4.”

Seriously, if you were Netflix, what would be the point of putting serious
investment into attempts to solve what will become an increasingly intractable
problem when you already have a clear solution that scales and requires
relatively easy and inherently necessary upgrades by the eyeball ISP that
you’ve already completed on your side?

Owen



More information about the NANOG mailing list