Today I discovered Netflix flagged my IPv6 IP block as "proxy/VPN" and I
can't use it if I don't disable the HE tunnel, which is the only way for
me to have IPv6 at the moment.
But the fun part has been Netflix tech support:
"Oh I see, yeah we have been receiving reports of some other members
with ipv6 having this issues, at the moment Netflix is not really
designed to work with ipv6 connections, in this case I can recommend you
two things, one is to turn off the ipv6 and the other one will be to
contact directly with Hurricane Electric, there are some customers that
were able to use Netflix with an ipv6 under some specific settings set
by Hurricane Electric."
I don't obviously expect HE to fix it, I don't pay for shit, it's a free
service, why should they?
But it's fun to know that " Netflix is not really designed to work with
ipv6 connections ".
Who did it say on this ML that the best way to solve these issues is
Netflix tech support?
Netflix tech support isn't useful for *anything* - even when asked about
this specific issue while I was going through my own diagnosis:
Me: are you blocking he dot net IPv6 tunnels?
Netflix Jerry: IPv6 tunnels as far as I know, no, we have no issues there.
You: can you please check?
Netflix Jerry: Gimme a sec.
You: so if I have a he dot net IPv6 tunnel that is marked as geolocated
in Canada, would you still flag that as a VPN/unblocker?
Netflix Jerry: OK, Im back...
Netflix Jerry: There is no issue with IPV6 as far as today.
You: so IPv6 access won't EVER trigger the unblocker/proxy detection?
Netflix Jerry: Not at the moment.
I am also in the same boat with a whole subnet affected even without a
tunnel, tried multiple netflix support channels starting in early march and
the ranges is still blocked 3 months later.
I was a big fan of the service and somewhat of an addict up till this but
I've really been shocked how this has been (mis)handled
apparently, all they see is 3 people complaining on this mailing list.. well, this makes it 4 with me (and I have a bunch of people in various countries complaining on facebook that they have been banned from using netflix because they use an HE tunnel.
their answer - TURN IPV6 OFF!!! you're a techie so if you know how to setup a tunnel, you must know how to redirect netflix to use IPv4 only... really?
the answer just pisses me off!
Netflix, YOU are the ones forcing people to turn IPv4 off... this is just insane. tens (if not hundred) of thousands of people chose to use HE tunnels because their ISP does not offer IPv6..
do you really expect all of them to turn it off? do you really want IPv6 usage in the world to go down by a few percent because you are unable to figure out how to serve content?
I know nobody at Netflix will even answer to the e-mails on this list.. but I hope that they will at least acknowledge the problem and figure an other way to block content by country.
ie: they could try to talk to HE to register each tunnel in a database that points to the country of the user..
it really feels alot like what net neutrality was supposed to avoid. making
a policy where there is different treatment of one set of bits over another
"your ipv6 bits are bad but if you turn it off the ipv4 bits are just fine"
someone mentioned the fact that netflix is not just a content company but
also acting as a network operator maybe the two should be separate
i also find it ironic that they arent big fans of ISPs who use NAT or CGN
and dont have 1 customer per IP yet their stifiling ipv6 and telling users
to turn it off. you really cant have it both ways and complain about NAT
and also say you recommend shutting off ipv6
hopefully they will realize imposing their own policy on how customers use
their networks and the internet this isnt worth losing customers over
it really feels alot like what net neutrality was supposed to avoid. making
a policy where there is different treatment of one set of bits over another
"your ipv6 bits are bad but if you turn it off the ipv4 bits are just fine"
someone mentioned the fact that netflix is not just a content company but
also acting as a network operator maybe the two should be separate
i also find it ironic that they arent big fans of ISPs who use NAT or CGN
and dont have 1 customer per IP yet their stifiling ipv6 and telling users
to turn it off. you really cant have it both ways and complain about NAT
and also say you recommend shutting off ipv6
hopefully they will realize imposing their own policy on how customers use
their networks and the internet this isnt worth losing customers over
chris
Again. An HE tunnel is not production ipv6. It is a toy.
Telling people to turn of HE tunnel is NOT the same as turning off
production ipv6.
I disagree. if they have no native v6 then theres no reason why they
shouldnt be able to use the v6 from HE and why should the internet treat
that users traffic any differently because its coming from HE or tunneled?
Theres also tons of folks affected who arent on HE, arent tunneling, etc.
Theres been many people affected who are being told something is wrong with
their network that works fine for anything other than netflix.
I disagree. if they have no native v6 then theres no reason why they
shouldnt be able to use the v6 from HE and why should the internet treat
that users traffic any differently because its coming from HE or tunneled?
This is not about ipv6, it is about an anonymous tunnel.
Theres also tons of folks affected who arent on HE, arent tunneling, etc.
Theres been many people affected who are being told something is wrong with
their network that works fine for anything other than netflix.
chris
Agreed. This is also not about ipv6. Doing geo-location based DRM is hard
and IMHO painful for all parties involved.
My point is IPv6 should not be the collateral damage or conflated in an
issue that has nothing to do ipv6. This is about an anonymous tunnel
service and strict DRM rules.
IPv6 works fine. Tunnels and VPN and Netflix do not work fine.
