Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)
On 6/1/16 9:23 PM, Roland Dobbins wrote: On 2 Jun 2016, at 10:47, Paul Ferguson wrote: There is an epic lesson here. I'm just not sure what it is. :-) That Netflix offering free streaming to everyone over IPv6 (after fixing their VPN detection) would be the most effective way to convince end-users to demand IPv6 service from their ISPs? Something (somewhat) similar was tried in 2007. TTBOMK it never got fully implemented. "The Great IPv6 Experiment" https://www.nanog.org/mailinglist/mailarchives/old_archive/2007-09/msg8.html -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)
On 2016-06-01 11:41 PM, Matthew Kaufman wrote: > Turns out it has nothing to do with my IPv4 connectivity. Neither of > my ISPs has native IPv6 connectivity, so both require tunnels (one of > them to HE.net, one to the ISPs own tunnel broker), and both appear to > be detected as a non-permitted VPN. As an early IPv6 adopter, I've had > IPv6 on all my household devices for years now. > > So after having to temporarily turn off IPv6 at my desktop to fix > issues with pay.gov (FCC license payments), and issues with various > other things, and then remember to turn it back on again... I now have > the reason I've been waiting for to turn it off globally for the whole > house. Wish I read this thread earlier. Damn. I just went through the whole useless process myself with an ineffectual support rep… « > But if the system is telling you that error code, it is a setting on the local network, call your ISP, they can assist you on that issue. Oh right. RIGHT. I'm SURE they'll be able to help. » …and I came to the same conclusion and similar resolution (adding an outbound rule rejecting traffic to 2620:108:700f::/48, causing fallback to IPv4 worked for me). At least I got the support rep to SAY he opened a ticket. Wow! It's my chance to be the noisy minority! M. -- Michael Brown| The true sysadmin does not adjust his behaviour Systems Administrator| to fit the machine. He adjusts the machine mich...@supermathie.net | until it behaves properly. With a hammer, | if necessary. - Brian
Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)
On Wed, 01 Jun 2016 23:47:59 -0400, Paul Fergusonwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is an epic lesson here. I'm just not sure what it is. :-) - - ferg https://youtu.be/SlA9hmrC8DU?t=2m25s
Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)
On 2 Jun 2016, at 10:47, Paul Ferguson wrote: There is an epic lesson here. I'm just not sure what it is. :-) That Netflix offering free streaming to everyone over IPv6 (after fixing their VPN detection) would be the most effective way to convince end-users to demand IPv6 service from their ISPs? ;> --- Roland Dobbins
Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is an epic lesson here. I'm just not sure what it is. :-) - - ferg On 6/1/2016 8:41 PM, Matthew Kaufman wrote: > Turns out it has nothing to do with my IPv4 connectivity. Neither > of my ISPs has native IPv6 connectivity, so both require tunnels > (one of them to HE.net, one to the ISPs own tunnel broker), and > both appear to be detected as a non-permitted VPN. As an early IPv6 > adopter, I've had IPv6 on all my household devices for years now. > > So after having to temporarily turn off IPv6 at my desktop to fix > issues with pay.gov (FCC license payments), and issues with > various other things, and then remember to turn it back on again... > I now have the reason I've been waiting for to turn it off globally > for the whole house. > > Thanks Netflix for helping move us forward here. > > Matthew Kaufman > > ps. Would still be helpful if the support techs could tell from > the error codes that the denied VPN is an IPv6 tunnel > > -- Original Message -- From: "Matthew Kaufman" >To: "NANOG" Sent: 6/1/2016 > 8:27:00 PM Subject: Netflix VPN detection - actual engineer needed > >> Every device in my house is blocked from Netflix this evening due >> to their new "VPN blocker". My house is on my own IP space, and >> the outside of the NAT that the family devices are on is >> 198.202.199.254, announced by AS 11994. A simple ping from >> Netflix HQ in Los Gatos to my house should show that I'm no >> farther away than Santa Cruz, CA as microwaves fly. >> >> Unfortunately, when one calls Netflix support to talk about this, >> the only response is to say "call your ISP and have them turn off >> the VPN software they've added to your account". And they >> absolutely refuse to escalate. Even if you tell them that you are >> essentially your own ISP. >> >> So... where's the Netflix network engineer on the list who all of >> us can send these issues to directly? >> >> Matthew Kaufman > > - -- Paul Ferguson ICEBRG.io PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAldPrG8ACgkQKJasdVTchbJ8lQEAgJrSwiKkyUcvoIoVp5gIBmkV Dp1JqLdUtNphHTx4n2QA/jILspE24/BuY71211CSNqb3d5l9PH/udxyF2rN79ddL =DLns -END PGP SIGNATURE-
Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)
Turns out it has nothing to do with my IPv4 connectivity. Neither of my ISPs has native IPv6 connectivity, so both require tunnels (one of them to HE.net, one to the ISPs own tunnel broker), and both appear to be detected as a non-permitted VPN. As an early IPv6 adopter, I've had IPv6 on all my household devices for years now. So after having to temporarily turn off IPv6 at my desktop to fix issues with pay.gov (FCC license payments), and issues with various other things, and then remember to turn it back on again... I now have the reason I've been waiting for to turn it off globally for the whole house. Thanks Netflix for helping move us forward here. Matthew Kaufman ps. Would still be helpful if the support techs could tell from the error codes that the denied VPN is an IPv6 tunnel -- Original Message -- From: "Matthew Kaufman"To: "NANOG" Sent: 6/1/2016 8:27:00 PM Subject: Netflix VPN detection - actual engineer needed Every device in my house is blocked from Netflix this evening due to their new "VPN blocker". My house is on my own IP space, and the outside of the NAT that the family devices are on is 198.202.199.254, announced by AS 11994. A simple ping from Netflix HQ in Los Gatos to my house should show that I'm no farther away than Santa Cruz, CA as microwaves fly. Unfortunately, when one calls Netflix support to talk about this, the only response is to say "call your ISP and have them turn off the VPN software they've added to your account". And they absolutely refuse to escalate. Even if you tell them that you are essentially your own ISP. So... where's the Netflix network engineer on the list who all of us can send these issues to directly? Matthew Kaufman