[189671] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (Cryptographrix)
Fri Jun 3 22:12:36 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CACumZjx-STm+-7cjamjbrM2o60dDimqmYP6FCi5aj8cgPM_Trw@mail.gmail.com>
From: Cryptographrix <cryptographrix@gmail.com>
Date: Sat, 04 Jun 2016 02:11:16 +0000
To: Mansoor Nathani <mnathani.lists@gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Nope - You'd have the /56 and only people within your /56 (or /64 if you
sliced it up nicely) would be able to do things with it routed by your ISP.
Of course this means we'll have to get our ISPs to listen for our BGP
advertisement...
On Fri, Jun 3, 2016 at 10:09 PM Mansoor Nathani <mnathani.lists@gmail.com>
wrote:
> Wouldn't the /56 get blocked as soon as Netflix detects multiple accounts
> logging in from the same IPv6 range?
>
> On Fri, Jun 3, 2016 at 9:49 PM, Cryptographrix <cryptographrix@gmail.com>
> wrote:
>
>> This is a good idea. We should do this.
>>
>>
>>
>> On Fri, Jun 3, 2016 at 9:48 PM Raymond Beaudoin <
>> raymond.beaudoin@icarustech.com> wrote:
>>
>> > Make it a /56 each and you've got a deal. Hell, I'll throw in a round of
>> > drinks.
>> >
>> > On Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix <
>> cryptographrix@gmail.com>
>> > wrote:
>> >
>> >> We should crowdsource a /40 and split it up into /64's for each of us.
>> >>
>> >>
>> >> On Fri, Jun 3, 2016 at 9:38 PM Matthew Kaufman <matthew@matthew.at>
>> >> wrote:
>> >>
>> >> > If early adopter PI IPv6 was the same price as early adopter PI v4
>> >> space,
>> >> > my wife would be totally on board with this solution.
>> >> >
>> >> > Matthew Kaufman
>> >> >
>> >> > (Sent from my iPhone)
>> >> >
>> >> > > On Jun 3, 2016, at 6:27 PM, Spencer Ryan <sryan@arbor.net> wrote:
>> >> > >
>> >> > > Well if you have PI space just use HE's BGP tunnel offerings.
>> >> > >
>> >> > >
>> >> > > *Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net
>> >> > > *Arbor Networks*
>> >> > > +1.734.794.5033 (d) | +1.734.846.2053 (m)
>> >> > > www.arbornetworks.com
>> >> > >
>> >> > > On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
>> >> > > raymond.beaudoin@icarustech.com> wrote:
>> >> > >
>> >> > >> As an alternative, there are multiple cloud service offerings that
>> >> will
>> >> > >> advertise your IPv6 allocations on your behalf direct to a server
>> in
>> >> > their
>> >> > >> data centers. It seems pretty tongue-in-cheek, and satisfying, to
>> >> turn
>> >> > >> up a *<insert
>> >> > >> favorite virtual router instance> *and then route through it. The
>> >> > Internet
>> >> > >> is such an amazing place.
>> >> > >>
>> >> > >> On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <
>> >> > cryptographrix@gmail.com>
>> >> > >> wrote:
>> >> > >>
>> >> > >>> Yeah I RAWRed to them pretty hard whilst being as understanding
>> to
>> >> the
>> >> > CS
>> >> > >>> rep that it wasn't their fault.
>> >> > >>>
>> >> > >>> They thought I was weird as anything.
>> >> > >>>
>> >> > >>> If there are any Verizon FiOS network engineers on the thread, a
>> >> fellow
>> >> > >>> Verizon employee would thank you kindly for an off-thread email
>> >> > regarding
>> >> > >>> BGP advertisement (I'll buy the IPv6 block and the
>> drink-of-choice,
>> >> you
>> >> > >>> configure my account to listen for route advertisement).
>> >> > >>>
>> >> > >>> Strange that it has to come to this to get "legit" IPv6 service.
>> >> > >>>
>> >> > >>>
>> >> > >>>
>> >> > >>>
>> >> > >>> On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
>> >> > >>> raymond.beaudoin@icarustech.com> wrote:
>> >> > >>>
>> >> > >>>> I wasn't originally affected on my he.net tunnel, but this
>> >> evening it
>> >> > >>>> started blocking. The recommended ACLs are a functional
>> temporary
>> >> > >>>> workaround, but I've also opened a request with Netflix.
>> >> > >>>>
>> >> > >>>> On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <
>> >> > ganzer@spawar.navy.mil>
>> >> > >>>> wrote:
>> >> > >>>>
>> >> > >>>>> So far I am not seeing a Netflix block on my he.net tunnel
>> yet. I
>> >> > >>>> connect
>> >> > >>>>> to the Los Angeles node, so maybe not all of HE's address
>> space is
>> >> > >> being
>> >> > >>>>> blocked.
>> >> > >>>>>
>> >> > >>>>> Not going to be disabling IPv6 here either. + HAD native IPv6
>> from
>> >> > >> Time
>> >> > >>>>> Warner, but they decided to in their wisdom to disable IPv6
>> >> service
>> >> > >> for
>> >> > >>>>> anyone that has an Arris SB6183 due to an Arris firmware bug.
>> And
>> >> > >> they
>> >> > >>>> are
>> >> > >>>>> taking their sweet time pushing out the fixed firmware update
>> that
>> >> > >>>> Comcast
>> >> > >>>>> and Cox seemed to be able to push to their customers last fall.
>> >> > >>>>>
>> >> > >>>>> -Mark Ganzer
>> >> > >>>>>
>> >> > >>>>>
>> >> > >>>>>> On 6/3/2016 4:49 PM, Cryptographrix wrote:
>> >> > >>>>>>
>> >> > >>>>>> Depends - how many US users have native IPv6 through their
>> ISPs?
>> >> > >>>>>>
>> >> > >>>>>> If I remember correctly (I can't find the source at the
>> moment),
>> >> > >> HE.net
>> >> > >>>>>> represents something like 70% of IPv6 traffic in the US.
>> >> > >>>>>>
>> >> > >>>>>> And yeah, not doing that - actually in the middle of an IPv6
>> >> project
>> >> > >> at
>> >> > >>>>>> work at the moment that's a bit important to me.
>> >> > >>>>>>
>> >> > >>>>>>
>> >> > >>>>>>
>> >> > >>>>>>
>> >> > >>>>>> On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <
>> >> > >>>> baldur.norddahl@gmail.com
>> >> > >>>>>> wrote:
>> >> > >>>>>>
>> >> > >>>>>> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <
>> >> > >>>> cryptographrix@gmail.com>:
>> >> > >>>>>>>
>> >> > >>>>>>>> The information I'm getting from Netflix support now is
>> >> explicitly
>> >> > >>>>>>> telling
>> >> > >>>>>>>
>> >> > >>>>>>>> me to turn off IPv6 - someone might want to stop them before
>> >> they
>> >> > >>>>>>>> completely kill US IPv6 adoption.
>> >> > >>>>>>> Not allowing he.net tunnels is not killing ipv6. You just
>> need
>> >> > need
>> >> > >>>>>>> native
>> >> > >>>>>>> ipv6.
>> >> > >>>>>>>
>> >> > >>>>>>> On the other hand it would be nice if Netflix would try the
>> >> other
>> >> > >>>>>>> protocol
>> >> > >>>>>>> before blocking.
>> >> > >>
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>
>
