Re: Netflix VPN detection - actual engineer needed

I don't blame them for blocking a (effectively) anonymous tunnel broker. I'm sure their content providers are forcing their hand. On Jun 3, 2016 3:46 PM, "Cryptographrix" wrote: > Netflix needs to figure out a fix for this until ISPs actually provide IPv6 > natively. >

Re: Netflix VPN detection - actual engineer needed

There is no way for Netflix to know the difference between you being in NY and using the tunnel, and you living in Hong Kong and using the tunnel. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com

Re: Netflix VPN detection - actual engineer needed

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Cryptographrix > > Sent: Friday, June 03, 2016 3:18 PM > > To: Robert Jacobs; Spencer Ryan > > Cc: North American Network Operators' Group > > Subject: Re: Netflix VPN detection - actual engineer needed > > >

Re: Netflix VPN detection - actual engineer needed

y, where I live, Comcast Business has native dual stack... > > On Fri, Jun 3, 2016 at 1:05 PM, Spencer Ryan <sr...@arbor.net> wrote: > >> There is no way for Netflix to know the difference between you being in >> NY and using the tunnel, and you living in Hong Kon

Re: Netflix VPN detection - actual engineer needed

There is a large difference between "the VPN run at your house" and "Arguably the most popular, free, mostly anonymous tunnel broker service" If it were up to the content providers, they probably would block any IP they saw a VPN server listening on. *Spencer Ry

Re: Netflix VPN detection - actual engineer needed

> Do they honestly believe that they can prevent some guy in Pakistan from seeing a movie they want? The content providers do. And given the choice between "Try and stop vpn users" and "We are pulling all our content" I know which most people would rather. *Spencer

Re: Netflix banning HE tunnels

It identifys where you told it you are. It doesn't tell Netflix that your v4 endpoint is in New Zeland and you are watching a bunch of content you are not supposed to have access to. Is this really that hard to understand? *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor

Re: Netflix VPN detection - actual engineer needed

The tunnelbroker service acts exactly like a VPN. It allows you, from any arbitrary location in the world with an IPv4 address, to bring traffic out via one of HE's 4 POP's, while completely masking your actual location. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor

Re: Netflix banning HE tunnels

We don't know, and will never know if the content providers went to Netflix and said "You need to ban based on IP range" speculation at this point isn't useful. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.8

Re: Netflix banning HE tunnels

The center of the US is maxmind's unknown location. Fill out the form and they'll correct it. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Wed, Jun 8, 2016 at 6:09 PM, Ricky Beam <

Re: Netflix VPN detection - actual engineer needed

ent Providers: I don't care, do it or we pull our content. Someone here from BBC effectively said the exact same thing. Netflix has no where near enough original content to have their providers all pull out. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033

Re: Netflix VPN detection - actual engineer needed

effective anonymous VPN service from Netflix's perspective. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Mon, Jun 6, 2016 at 10:59 AM, Matthew Huff <mh...@ox.com> wrote: > Netflix I

Re: Netflix VPN detection - actual engineer needed

Well if you have PI space just use HE's BGP tunnel offerings. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin < raymond.beaud...@icarustech.

Re: Netflix VPN detection - actual engineer needed

n Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix < > >>> cryptograph...@gmail.com> > >>> > wrote: > >>> > > >>> >> We should crowdsource a /40 and split it up into /64's for each of > us. > >>> >> > >>&g

Re: Netflix VPN detection - actual engineer needed

Comcast is near 100% on their DOCSIS network (Busniess and residential). That should be the largest single ISP for IPv6 for end users in the USA. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com

Re: Netflix VPN detection - actual engineer needed

Yes but HE doesn't serve residential users directly. To a normal person HE is no different than NTT/GTT/Verizon/Sprint/Any other transit carrier. They may move the most v6 traffic, but Comcast is the largest ISP actually getting v6 to end users. *Spencer Ryan* | Senior Systems Administrator | sr

Re: LLDP via SNMP

We use Observium for most of our SNMP monitoring, and it correctly pulls LLDP and CDP data from all of our Cisco and Arista gear. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Thu, May 26, 2016

