nanog mailing list archives
Re: Netflix VPN detection - actual engineer needed
From: Damian Menscher <menscher () gmail com>
Date: Sun, 5 Jun 2016 15:48:52 -0700
On Sun, Jun 5, 2016 at 2:59 PM, Owen DeLong <owen () delong com> wrote:
On Jun 5, 2016, at 14:18 , Damian Menscher <menscher () gmail com> wrote: On Fri, Jun 3, 2016 at 4:43 PM, Baldur Norddahl <baldur.norddahl () gmail com> wrote:Den 4. jun. 2016 01.26 skrev "Cryptographrix" <cryptographrix () gmail com:The information I'm getting from Netflix support now is explicitlytellingme to turn off IPv6 - someone might want to stop them before they completely kill US IPv6 adoption.Not allowing he.net tunnels is not killing ipv6. You just need neednativeipv6.This entire thread confuses me. Are there normal home users who arebeingblocked from Netflix because their ISP forces them through a HE VPN? Oristhis massive thread just about a handful of geeks who think IPv6 is cool and insist they be allowed to use it despite not having it natively? I could certainly understand ISP concerns that they are receiving user complaints because they failed to provide native IPv6 (why not?), but whining that you've managed to create a non-standard network setupdoesn'twork with some providers seems a bit silly.What is non-standard about an HE tunnel? It conforms to the relevant RFCs and is a very common configuration widely deployed to many thousands of locations around the internet.
What *is* standard about them? My earliest training as a sysadmin taught me that any time you switch away from a default setting, you're venturing into the unknown. Your config is no longer well-tested; you may experience strange errors; nobody else will have seen the same bugs. That's exactly what's happening here -- people are setting up IPv6 tunnel broker connections, then complaining that there are unexpected side effects. It’s not that Netflix happens to not work with these tunnels, the problem is
that they are taking deliberate active steps to specifically block them.
[Citation needed] ;) You're taking this as an attack on Hurricane Electric, and by extension on IPv6. But the reality is that Netflix has presumably identified HE tunnel broker as a frequent source of VPN connections that violate their ToS, and they are blocking it as they would any other widescale abuse. The impact to their userbase is miniscule -- as noted above, normal users won't be affected, and those who are have the trivial workaround of disabling tunnelbroker for Netflix-bound connections. (I agree Netflix could helpfully 302 such users to ipv4.netflix.com instead, but it's already such a small problem I doubt that's a priority for them. And it probably wouldn't reduce the hype here anyway.) As a side note, this is a common meme: recently Tor claimed CloudFlare is anti-privacy for requiring captchas for their users. The reality is much more mundane -- service providers need to protect their own networks, and Tor traffic is (according to CloudFlare [ https://blog.cloudflare.com/the-trouble-with-tor/]) 94% abuse. I suggest you focus your efforts on bringing native IPv6 to the masses, not criticizing service providers for defending themselves against abuse, just because that abuse happens to be over a network (HE tunnel broker; Tor; etc) you support. Netflix isn't hurting IPv6 adoption in any real way, but the (incorrect!) claim that IPv6 doesn't work with Netflix will (if this thread is picked up by the press). Damian
Current thread:
- Re: Netflix VPN detection - actual engineer needed, (continued)
- Re: Netflix VPN detection - actual engineer needed Damian Menscher (Jun 05)
- Re: Netflix VPN detection - actual engineer needed jim deleskie (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Radu-Adrian Feurdean (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Matt Freitag (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Mark Tinka (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Mark Felder (Jun 06)
- Message not available
- Re: Netflix VPN detection - actual engineer needed Baldur Norddahl (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Mark Felder (Jun 07)
- Re: Netflix VPN detection - actual engineer needed Damian Menscher (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Christopher Morrow (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Livingood, Jason (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Chris Baker (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Laszlo Hanyecz (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Spencer Ryan (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Mark Andrews (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Damian Menscher (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Spencer Ryan (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Mark Andrews (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Laszlo Hanyecz (Jun 05)