Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

2016-06-12 Thread Jay Hennigan 

On 6/1/16 9:23 PM, Roland Dobbins wrote:

On 2 Jun 2016, at 10:47, Paul Ferguson wrote:


There is an epic lesson here. I'm just not sure what it is. :-)


That Netflix offering free streaming to everyone over IPv6 (after fixing
their VPN detection) would be the most effective way to convince
end-users to demand IPv6 service from their ISPs?


Something (somewhat) similar was tried in 2007. TTBOMK it never got 
fully implemented. "The Great IPv6 Experiment"


https://www.nanog.org/mailinglist/mailarchives/old_archive/2007-09/msg8.html

--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

2016-06-02 Thread Michael Brown 
On 2016-06-01 11:41 PM, Matthew Kaufman wrote:
>  Turns out it has nothing to do with my IPv4 connectivity. Neither of
> my ISPs has native IPv6 connectivity, so both require tunnels (one of
> them to HE.net, one to the ISPs own tunnel broker), and both appear to
> be detected as a non-permitted VPN. As an early IPv6 adopter, I've had
> IPv6 on all my household devices for years now.
>
>  So after having to temporarily turn off IPv6 at my desktop to fix
> issues with pay.gov (FCC license payments), and issues with various
> other things, and then remember to turn it back on again... I now have
> the reason I've been waiting for to turn it off globally for the whole
> house.
Wish I read this thread earlier. Damn. I just went through the whole
useless process myself with an ineffectual support rep…

«
> But if the system is telling you that error code, it is a setting on
the local network, call your ISP, they can assist you on that issue.

Oh right. RIGHT. I'm SURE they'll be able to help.
»

…and I came to the same conclusion and similar resolution (adding an
outbound rule rejecting traffic to 2620:108:700f::/48, causing fallback
to IPv4 worked for me).

At least I got the support rep to SAY he opened a ticket.

Wow! It's my chance to be the noisy minority!

M.

-- 
Michael Brown| The true sysadmin does not adjust his behaviour
Systems Administrator| to fit the machine.  He adjusts the machine
mich...@supermathie.net  | until it behaves properly.  With a hammer,
 | if necessary.  - Brian

Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

2016-06-02 Thread Ricky Beam 
On Wed, 01 Jun 2016 23:47:59 -0400, Paul Ferguson  
 wrote:



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

There is an epic lesson here. I'm just not sure what it is. :-)

- - ferg


https://youtu.be/SlA9hmrC8DU?t=2m25s

Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

2016-06-01 Thread Roland Dobbins 

On 2 Jun 2016, at 10:47, Paul Ferguson wrote:


There is an epic lesson here. I'm just not sure what it is. :-)


That Netflix offering free streaming to everyone over IPv6 (after fixing 
their VPN detection) would be the most effective way to convince 
end-users to demand IPv6 service from their ISPs?


;>

---
Roland Dobbins

Re: Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

2016-06-01 Thread Paul Ferguson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

There is an epic lesson here. I'm just not sure what it is. :-)

- - ferg


On 6/1/2016 8:41 PM, Matthew Kaufman wrote:

> Turns out it has nothing to do with my IPv4 connectivity. Neither
> of my ISPs has native IPv6 connectivity, so both require tunnels
> (one of them to HE.net, one to the ISPs own tunnel broker), and
> both appear to be detected as a non-permitted VPN. As an early IPv6
> adopter, I've had IPv6 on all my household devices for years now.
> 
> So after having to temporarily turn off IPv6 at my desktop to fix 
> issues with pay.gov (FCC license payments), and issues with
> various other things, and then remember to turn it back on again...
> I now have the reason I've been waiting for to turn it off globally
> for the whole house.
> 
> Thanks Netflix for helping move us forward here.
> 
> Matthew Kaufman
> 
> ps. Would still be helpful if the support techs could tell from
> the error codes that the denied VPN is an IPv6 tunnel
> 
> -- Original Message -- From: "Matthew Kaufman"
>  To: "NANOG"  Sent: 6/1/2016
> 8:27:00 PM Subject: Netflix VPN detection - actual engineer needed
> 
>> Every device in my house is blocked from Netflix this evening due
>> to their new "VPN blocker". My house is on my own IP space, and
>> the outside of the NAT that the family devices are on is
>> 198.202.199.254, announced by AS 11994. A simple ping from
>> Netflix HQ in Los Gatos to my house should show that I'm no
>> farther away than Santa Cruz, CA as microwaves fly.
>> 
>> Unfortunately, when one calls Netflix support to talk about this,
>> the only response is to say "call your ISP and have them turn off
>> the VPN software they've added to your account". And they
>> absolutely refuse to escalate. Even if you tell them that you are
>> essentially your own ISP.
>> 
>> So... where's the Netflix network engineer on the list who all of
>> us can send these issues to directly?
>> 
>> Matthew Kaufman
> 
> 


- -- 
Paul Ferguson
ICEBRG.io
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAldPrG8ACgkQKJasdVTchbJ8lQEAgJrSwiKkyUcvoIoVp5gIBmkV
Dp1JqLdUtNphHTx4n2QA/jILspE24/BuY71211CSNqb3d5l9PH/udxyF2rN79ddL
=DLns
-END PGP SIGNATURE-

Turning Off IPv6 for Good (was Re: Netflix VPN detection - actual engineer needed)

2016-06-01 Thread Matthew Kaufman 
 Turns out it has nothing to do with my IPv4 connectivity. Neither of my 
ISPs has native IPv6 connectivity, so both require tunnels (one of them 
to HE.net, one to the ISPs own tunnel broker), and both appear to be 
detected as a non-permitted VPN. As an early IPv6 adopter, I've had IPv6 
on all my household devices for years now.


 So after having to temporarily turn off IPv6 at my desktop to fix 
issues with pay.gov (FCC license payments), and issues with various 
other things, and then remember to turn it back on again... I now have 
the reason I've been waiting for to turn it off globally for the whole 
house.


 Thanks Netflix for helping move us forward here.

Matthew Kaufman

ps. Would still be helpful if the support techs could tell from the 
error codes that the denied VPN is an IPv6 tunnel


-- Original Message --
From: "Matthew Kaufman" 
To: "NANOG" 
Sent: 6/1/2016 8:27:00 PM
Subject: Netflix VPN detection - actual engineer needed

Every device in my house is blocked from Netflix this evening due to 
their new "VPN blocker". My house is on my own IP space, and the 
outside of the NAT that the family devices are on is 198.202.199.254, 
announced by AS 11994. A simple ping from Netflix HQ in Los Gatos to my 
house should show that I'm no farther away than Santa Cruz, CA as 
microwaves fly.


Unfortunately, when one calls Netflix support to talk about this, the 
only response is to say "call your ISP and have them turn off the VPN 
software they've added to your account". And they absolutely refuse to 
escalate. Even if you tell them that you are essentially your own ISP.


So... where's the Netflix network engineer on the list who all of us 
can send these issues to directly?


Matthew Kaufman