[189873] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (joel jaeggli)
Wed Jun 8 13:27:19 2016
X-Original-To: nanog@nanog.org
To: Owen DeLong <owen@delong.com>, Ca By <cb.list6@gmail.com>
From: joel jaeggli <joelja@bogus.com>
Date: Wed, 8 Jun 2016 10:25:00 -0700
In-Reply-To: <649828D1-3D86-4852-9584-409D07260E65@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--75s7M9kPcmscCmnQIPtIl690AdH1a95bo
From: joel jaeggli <joelja@bogus.com>
To: Owen DeLong <owen@delong.com>, Ca By <cb.list6@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Message-ID: <452a456d-1a73-2b9c-5806-b43f57d9f39f@bogus.com>
Subject: Re: Netflix VPN detection - actual engineer needed
References: <em67bcc237-1f5b-4fcd-a4f6-20cd797206fc@matthew-t5500>
<CAB4k-o87YjBevHXD2Pq87o7Uj0vjEJ0Ri_=iEO9vp-QAnGgCNw@mail.gmail.com>
<CAA5Ek4dJXoK_bmVRntt6DCFSTcubesAdG2=rR3WaCWcE1d=BSw@mail.gmail.com>
<bd68ef08ef6445c9a67a980b49105457@pur-vm-exch13n2.ox.com>
<7f4454ef-51df-b97b-4315-e5efd27771fb@heliacal.net>
<20160603212808.61A794AC8EC8@rock.dv.isc.org>
<9578293AE169674F9A048B2BC9A081B401E661A0BD@MUNPRDMBXA1.medline.com>
<CAPPYGuzFkDvHp_ofk7jFtf-adp2j7x58bq0aPT8Loo4JBes5gA@mail.gmail.com>
<9578293AE169674F9A048B2BC9A081B401E661A134@MUNPRDMBXA1.medline.com>
<CAPPYGuzWZLwJmb5_qAZjBpF-4iQbTT5tzgF_5AaZ8YDdRisGCA@mail.gmail.com>
<CAPPYGuwwSEfv06etnzdSMHwC2KToudYyPqTT3zbdFjkXtF=vnw@mail.gmail.com>
<CAPkb-7BE5HoAUPWffmHWgpNj0MsTZj5DzffVbYVR_2LQpEekVQ@mail.gmail.com>
<CAPkb-7B--KqgZmis1DuuUtyBJJXmCxvXUG-UCnfE1cjNcxmpFA@mail.gmail.com>
<CAPkb-7BeOs=jrkyTJ8J5+FHtDFS4fzzPPJ-GFMGtCDrfQwJRXw@mail.gmail.com>
<CAOZq8-idmdXK11uNnxcDubgBrQ2jEopNy7xjFuo3BVcQ4qXdyA@mail.gmail.com> <CAOZq8!
-g_w1+y+K0eSrVtR+MyHP_JVFCvnpmeZFLMOYL6NEd=hg@mail.gmail.com>
<20160605233527.7A8574AD2CFC@rock.dv.isc.org>
<op.yinof8sotfhldh@rbeam.xactional.com>
<20160606234114.7A7904AE812D@rock.dv.isc.org>
<op.yin2b8x4tfhldh@rbeam.xactional.com>
<CAA5Ek4cGiDnbJ+mhJTcXH9wBsUgWMTU4dxX6QHZwotLwaiesPA@mail.gmail.com>
<CA+HzidTnQUBsVW1E9Ss5EJdkqRw3_NsDmCs8+A_6PZyMs67k-Q@mail.gmail.com>
<32FC6E7F-12E8-4B11-8416-C31FFEE340DA@feld.me>
<CAPPYGuzx-WEcJrrZa3AP=h_Qgb=WBm37WYM317vUAOGCCY_25g@mail.gmail.com>
<CAD6AjGRSKowBPtUB3L5igOLdeWjV7C6PPez6ijCn0oj2kUpKWA@mail.gmail.com>
<CAPPYGuwr9SNHiUni4_FVB6DAZH2E0AibptTuXgzX1eM_gaUJOQ@mail.gmail.com>
<CAD6AjGS8k-yRzdcqNhURah2EOhk7vwrzxK4JVuqyhJw7mUHoKQ@mail.gmail.com>
<649828D1-3D86-4852-9584-409D07260E65@delong.com>
In-Reply-To: <649828D1-3D86-4852-9584-409D07260E65@delong.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 6/8/16 9:13 AM, Owen DeLong wrote:
> As of last week, I still wasn=E2=80=99t getting an IPv6 address by defa=
ult on my iPhone 6S+
> on T-Mobile.
turn off mobile hotspot...
> Just saying.
>=20
> Owen
>=20
>> On Jun 7, 2016, at 11:00 AM, Ca By <cb.list6@gmail.com> wrote:
>>
>> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix@gmail.com> wr=
ote:
>>
>>> Very true - I was being a bit extremist out of frustration, but I thi=
nk
>>> you're spot on - he.net tunnels and even 6to4 are toys to provide IPv=
6
>>> support, not actually IPv6 support.
