[189867] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Jun 8 12:12:35 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAD6AjGRSKowBPtUB3L5igOLdeWjV7C6PPez6ijCn0oj2kUpKWA@mail.gmail.com>
Date: Wed, 8 Jun 2016 12:12:23 -0400
To: Ca By <cb.list6@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Jun 7, 2016, at 10:22 AM, Ca By <cb.list6@gmail.com> wrote:
>=20
> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix@gmail.com> =
wrote:
>=20
>> As I said to Netflix's tech support - if they advocate for people to =
turn
>> off IPv6 on their end, maybe Netflix should stop supporting it on =
their
>> end.
>>=20
>> It's in the air whether it's just an HE tunnel issue or an IPv6 issue =
at
>> the moment, and if their tech support is telling people to turn off =
IPv6,
>> maybe they should just instead remove their AAAA records.
>>=20
>> (or fail back to ipv4 when v6 looks like a tunnel)
>>=20
>>=20
> I think you need to reset your expectations of a free tunnel service.
>=20
> he.net tunnels are a toy for geeks looking to play with v6. In terms =
of
> Netflix subcriber base, it is amazing insignificant number of users.
If it=E2=80=99s so insignificant, why did Netflix go to the effort to =
implement blocking
based on address ranges associated with those tunnels?
> At the end of the day, anonymous tunnels, just like linux, are not
> supported by Netflix. And, he.net tunnel users are hurting ipv6 =
overall
> just like 6to4 by injecting FUD and other nonesense complexity.... For =
a
> toy.
I disagree.
Calling he.net tunnels a toy is absurd.
It=E2=80=99s a link, just like any other link, over which IPv6 can be =
transmitted.
You can argue that it=E2=80=99s a lower quality link than some =
alternatives, but I have
to tell you I=E2=80=99ve gotten much more reliable service at higher =
bandwidth from
that link than from my T-Mobile LTE service, so I=E2=80=99d argue that =
it is a higher
quality service than T-Mobile.
It=E2=80=99s not the only link I have for my IPv6 packets, in fact, it =
is one of three links
over which my IPv6 packets are able to travel.
> Move on to a real issue instead of beating this dead horse.
So we should start beating on unreliable LTE services instead? ;-)
Owen
>=20
> CB
>=20
>=20
>>=20
>>=20
>> On Tue, Jun 7, 2016 at 9:22 AM Mark Felder <feld@feld.me =
<javascript:;>>
>> wrote:
>>=20
>>>=20
>>>> On Jun 6, 2016, at 22:25, Spencer Ryan <sryan@arbor.net =
<javascript:;>>
>> wrote:
>>>>=20
>>>> The tunnelbroker service acts exactly like a VPN. It allows you, =
from
>> any
>>>> arbitrary location in the world with an IPv4 address, to bring =
traffic
>>> out
>>>> via one of HE's 4 POP's, while completely masking your actual =
location.
>>>>=20
>>>=20
>>> Perhaps Netflix should automatically block any connection that's not =
from
>>> a known residential ISP or mobile ISP as anything else could be a =
server
>>> someone is proxying through. It's very easy to get these subnets -- =
the
>>> spam filtering folks have these subnets well documented. /s
>>>=20
>>> --
>>> Mark Felder
>>> feld@feld.me <javascript:;>
>>>=20
>>>=20
>>=20
