[189842] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (Tore Anderson)
Wed Jun 8 01:06:03 2016
X-Original-To: nanog@nanog.org
Date: Wed, 8 Jun 2016 07:05:25 +0200
From: Tore Anderson <tore@fud.no>
To: Davide Davini <diotonante@gmail.com>
In-Reply-To: <eb1b69b3-0e44-3a9b-a81f-04f8505b92b6@gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
* Davide Davini <diotonante@gmail.com>
> On 04/06/2016 20:46, Owen DeLong wrote:
> > Get your own /48 and advertise to HE Tunnel via BGP. Problem
> > solved.
>
> Even though that sounds like an awesome idea it does not seem trivial
> to me to obtain your own /48.
Which is a good thing, as every new PI /48 advertised to the DFZ will
bloat the routing tables of thousands upon thousands of routers world
wide. It might solve the Netflix problem, but what has actually
happened is that you've split the original problem into a thousand
small bits and thrown one piece into each of your neighbours' gardens.
I'd encourage everyone to try to fix their Netflix problem a more proper
way before deciding to litter everyone else's routing tables with
another PI prefix.
Blocking access to Netflix via the tunnel seems like an obvious
solution to me, for what it's worth.
I wonder if anyone has attempted to estimate approx. how much RIB/FIB
space a single DFZ route requires in total across the entire internet...
Tore
