netflix proxy/unblocker false detection

Mark Tinka mark.tinka at
Sat Jun 27 13:15:19 UTC 2020

On 26/Jun/20 15:48, Owen DeLong wrote:
> I can’t speak for Netflix, but the reality is that there’s really no good
> way to “fix” CGNAT other than migrating to IPv6 and eliminating it.
> CGNAT by its nature combines multiple subscribers behind a single address.
> When you make subscribers indistinguishable to the content provider, then
> any subscriber in the group committing abuse is likely to get all the
> subscribers in the group cut off. There’s no good way around that.
> Expecting content providers to maintain some sort of record of every
> eyeball provider’s CGNAT port mapping policy in order to do more granular
> filtering simply does not scale.
> So I don’t know how (or even if) Netflix will answer, but were I in their
> shoes, I’d probably answer as follows:
> 	“IPv4 is a technology which has been extended well past its
> 	ability to provide a good user experience. CGNAT, while it
> 	allows providers to try and extend the lifetime of IPv4
> 	ultimately provides an increasingly degraded user experience.
> 	We fully support IPv6. Deploying IPv6 support is the best
> 	path to providing an improved user experience on Netflix
> 	vs. CGNAT and IPv4.”
> Seriously, if you were Netflix, what would be the point of putting serious
> investment into attempts to solve what will become an increasingly intractable
> problem when you already have a clear solution that scales and requires
> relatively easy and inherently necessary upgrades by the eyeball ISP that
> you’ve already completed on your side?

That would be my reading of the situation, if I were Netflix.

While we don't know their true on-the-record position, for sure, I doubt
we'd be far-fetched in assuming this to be case.


More information about the NANOG mailing list