>>>
>>> And I'm quite frustrated because there's so little actual v6 support,=
and
>>> I *do* actually need it on a daily basis for work.
>>>
>>> Because there's no actual ISP IPv6 support anywhere else (in parts of=
the
>>> US that *have* multiple ISPs), you can't even make the case to your I=
SP
>>> that it's a legitimate requirement for you because they know you're n=
ot
>>> really going to get v6 elsewhere.
>>>
>>>
>> I think we have different definitions of "no actual isp ipv6 support"
>>
>> Again, a helpful akamai blog
>> https://blogs.akamai.com/2016/06/four-years-since-world-ipv6-launch-en=
tering-the-mainstream.html
>>
>> fixed line: Comcast, AT&T, TWC, just to name the largest in the nation=
have
>> meaningful deployments of ipv6. The only thing holding back greater
>> deployment for those networks are legacy CPE that will age out slowly.=
>>
>> All 4 of the national mobile operator have ipv6 default on for most
>> new phone models.
>>
>> Yes, many gaps to fill still. But, on "my network" with shy of 70 mill=
ion
>> users, everything has ipv6 except the iPhone, and that will change RSN=
=2E And
>> for users with v6, the majority of their traffic is ipv6 e2e since the=
>> whales (google, fb, netflix, increasingly Akamai) are dual stack.
>>
>> CB
>>
>>
>>>
>>>
>>> On Tue, Jun 7, 2016 at 10:22 AM Ca By <cb.list6@gmail.com
>>> <javascript:_e(%7B%7D,'cvml','cb.list6@gmail.com');>> wrote:
>>>
>>>>
>>>>
>>>> On Tuesday, June 7, 2016, Cryptographrix <cryptographrix@gmail.com
>>>> <javascript:_e(%7B%7D,'cvml','cryptographrix@gmail.com');>> wrote:
>>>>
>>>>> As I said to Netflix's tech support - if they advocate for people t=
o turn
>>>>> off IPv6 on their end, maybe Netflix should stop supporting it on t=
heir
>>>>> end.
>>>>>
>>>>> It's in the air whether it's just an HE tunnel issue or an IPv6 iss=
ue at
>>>>> the moment, and if their tech support is telling people to turn off=
IPv6,
>>>>> maybe they should just instead remove their AAAA records.
>>>>>
>>>>> (or fail back to ipv4 when v6 looks like a tunnel)
>>>>>
>>>>>
>>>> I think you need to reset your expectations of a free tunnel service=
=2E
>>>>
>>>> he.net tunnels are a toy for geeks looking to play with v6. In terms=
of
>>>> Netflix subcriber base, it is amazing insignificant number of users.=
>>>>
>>>> At the end of the day, anonymous tunnels, just like linux, are not
>>>> supported by Netflix. And, he.net tunnel users are hurting ipv6 over=
all
>>>> just like 6to4 by injecting FUD and other nonesense complexity.... F=
or a
>>>> toy.
>>>>
>>>> Move on to a real issue instead of beating this dead horse.
>>>>
>>>> CB
>>>>
>>>>
>>>>>
>>>>>
>>>>> On Tue, Jun 7, 2016 at 9:22 AM Mark Felder <feld@feld.me> wrote:
>>>>>
>>>>>>
>>>>>>> On Jun 6, 2016, at 22:25, Spencer Ryan <sryan@arbor.net> wrote:
>>>>>>>
>>>>>>> The tunnelbroker service acts exactly like a VPN. It allows you,
>>>>> from any
>>>>>>> arbitrary location in the world with an IPv4 address, to bring
>>>>> traffic
>>>>>> out
>>>>>>> via one of HE's 4 POP's, while completely masking your actual
>>>>> location.
>>>>>>>
>>>>>>
>>>>>> Perhaps Netflix should automatically block any connection that's n=
ot
>>>>> from
>>>>>> a known residential ISP or mobile ISP as anything else could be a
>>>>> server
>>>>>> someone is proxying through. It's very easy to get these subnets -=
- the
>>>>>> spam filtering folks have these subnets well documented. /s
>>>>>>
>>>>>> --
>>>>>> Mark Felder
>>>>>> feld@feld.me
>>>>>>
>>>>>>
>>>>>
>>>>
>=20
>=20
--75s7M9kPcmscCmnQIPtIl690AdH1a95bo
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAldYVO0ACgkQ8AA1q7Z/VrJpjgCeM45Z1nlwZ7Wrjw6n9TgoTQh0
84AAnRAQxKbU30kAIFICL6xZjaolujGL
=jahA
-----END PGP SIGNATURE-----
--75s7M9kPcmscCmnQIPtIl690AdH1a95bo--
