In message <CAB69EHhOr7fUvEMT9GsNDNtb7n7d3YmSh4QG426a3yD7DK_bOA@mail.gmail.com> , Eric Kuhnke writes:
None of this is a problem with actual network engineering, HE's tunnels work fine. It goes in the category of political/economic/contractual , not "this is a technical problem we need to solve".
The problem exists with business/contractual relationship Netflix has with its content providers, which barring a miraculous data leak from a disgruntled sysadmin at Netflix, will remain completely opaque to everyone on the outside looking in.
Due to the large sums of money involved, my best guess is that the recent crackdown on VPN and VPN-like tunnels is a result of major content providers staff that have been provided with greatly increased visibility into Netflix's internal processes for identifying and blocking VPNs. Undoubtedly there are dozens of pages in the contracts defining metrics for geolocation and acceptable vs unacceptable levels of "leakage" of content.
And they could easily redirect HE IPv6 addresses to a IPv4 only service. This would satify both the content providers and the customers. It's not like there tunneled traffic is IPv6 only as there has to be a IPv4 endpoint for the tunnel. You can't argue that HE is too small to do this for as they are targeting HE tunnels. Mark
On Mon, Jun 6, 2016 at 12:39 PM, Christopher Morrow <morrowc.lists@gmail.co= m
wrote:
On Mon, Jun 6, 2016 at 3:30 PM, Aled Morris <aledm@qix.co.uk> wrote:
Maybe HE's IPv6 tunnel packets could be flagged with a destination opti= on (extension header field) that records the end-user's IPv4 tunnel endpoi= nt so geolocation could be done in the "old fashioned" way on that address= .
Similar to the way that edns-client-subnet records the end user's addre= ss for geolocation purposes.
=E2=80=8Bwhy is this any problem at all for HE to solve? why is this any problem at all for NetFlix to solve?
HE just provides transport Netflix is just complying (I suspect) with the wishes of the content owners.
complain to your local content owner about this? show the content owners that this sort of restriction in a global economy is silly/counter-productive? explain that: "while I'm a Citizen of locale X,= I may often travel around to A, B, C and I'd like for my NetFlix to work in all locations, since I pay good pesos for that access?"=E2=80=8B
=E2=80=8BDoing any sort of 'authentication' or 'authorization' on src-IP = is just .. broken.=E2=80=8B
I have to say though, how many Netflix customers are using HE IPv6 tunnels, really? zero percent (to two decimal places)?
Aled
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org