nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netflix VPN detection - actual engineer needed

From: Valdis.Kletnieks () vt edu
Date: Mon, 06 Jun 2016 15:44:14 -0400
On Mon, 06 Jun 2016 20:30:02 +0100, Aled Morris said:

Maybe HE's IPv6 tunnel packets could be flagged with a destination option
(extension header field) that records the end-user's IPv4 tunnel endpoint
so geolocation could be done in the "old fashioned" way on that address.

Similar to the way that edns-client-subnet records the end user's address
for geolocation purposes.


First, you'd need buy-in from other tunnel providers.  Doing it one-off for HE
isn't a scalable answer.  And if Netflix can't be bothered to consult rwhois
for the ownership (which could be used for other use cases as well), they
certainly aren't going to do *new* code as a one-off.

Second, you'd need to make sure the extension header didn't get molested or
dropped by anything on its way to Netflix.  (edns-client-subnet leaves its
cookie crumbs a few levels higher in the stack, so is less likely to be mangled
by recalcitrant routers)

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: