[189868] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Jun 8 12:15:38 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAD6AjGS8k-yRzdcqNhURah2EOhk7vwrzxK4JVuqyhJw7mUHoKQ@mail.gmail.com>
Date: Wed, 8 Jun 2016 12:13:28 -0400
To: Ca By <cb.list6@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
As of last week, I still wasn=E2=80=99t getting an IPv6 address by =
default on my iPhone 6S+
on T-Mobile.
Just saying.
Owen
> On Jun 7, 2016, at 11:00 AM, Ca By <cb.list6@gmail.com> wrote:
>=20
> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix@gmail.com> =
wrote:
>=20
>> Very true - I was being a bit extremist out of frustration, but I =
think
>> you're spot on - he.net tunnels and even 6to4 are toys to provide =
IPv6
>> support, not actually IPv6 support.
>>=20
>> And I'm quite frustrated because there's so little actual v6 support, =
and
>> I *do* actually need it on a daily basis for work.
>>=20
>> Because there's no actual ISP IPv6 support anywhere else (in parts of =
the
>> US that *have* multiple ISPs), you can't even make the case to your =
ISP
>> that it's a legitimate requirement for you because they know you're =
not
>> really going to get v6 elsewhere.
>>=20
>>=20
> I think we have different definitions of "no actual isp ipv6 support"
>=20
> Again, a helpful akamai blog
> =
https://blogs.akamai.com/2016/06/four-years-since-world-ipv6-launch-enteri=
ng-the-mainstream.html
>=20
> fixed line: Comcast, AT&T, TWC, just to name the largest in the nation =
have
> meaningful deployments of ipv6. The only thing holding back greater
> deployment for those networks are legacy CPE that will age out slowly.
>=20
> All 4 of the national mobile operator have ipv6 default on for most
> new phone models.
>=20
> Yes, many gaps to fill still. But, on "my network" with shy of 70 =
million
> users, everything has ipv6 except the iPhone, and that will change =
RSN. And
> for users with v6, the majority of their traffic is ipv6 e2e since the
> whales (google, fb, netflix, increasingly Akamai) are dual stack.
>=20
> CB
>=20
>=20
>>=20
>>=20
>> On Tue, Jun 7, 2016 at 10:22 AM Ca By <cb.list6@gmail.com
>> <javascript:_e(%7B%7D,'cvml','cb.list6@gmail.com');>> wrote:
>>=20
>>>=20
>>>=20
>>> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix@gmail.com
>>> <javascript:_e(%7B%7D,'cvml','cryptographrix@gmail.com');>> wrote:
>>>=20
>>>> As I said to Netflix's tech support - if they advocate for people =
to turn
>>>> off IPv6 on their end, maybe Netflix should stop supporting it on =
their
>>>> end.
>>>>=20
>>>> It's in the air whether it's just an HE tunnel issue or an IPv6 =
issue at
>>>> the moment, and if their tech support is telling people to turn off =
IPv6,
>>>> maybe they should just instead remove their AAAA records.
>>>>=20
>>>> (or fail back to ipv4 when v6 looks like a tunnel)
>>>>=20
>>>>=20
>>> I think you need to reset your expectations of a free tunnel =
service.
>>>=20
>>> he.net tunnels are a toy for geeks looking to play with v6. In terms =
of
>>> Netflix subcriber base, it is amazing insignificant number of users.
>>>=20
>>> At the end of the day, anonymous tunnels, just like linux, are not
>>> supported by Netflix. And, he.net tunnel users are hurting ipv6 =
overall
>>> just like 6to4 by injecting FUD and other nonesense complexity.... =
For a
>>> toy.
>>>=20
>>> Move on to a real issue instead of beating this dead horse.
>>>=20
>>> CB
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>> On Tue, Jun 7, 2016 at 9:22 AM Mark Felder <feld@feld.me> wrote:
>>>>=20
>>>>>=20
>>>>>> On Jun 6, 2016, at 22:25, Spencer Ryan <sryan@arbor.net> wrote:
>>>>>>=20
>>>>>> The tunnelbroker service acts exactly like a VPN. It allows you,
>>>> from any
>>>>>> arbitrary location in the world with an IPv4 address, to bring
>>>> traffic
>>>>> out
>>>>>> via one of HE's 4 POP's, while completely masking your actual
>>>> location.
>>>>>>=20
>>>>>=20
>>>>> Perhaps Netflix should automatically block any connection that's =
not
>>>> from
>>>>> a known residential ISP or mobile ISP as anything else could be a
>>>> server
>>>>> someone is proxying through. It's very easy to get these subnets =
-- the
>>>>> spam filtering folks have these subnets well documented. /s
>>>>>=20
>>>>> --
>>>>> Mark Felder
>>>>> feld@feld.me
>>>>>=20
>>>>>=20
>>>>=20
>>>=20
