nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netflix VPN detection - actual engineer needed

From: Mansoor Nathani <mnathani.lists () gmail com>
Date: Fri, 3 Jun 2016 22:58:13 -0400
How is this better than getting native IPv6 from a provider? If they are
willing to run a BGP session with you (that too with a private ASN), surely
they can offer native IPv6 as well.

On Fri, Jun 3, 2016 at 10:19 PM, Cryptographrix <cryptographrix () gmail com>
wrote:


"A /48 is officially the smallest"...but apparently smaller gets
advertised all over, and I imagine esp for private ASNs...sooooo we buy a
/40 and 256 people here get /48s?

That would also be hilarious if Netflix blocking HE resulted in 256-some
people each getting a /48.



On Fri, Jun 3, 2016 at 10:11 PM Cryptographrix <cryptographrix () gmail com>
wrote:


Nope - You'd have the /56 and only people within your /56 (or /64 if you
sliced it up nicely) would be able to do things with it routed by your ISP.

Of course this means we'll have to get our ISPs to listen for our BGP
advertisement...


On Fri, Jun 3, 2016 at 10:09 PM Mansoor Nathani <mnathani.lists () gmail com>
wrote:


Wouldn't the /56 get blocked as soon as Netflix detects multiple
accounts logging in from the same IPv6 range?

On Fri, Jun 3, 2016 at 9:49 PM, Cryptographrix <cryptographrix () gmail com

wrote:



This is a good idea. We should do this.



On Fri, Jun 3, 2016 at 9:48 PM Raymond Beaudoin <
raymond.beaudoin () icarustech com> wrote:


Make it a /56 each and you've got a deal. Hell, I'll throw in a round

of

drinks.

On Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix <

cryptographrix () gmail com>

wrote:


We should crowdsource a /40 and split it up into /64's for each of

us.



On Fri, Jun 3, 2016 at 9:38 PM Matthew Kaufman <matthew () matthew at>
wrote:


If early adopter PI IPv6 was the same price as early adopter PI v4

space,

my wife would be totally on board with this solution.

Matthew Kaufman

(Sent from my iPhone)


On Jun 3, 2016, at 6:27 PM, Spencer Ryan <sryan () arbor net>

wrote:


Well if you have PI space just use HE's BGP tunnel offerings.


*Spencer Ryan* | Senior Systems Administrator | sryan () arbor net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com

On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
raymond.beaudoin () icarustech com> wrote:


As an alternative, there are multiple cloud service offerings

that

will

advertise your IPv6 allocations on your behalf direct to a

server in

their

data centers. It seems pretty tongue-in-cheek, and satisfying,

to

turn

up a *<insert
favorite virtual router instance> *and then route through it.

The

Internet

is such an amazing place.

On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <

cryptographrix () gmail com>

wrote:


Yeah I RAWRed to them pretty hard whilst being as

understanding to

the

CS

rep that it wasn't their fault.

They thought I was weird as anything.

If there are any Verizon FiOS network engineers on the thread,

a

fellow

Verizon employee would thank you kindly for an off-thread email

regarding

BGP advertisement (I'll buy the IPv6 block and the

drink-of-choice,

you

configure my account to listen for route advertisement).

Strange that it has to come to this to get "legit" IPv6

service.





On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
raymond.beaudoin () icarustech com> wrote:


I wasn't originally affected on my he.net tunnel, but this

evening it

started blocking. The recommended ACLs are a functional

temporary

workaround, but I've also opened a request with Netflix.

On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <

ganzer () spawar navy mil>

wrote:


So far I am not seeing a Netflix block on my he.net tunnel

yet. I

connect

to the Los Angeles node, so maybe not all of HE's address

space is

being

blocked.

Not going to be disabling IPv6 here either. + HAD native

IPv6 from

Time

Warner, but they decided to in their wisdom to disable IPv6

service

for

anyone that has an Arris SB6183 due to an Arris firmware

bug.  And

they

are

taking their sweet time pushing out the fixed firmware

update that

Comcast

and Cox seemed to be able to push to their customers last

fall.


-Mark Ganzer



On 6/3/2016 4:49 PM, Cryptographrix wrote:

Depends - how many US users have native IPv6 through their

ISPs?


If I remember correctly (I can't find the source at the

moment),

HE.net

represents something like 70% of IPv6 traffic in the US.

And yeah, not doing that - actually in the middle of an IPv6

project

at

work at the moment that's a bit important to me.




On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <

baldur.norddahl () gmail com

wrote:

Den 4. jun. 2016 01.26 skrev "Cryptographrix" <

cryptographrix () gmail com>:



The information I'm getting from Netflix support now is

explicitly

telling


me to turn off IPv6 - someone might want to stop them

before

they

completely kill US IPv6 adoption.

Not allowing he.net tunnels is not killing ipv6. You just

need

need

native
ipv6.

On the other hand it would be nice if Netflix would try the

other

protocol
before blocking.
Previous By Date Next
Previous By Thread Next

Current thread: