Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Netflix blocking  (Read 1971 times)

kc9jud

  • Newbie
  • *
  • Posts: 1
    • View Profile
Netflix blocking
« on: June 05, 2016, 09:44:32 PM »

Hello, I was sent here by Netflix "support" since they claim that there must be some problem with HE.net making me look like I'm coming through a proxy. I know this is absurd and that it's their blocking causing it, but can someone from HE back me up so I can go back and complain to them again? Has anything changed in the last week with Tunnelbroker which would have caused a problem with routing to Netflix?

see: https://forums.he.net/index.php?topic=3564.0 and https://forums.he.net/index.php?topic=3566.0
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 398
    • View Profile
Re: Netflix blocking
« Reply #1 on: June 05, 2016, 09:52:58 PM »

Nothing has changed on our side.  The tunnels work as they always have: RFC 6in4.  IP assignment information, including basic user geographical location (city, state, country), is updated periodically throughout the day on the public rWHOIS server, as it has been for many years, and as we're required to do by ARIN for end-user assignments.
Logged

troz

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Netflix blocking
« Reply #2 on: June 07, 2016, 05:56:54 PM »

Of course, you are using a proxy, of sorts. Netflix has no way to know where any tunnel actually goes. That's what they require to keep the content nazis happy. It doesn't matter where you live, only where you're watching.

HE only reports the (unverified) account holder address via whois. That's not necessarily where the tunnel goes. And those using the service to get around region locks can easily make up an address within the region they wish to appear.

It's unfortunate, but it's not a problem that can be easily solved. (read: not going to be solved) Either your IPv4 endpoint address would have to be published, or each tunnel would have to be permanently attached to an IPv4 address. The former would require a new API which would have to be queried on nearly every connection, given the speed with which a tunnel endpoint can be changed. The later means no more dynamic updates, when your address changes, a new tunnel must be created. (even that assumes IPv4 subnets don't get reassigned, which they do.)

Logged

truedesign

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Netflix blocking
« Reply #3 on: June 08, 2016, 09:36:46 PM »

One way they could fix it is have their client to retry over ipv4 if they see a connection from an ipv6 addr that they think is a tunnel, rather than just serving an error msg.

They could at least throw us a bone and stop publishing AAAA responses for DNS queries that come from the HE tunnel range...
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1667
    • View Profile
    • Another IPv6 Blog...
Re: Netflix blocking
« Reply #4 on: June 08, 2016, 09:42:15 PM »

small flaw in that idea...Who queries their auth NS directly for lookups from the tunnel? :)

They could at least throw us a bone and stop publishing AAAA responses for DNS queries that come from the HE tunnel range...
Logged

Tornevall

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Netflix blocking
« Reply #5 on: June 11, 2016, 12:34:24 AM »

One way they could fix it is have their client to retry over ipv4 if they see a connection from an ipv6 addr that they think is a tunnel, rather than just serving an error msg.

They could at least throw us a bone and stop publishing AAAA responses for DNS queries that come from the HE tunnel range...

When I got problems yesterday, I added an extra zone for netflix.com in my own master-DNS (yesterday). The zone added was of the type forward and all dns queries to it, goes to another DNS which filters out all AAAA-responses if the query comes from a ipv4-address. So, from yesterday I acatuallt managed to make Netflix work "as normal" again :)

Since this is a little bit of a special solution, I also wrote it down, just in case if this happens again (http://tornevalls.se/blog/2016/06/10/netflix-and-the-blocking-of-tunneled-ipv6-routes/) I refuse to shut down all my tunneling because of only one service ...
Logged

Napsterbater

  • Newbie
  • *
  • Posts: 23
    • View Profile
Re: Netflix blocking
« Reply #6 on: June 12, 2016, 10:51:16 AM »

small flaw in that idea...Who queries their auth NS directly for lookups from the tunnel? :)

They could at least throw us a bone and stop publishing AAAA responses for DNS queries that come from the HE tunnel range...

At least a few :-)... i get your [point though.
Logged

frinnst6

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Netflix blocking
« Reply #7 on: June 17, 2016, 03:40:50 PM »

I'd be very interested in knowing if HE has detected any changes in bandwidth usage since the netflix ban. Percentages welcomed!
Logged

snarked

  • Hero Member
  • *****
  • Posts: 684
    • View Profile
Re: Netflix blocking
« Reply #8 on: March 08, 2017, 01:50:50 PM »

It seems that YouTube is now blocking HE's IPv6 routes (or at least it was yesterday).  Turning off IPv6 on the device I tried to access YT with then permitted the connection.

I also note that my Yahoo webmail also fails over IPv6.  Do other organizations have something against HE and IPv6?
Logged

AquilaTech

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Netflix blocking
« Reply #9 on: April 11, 2017, 07:40:34 AM »

I just wanted to share my fix to this problem with Netflix.
I went to my Netflix account properties and clicked on CANCEL.

Problem solved.  I'll sleep better knowing my money is not going to the MPAA.

If more of us resisted this tyranny, then companies like Netflix would be forced to change.
Please consider it.
Logged