Netflix, YOU are the ones forcing people to turn IPv4 off... this is just insane. tens (if not hundred) of thousands of people chose to use HE tunnels because their ISP does not offer IPv6..
do you really expect all of them to turn it off? do you really want IPv6 usage in the world to go down by a few percent because you are unable to figure out how to serve content?
I disagree. if they have no native v6 then theres no reason why they
shouldnt be able to use the v6 from HE and why should the internet treat
that users traffic any differently because its coming from HE or tunneled?
This is not about ipv6, it is about an anonymous tunnel.
Contrary to your repeated assertions, HE tunnels are NOT anonymous.
HE operates a perfectly fine RWHOIS server that provides sufficient information
about each tunnel that it cannot be considered anonymous.
Theres also tons of folks affected who arent on HE, arent tunneling, etc.
Theres been many people affected who are being told something is wrong with
their network that works fine for anything other than netflix.
chris
Agreed. This is also not about ipv6. Doing geo-location based DRM is hard
and IMHO painful for all parties involved.
My point is IPv6 should not be the collateral damage or conflated in an
issue that has nothing to do ipv6. This is about an anonymous tunnel
service and strict DRM rules.
No, Cameron, this is about Netflix telling people to turn off IPv6.
Admittedly, the above issues are what is leading them to this point, but their
proposed solution “turn off IPv6” remains the core problem being raised here.
IPv6 works fine. Tunnels and VPN and Netflix do not work fine.
This is like saying “airplanes work fine, it’s just airlines that suck.”
While it’s technically true, airlines are the only experience of airplanes
that most people every get access to.
Once upon a time, Owen DeLong <owen@delong.com> said:
Contrary to your repeated assertions, HE tunnels are NOT anonymous.
HE operates a perfectly fine RWHOIS server that provides sufficient information
about each tunnel that it cannot be considered anonymous.
Unless that information is verified, it is effectively anonymous. I had
an HE tunnel years ago, and the only verified information was my email
address.
It identifys where you told it you are. It doesn't tell Netflix that your
v4 endpoint is in New Zeland and you are watching a bunch of content you
are not supposed to have access to.
Getting back on topic here, the biggest group to blame here is the content
producers and the MPAA who insist on only giving licenses out for content
on a regional/country basis, and I would bet the balance of my bank account
that they have forced netflix to block VPNs Tunnels and anything else by
force, in order to keep the licensed content they have.
Remember that the industry has been at war with Netflix from the beginning,
the cable companies (some are also content producers) hate netflix.
I am sure that netflix doesn't give a crap where you are located as long as
you pay the subscription, it is their licensing agreements for content that
has forced their hand and created this mess.
Shame on the content producers, and shame on the MPAA.
> it really feels alot like what net neutrality was supposed to avoid.
> making a policy where there is different treatment of one set of bits
> over another
>
> "your ipv6 bits are bad but if you turn it off the ipv4 bits are just fine"
>
> someone mentioned the fact that netflix is not just a content company
> but also acting as a network operator maybe the two should be separate
>
> i also find it ironic that they arent big fans of ISPs who use NAT or
> CGN and dont have 1 customer per IP yet their stifiling ipv6 and
> telling users to turn it off. you really cant have it both ways and
> complain about NAT and also say you recommend shutting off ipv6
>
> hopefully they will realize imposing their own policy on how customers
> use their networks and the internet this isnt worth losing customers
> over
>
> chris
>
>
Again. An HE tunnel is not production ipv6. It is a toy.
Well, "service that works" from an OTT provider vs. "useless crap that is unsupported" from the L2 provider would beg to differ about the definition of toy. While there has been substantial effort by the participants on this list to get IPv6 deployed across their national network, the local support team from my ISP continues to give me the "IPv6 is not supported" crap response when I complain that all I am getting for a business class connection is a /64, and I need a /48.
Telling people to turn of HE tunnel is NOT the same as turning off
production ipv6.
Rather than telling people to turn off IPv6, Netflix should have just redirected to an IPv4-only name and let that geo-loc deal with it. If the account was trying to use a vpn to bypass geo-loc, it would still fail, but those trying to bypass lethargic ISP deployment/support of IPv6 would not notice unless they looked. Given that they are likely watching the Netflix content at the time, they would be very unlikely to notice the packet headers so this would never have become an issue.
Fortunately in my case since I view Netflix through Chromecasts, I can turn off IPv6 on the media subnet and not impact the rest of my IPv6 use. I shouldn't have to do that, but the ability to isolate traffic is one reason people on this list need to get over the historic perception that a customer network is a single flat subnet. Allocating space on that assumption simply perpetuates the problems that come along with it. There is no technical reason to allocate anything longer than a /48, but for those that insist on doing so, please, please, please, don't go longer than a /56. Even a phone is a router that happens to have a voice app built in, so mobile providers need to stop the assumption that "it only needs a single subnet".
Tony, I agree 100% with you. Unfortunately I need ipv6 on my media subnet
because it's part of my lab. And now that my teenage daughter is
complaining about Netflix not working g on her Chromebook I'm starting to
think consumers should just start complaining to Netflix. Why should I have
to change my damn network to fix Netflix?
In her eyes it's "daddy fix Netflix" but the heck with that. The man hours
of the consumers who are affected to work around this issue is less than
the man hours it would take for Netflix to redirect you with a 301 to an
ipv4 only endpont.
If Netflix needs help with this point me in the right direction. I'll be
happy to fix it for them and send them a bill.
