I'm just not sure if this "too big to fail" is a realistic strategy beyond the "feels good" component. If you prohibit any way to identify and block specific resources within a network / website… Whether with the use of CDNs, and/or with Encrypted Client Hello or the earlier Encrypted SNI to hide the Server Name Indication, or with HTTPS for read-only content in general. How could you possibly then be surprised that they DO block the entire resource in question, when a legal requirement exists to censor some specific content within, which can no longer be identified properly because of CDN with HTTPS with ECH without the plain-text SNI? For anyone who's an investor in $NET, it might be interesting to know how exactly does Cloudflare justify using things like ECH and ESNI that prohibit providers from blocking just the specific sites, and thus causing the entire network to be blocked each incident. How is it NOT Cloudflare's fault that their entire network always gets blocked in these incidents?! I'd be interested to hear why the other customers accept these things, too. If they weren't doing ECH and weren't broadcasting football through HTTPS, there'd be no need to block their entire network in these actions. Yet they're pushing ECH and HTTPS everywhere. C. On Mon, 14 Apr 2025 at 15:31, nanog--- via NANOG <nanog@lists.nanog.org> wrote:
In this case the centralization normally serves to avoid blocking. You don't turn off the entire Internet to block one site, but Spain has decided to go nuclear and has decided that actually it's okay to block the entire internet to block one site.
When Italy did the same thing several months ago, they said it was by mistake and reversed it (and then to save face, said there had been no mistake and they had never blocked it at all).
On 14/04/25 18:00, Constantine A. Murenin via NANOG wrote:
Here's an idea, why don't we centralise the entire internet behind a single network to "solve" the issue of connectivity and availability? Oh, wait! Nevermind! /s
C.
On Mon, 14 Apr 2025 at 10:20, Raúl Martínez via NANOG <nanog@lists.nanog.org> wrote:
Hello, Nanog,
This is an ongoing issue that might affect your spanish users if you use services like Cloudflare, Vercel, BunnyCDN or GitHub pages.
A couple of weeks ago, the most important ISPs in Spain started intercepting or nullrouting IP addresses from this CDN providers.
The reason is that a couple of local court orders allowed LA LIGA (sports association responsible for administering the two professional football leagues in Spain) to provide ISPs with a list of IP addresses that host soccer piracy sites to be taken down in a short period of time, even when the football match is taken place.
The issue is that most of this piracy sites use Cloudflare and others to protect themselves, so ISPs are nullrouting or intercepting IP ranges that serve thousands of websites, including all Cloudflare Free customers (but not limited to). For example, they blocked one IP address that served ChatGPT.
These blockages are applied when the soccer matches are played and they are turned off hours later.
Cloudflare has already taken legal action against this, but the issue is still ongoing.
You can find more information about this issue on TorrentFreak (LaLiga Blocks Cloudflare Again, New Pirate IPTV Providers & Anything in The Way), BandaanchaEU (bandaancha bloqueos del fútbol).
*Regards,* *Raúl Martínez* _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/PCJ6SCDU...
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/TPJCY6RF...
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5PYKDCH6...