In message <CA+HzidShNFqabKN9nnNBVzKakw-gMqY27UW5X6YSG4PDUZuzCQ@mail.gmail.com> , Spencer Ryan writes:
I'm unaware of any US based user who gets native dual stack from their ISP having issues. Netflix is blocking anonymous VPNs based on their content providers requests. HE'S tunnel broker is effectively that.
No. The addresses can be tied back to the individual that created the tunnel which is exactly like tying back the addresses to the person that ordered the cable or dsl service. The HE addresses are no more anonymous than that. The difference is that HE don't have large geo located pools of addresses covering lots of users. Instead each allocated prefix needs to be individually geopip located. My HE /48 is registered with at least one geoip service as they provided tools (a phone app) which allow me to update their database based on the GPS data. Additionally there is no requirement for any ISP to allocate addresses in geoip blocks. Mark
On Jun 5, 2016 7:34 PM, "Laszlo Hanyecz" <laszlo@heliacal.net> wrote:
On 2016-06-05 22:48, Damian Menscher wrote:
What *is* standard about them? My earliest training as a sysadmin taught me that any time you switch away from a default setting, you're venturing into the unknown. Your config is no longer well-tested; you may experience strange errors; nobody else will have seen the same bugs.
That's exactly what's happening here -- people are setting up IPv6 tunnel broker connections, then complaining that there are unexpected side effects.
Damian,
If we were talking about some device that is outputting incorrect packets and they are failing to work with Netflix I would agree with you, but in this case the packets are standard and everything works fine. Netflix went out of their way to try to find a way to make it not work. The users and geeks aren't just breaking stuff and expecting others to work around their broken setup, but this is actually what Netflix is doing. All Netflix can look at is the content of the packet and so they're using the source address to discriminate. It is true that some users might be able to work around it if they can get on an ISP that gives them an allowed address, but that isn't a good solution for an open internet.
There are a lot of non technical Netflix users who are being told to turn off IPv6, switch ISPs, get a new VPN, etc. because Netflix has a broken system. Those users don't care what IPv6 is, they just learn that it's bad because it breaks Netflix. Most users have no way to change these things and they just aren't going to be able to use Netflix anymore. That's a very selfish way to operate, a huge step backwards, and it's a kick in the balls to everyone who works to make technological progress on the internet. The simple truth is that Netflix is trying to figure out where people are located, but this is not possible to do reliably with current internet technology. Instead they did something that is unreliable, and many customers become collateral damage through no fault of their own. All the breakage is on the Netflix side.
-Laszlo
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org