nanog mailing list archives

Re: Netflix VPN detection - actual engineer needed

From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Mon, 6 Jun 2016 12:59:37 -0700

None of this is a problem with actual network engineering, HE's tunnels
work fine. It goes in the category of political/economic/contractual , not
"this is a technical problem we need to solve".

The problem exists with business/contractual relationship Netflix has with
its content providers, which barring a miraculous data leak from a
disgruntled sysadmin at Netflix, will remain completely opaque to everyone
on the outside looking in.

Due to the large sums of money involved, my best guess is that the recent
crackdown on VPN and VPN-like tunnels is a result of major content
providers staff that have been provided with greatly increased visibility
into Netflix's internal processes for identifying and blocking VPNs.
Undoubtedly there are dozens of pages in the contracts defining metrics for
geolocation and acceptable vs unacceptable levels of "leakage" of content.

On Mon, Jun 6, 2016 at 12:39 PM, Christopher Morrow <morrowc.lists () gmail com

wrote:

On Mon, Jun 6, 2016 at 3:30 PM, Aled Morris <aledm () qix co uk> wrote:

Maybe HE's IPv6 tunnel packets could be flagged with a destination option
(extension header field) that records the end-user's IPv4 tunnel endpoint
so geolocation could be done in the "old fashioned" way on that address.

Similar to the way that edns-client-subnet records the end user's address
for geolocation purposes.

why is this any problem at all for HE to solve?
why is this any problem at all for NetFlix to solve?

HE just provides transport
Netflix is just complying (I suspect) with the wishes of the content
owners.

complain to your local content owner about this? show the content owners
that this sort of restriction in a global economy is
silly/counter-productive? explain that: "while I'm a Citizen of locale X, I
may often travel around to A, B, C and I'd like for my NetFlix to work in
all locations, since I pay good pesos for that access?"

Doing any sort of 'authentication' or 'authorization' on src-IP is just ..
broken.

I have to say though, how many Netflix customers are using HE IPv6

tunnels,

really?  zero percent (to two decimal places)?

Aled

Current thread:

Re: Netflix VPN detection - actual engineer needed, (continued)
- - - Re: Netflix VPN detection - actual engineer needed Mark Tinka (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Scott Morizot (Jun 06)
    - RE: Netflix VPN detection - actual engineer needed Matthew Huff (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Spencer Ryan (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed John Peach (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Mark Felder (Jun 06)
    - Message not available
    - Re: Netflix VPN detection - actual engineer needed Mark Felder (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Aled Morris (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Steven Noble (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Christopher Morrow (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Eric Kuhnke (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Mark Andrews (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Laszlo Hanyecz (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Eric Kuhnke (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Lyndon Nerenberg (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Valdis . Kletnieks (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Ricky Beam (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Nikolay Shopik (Jun 07)
    - Re: Netflix VPN detection - actual engineer needed Ricky Beam (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Tore Anderson (Jun 06)
    - Re: Netflix VPN detection - actual engineer needed Laszlo Hanyecz (Jun 06)

(Thread continues...)