Hey,
Per chance if someone @ Netflix could reach me off list? Seems that as of
this weekend there's a number of our clients (residential internet) who are
unable to utilize Netflix directly, instead being presented with a message
advising them they're using a VPN service... Have a feeling that our IP
blocks were lumped in with someone somehow...
Thanks!
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Hey,
Per chance if someone @ Netflix could reach me off list? Seems that as of
this weekend there's a number of our clients (residential internet) who are
unable to utilize Netflix directly, instead being presented with a message
advising them they're using a VPN service... Have a feeling that our IP
blocks were lumped in with someone somehow...Thanks!
We had a similar issue, though in that case we found:
1. The user had been sharing the account between 3 different households across (a) 2 different IP blocks within our network and (b) with a 3rd user on an entirely different ISP in the US (we're in Canada), with multiple devices in use by some locations.
2. The sites across which the same account was being shared had different connectivity options, with one of those having a decent chunk of MTU overhead on the connection (l2tp + pppoe etc.), perhaps raising some flags in Netflix's detection due to smaller MSS?
3. Using the same account on different IPs on the same provider also got blocked.
4. Using a different account on the *exact same IPs* did not have any streaming issues, suggesting Netflix was flagging the account rather than (just) the IPs.
Dunno if that helps, but it may be beneficial if Netflix can provide some guidance on the logic in the "this is behind a VPN/proxy" detection (though I am assuming they likely won't disclose that so as not to give away secrets to the other party in the arms race).
We have noticed the same issue in the last hours, a couple users complaining they were seeing the "You seem to be using an unblocker or proxy. Please turn off any of these services and try again." message. We have worked with Netflix's open connect support guys and found out essentially netflix is trying to determine if the account is reaching their systems from different region other than the contracted one or if from multiple regios at a short period of time, which one could not fly thousand miles in that time window. So how to explain the blocks? Different explanations on different users. One user had his wife sharing his Netflix account on her iPad while on a conference to Europe (same account, different countries). One other case was related to a user who was at tor, in fact he was an exit node for tor with his share / natted ip address and it looks like someone was else from another account used his ip address as an exit node or he used tor with his account. In the end it was the same case of being at two regions with the same account in a short time window. We also had good insights via telephone support by Netflix at 0800-096-6379 (europe).
Hmm, I seem to think this one might be quite common, so perhaps should be tied closer to the device vs account level.
- Jared
This is all going to get a whole lot more entertaining with the combination of MIP6 and IPv4 CGNAT.
Owen
especially if these types of situations are handled on par with the way
abuse and spam reports are handled
customer will report being blocked to netflix, netflix will tell end user
to contact isp, customer will call isp and level 1 call center rep will
say "we can ping your modem and your service is up we dont see a problem,
if you are having a issue with a specific service please contact your
service provider"
and the infinite loop begins, customer gets frustrated, everyone loses
welcome to hell 
Our (Netflix) call center has been trained on how to handle calls for false
positive issues with proxy/VPNs. If you don't achieve an acceptable result,
please feel free to reach out - but believe it or not, they are the best
ones to handle.
-Dave
Are you talking about the same people that respond with "What is an IP?"
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Having them visit the excellent test-IPv6.com is the best and easiest way to get that info.
Jared Mauch
IPv4 will become a progressively deeper version of hell until we finally turn it off.
Fortunately Netflix is running IPv6 for most things already. If you’re an ISP and you’re not
allowing them to reach Netflix via IPv6, then you’re part of the problem rather than the solution.
Owen
Sure. Easy to say when you have access to IPv6, and your transit providers
actually PROVIDE IPv6 services.
So sick and tired of this IPv6 preaching. There are HUGE obstacles in huge
parts of the world preventing the use of IPv6.
Simply throwing IPv6 as a solution to absolutely everything, is hardly an
solution at all I'm afraid.
Do all "smart" TVs and Game consoles fully support IPv6 out of the box?
Highly unlikely...
It is best start with any before moving to all.
The number is not non-zero, but it's not worth talking about based on
the small sample I did in 2015.
Particularly for TV's, software update support goes from trickles to
non-existent two years after initial model manufacture. This has been
the case with proprietary software. Not sure about more open systems
such as WebOS.
Mark.
It depends on whether the exact model is being sold after a couple of years, and not superseded by new models. This is the case in the wireless router world, where product churn leaves last year's model an orphan when it comes to updates.
Not so much in the OS world, only because the OS doesn't churn that quickly. But look at Windows and its history on support being withdrawn long before the product is useless (or the "new" product is worthless, causing people to hang back on upgrades).
I shudder to think what will happen when IoT ramps up significantly. Will the stories we hear today about thermostats failing after a botched upgrade continue, or will the vendors get their act together?
It depends on whether the exact model is being sold after a couple of
years, and not superseded by new models. This is the case in the
wireless router world, where product churn leaves last year's model an
orphan when it comes to updates.
Display manufacturers are pushing new products every year. A product you
buy today will be reasonably obsolete 24x months later (by obsolete I
mostly mean no more software updates for it).
The hope is that if display manufacturers move to more a "common" OS
platform, then feature support such as IPv6 and others could be
supported on "obsolete" models as long as newer releases of the OS still
support the hardware in the older displays (depending on the level of
independence between the OS and the hardware vendor, or the openness of
the hardware vendor to allow users do what they please with supported
OS's). For now, that looks like WebOS, Tizen, e.t.c.
Devices that last a little longer (such as game consoles) will receive
major updates in the first few years of sale. When the next gaming
console is released, the older ones will still be relevant, but then
updates will taper to useless things like "disabling of this with
Facebook" or "changed the default splash screen". Nothing to improve the
fundamental usability of the actual device such as IPv6.
Not so much in the OS world, only because the OS doesn't churn that
quickly. But look at Windows and its history on support being
withdrawn long before the product is useless (or the "new" product is
worthless, causing people to hang back on upgrades).
True, but with Windows, you don't have to change your computer in order
to support the newer features. You just have to upgrade to the newer
Windows release. My home PC which I bought in 2008 when Windows XP was
the thing is now running Windows 10, happily, with full IPv6 support.
You can't say the same for hardware made with proprietary OS's that will
not get future support because newer hardware is now shipping. Much like
the majority of TV's today, as well as the home CPE's you speak of.
Mark.
I'm curious how you conducted this sample. I happened to have set up a
number of Smart TVs at home and for extended family over the past couple of
years. They've all supported IPv6 out of the box. It's not a 'feature' any
of them listed on their feature list. It was just part of their networking.
My home is IPv6 enabled and my TVs are running it just fine.
My personal, purely anecdotal experience is limited to Sony, Samsung, and
LG smart TVs. But that's a much larger than simply 'non-zero' segment of
the smart TV market. And smart TVs as a category aren't all that old.
Which brands are the ones that aren't supporting IPv6?
Scott
If we are still talking about Netflix issues, eventually many of the issues
will sort themselves out. As more and more "smart" devices are IPv6
enabled, IPv4 only devices will become rarer and rarer. Thus the CGNAT
pools will be shared by less and less accounts.
Then again... we may run into the issue Apple ran into with the iPads. They
made iPads such that there was no good reason to upgrade. Now 5+ years
later, you have a lot of original iPads running around. Imagine the issues
if EoL'ed and EoS'ed those iPads.