Comcast (DOCSIS) issues in Boston?

itself can ping it's default gateway but can't get anywhere else. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com

Re: Netflix VPN detection - actual engineer needed

oid renumbering down the road. This used the BGP Tunnelbroker service though and we announced our own /44 le 48 blocks. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Sun, Jun 5, 2016 at 7:45 PM, Dam

Re: Netflix VPN detection - actual engineer needed

I'm unaware of any US based user who gets native dual stack from their ISP having issues. Netflix is blocking anonymous VPNs based on their content providers requests. HE'S tunnel broker is effectively that. On Jun 5, 2016 7:34 PM, "Laszlo Hanyecz" wrote: > > > On 2016-06-05

Re: Tracking traffic usage at router or switch port?

) the same logic applies, just monitor the bandwidth where you would normally do the policing. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Wed, Jun 1, 2016 at 1:58 PM, Jason Lee <jaso

Re: Perspectives about customer M/A/C in triple play environments

QoS but this allows you to plug a UVerse box in anywhere Ethernet works, along with MoCA. This is simple, and kind of just works. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Mon, May 16, 2016

Re: B5-Lite

I didn't think the AF5 was much cheaper than an AF24 and I'd much rather be up in the 24GHz band and out of any contention in 5GHz. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Sat, May 14

Re: Patch panel solutions for 4x10GE breakout

We generally run a MTP/MPO12 cable to a breakout cassette a few racks down, and that's where we split out all of the LC pairs. It keeps the mess away from the routers/traffic generators. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d

Re: NIST NTP servers

I would second the idea of using your own GPS appliance if possible. On May 9, 2016 11:08 PM, "Mel Beckman" wrote: > NTP has vulnerabilities that make it generally unsuitable for provider > networks. I strongly recommend getting a GPS-based time server. These are > as cheap as

Re: Network traffic simulator

We are heavily invested in Ixia, they are very expensive, but if you need the kind of precision they provide they work very well. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Tue, May 24, 2016

Re: Network traffic simulator

Yeah. We run all of our IXIA gear 24/7 in automated feature/regression testing. We are looking into high density layer 1 packet switches so we can automate physical topology changes as well. On May 25, 2016 3:14 AM, "Saku Ytti" wrote: Ugh. In all cases below, where it says Agilent

Re: IPv6 deployment excuses

Or how about we just avoid anything that uses the terms like "Mappings" and "NAT" and speed the adoption of IPv6 everywhere which already solves all of these problems. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d)

Re: NAT firewall for IPv6?

Palo Alto, either hire another consultant or just erase it and start over. Although even PA's Layer7 inspection won't catch everything and you should have antivirus/antimailware software on the end user computers. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.7

Re: www.RT.com bad dns record

Dotted-quad notation is completely valid, and works fine. https://en.wikipedia.org/wiki/IPv6_address#Presentation http://[:::37.48.108.112] loads fine in my browsers. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m

Re: NAT firewall for IPv6?

The Palo-Alto's also don't support anything but NAT64, so depending on what you meant by the IPv6 side is sharing "one address" might not be correct. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arborne

Re: Gmail down

We've seen issues in the past where our upstream ISP had to de-peer with Google in the Detroit IX as the Google side seemed to be eating traffic, sending everything via L3/Chicago usually fixed it. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033

Re: NAT firewall for IPv6?

NAT64 is the only type of IPv6 NAT they support. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Tue, Jul 5, 2016 at 12:18 PM, <valdis.kletni...@vt.edu> wrote: > On Tue, 05 Jul 2016

Re: automated site to site vpn recommendations

access points all around the world. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Wed, Jun 29, 2016 at 6:33 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: > My biggest issue wi

RE: IPv6 deployment excuses

Windows 8 and 10 with the most recent service packs default the firewall to on with very few inbound exemptions. On Jul 2, 2016 11:38 AM, "Keith Medcalf" wrote: > > > There is no difference between IPv4 and IPv6 when it comes to > > firewalls and reachability. It is worth