[189769] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jun 6 15:44:19 2016
X-Original-To: nanog@nanog.org
To: Aled Morris <aledm@qix.co.uk>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <CAO1bj=aaDWcYVj23u3nt1_S_ftrMdkss9cwohxHsFrRBsUnGMA@mail.gmail.com>
Date: Mon, 06 Jun 2016 15:44:14 -0400
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1465242254_2013P
Content-Type: text/plain; charset=us-ascii
On Mon, 06 Jun 2016 20:30:02 +0100, Aled Morris said:
> Maybe HE's IPv6 tunnel packets could be flagged with a destination option
> (extension header field) that records the end-user's IPv4 tunnel endpoint
> so geolocation could be done in the "old fashioned" way on that address.
>
> Similar to the way that edns-client-subnet records the end user's address
> for geolocation purposes.
First, you'd need buy-in from other tunnel providers. Doing it one-off for HE
isn't a scalable answer. And if Netflix can't be bothered to consult rwhois
for the ownership (which could be used for other use cases as well), they
certainly aren't going to do *new* code as a one-off.
Second, you'd need to make sure the extension header didn't get molested or
dropped by anything on its way to Netflix. (edns-client-subnet leaves its
cookie crumbs a few levels higher in the stack, so is less likely to be mangled
by recalcitrant routers)
--==_Exmh_1465242254_2013P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBV1XSjgdmEQWDXROgAQIufA//aVkR0iW7adXC0zINW/kUGCfRDNqxsqzx
ZrifgXuGy6h73N2HZ44kBgoQdHV3FXlHuWUL88bx9zVwLqBuQZsJN5Vm2v36LgIM
YkTRa66HKpGBFo0yWjWupiGJ7YvCzTFReM+bLtncHMXJQ0upmQXCMVYe8J2ek8rH
FFZrPtRHbjKdEOvAIAU5yRrAJ7mwTpr0rzmKNiW9e3fdoE29S4RBb9J+Z6TrDEjV
w196eJ47Ptmxoh2jtQPWIUeqlf9y6y9kyGhXHLxvbjph8JBvbnQ4jpjE7C6zCcdS
z8/cKZd+oK4Vahb1hKBg82HuthpdrdHQFfmhP0ffDqfmCwlFzHuGh+mztkz51Ca1
Mioy8AC+I2DVznYLoRVIq0pLDDFpLYoxFbzDELWQhr7qzuFhs5P3sqZjJf04p/x2
QFkD/rOWPb9AnpkbxUAoheVV5MYw8bBAqEKQQppgf+zmVyZMdSCLIu87qMZaWZWq
kuzylcRFadDyLLb4ozqKfISFxpdmI1bslkq92eQMwpckO6ud9m27n6LNDEmYQR61
vUkn0kxHi+HIaGiWlQhC6Kcaf6CIVpr+ZQj30GGXiKZ7ACQ1Y+p4RgzjCx42raji
RcRuPY5ouVvT5NK31NFCDcSQpDQ47DYYKyNDV3olVmBBJTmiTNrztPEgoihw0X1A
sOMUQXMGFEQ=
=NOo/
-----END PGP SIGNATURE-----
--==_Exmh_1465242254_2013P--
