Netflix Blocks Many IPv6 Users Over Geolocation Difficulty 229
An anonymous reader writes: In another example of content owners putting the screws to Netflix and consumers, network operators are reporting that the popular streaming service has begun blocking many customers on IPv6 connections. Many users of Hurricane Electric's IPv4-to-IPv6 service have been blocked entirely, while users on ISPs that provide native IPv6 are also facing difficulty connecting and watching shows. Netflix customer service has been advising users that the only workaround is to completely disable IPv6 on their computers. The ban on IPv6 appears to be the latest round of a wider crackdown against users whose IP address can't be sufficiently geolocated. While the rest of the internet moves forward with implementing IPv6, content owners are forcing Netflix to move backwards.
uh, what? (Score:5, Informative)
I thought the world was running out of IPv4 and the internet was in dire straits. We must all move to the IPv6 lifeboats or drown in the sea of no-internet.
Hopefully this is a temporary problem/solution because Netflix is effectively shutting off Potential New Customers. "Thanks for joining the modern internet - sorry we can't service you today"
geolocating IPv6 --- hmmm.... an interesting problem. I guess it was easier when you only had to map 4 billion entries and the address scheme followed a pattern.
Re:uh, what? (Score:5, Informative)
It's actually easier with v6, because each isp will generally only have one very large block instead of hundreds of small ones, then you can correlate the blocks to the regions that isp serves - not many isps serve multiple countries.
Re:uh, what? (Score:5, Informative)
One of the points with IPv6 was to reduce the size of BGP tables that contain that routing data. As you say IPv6 should be significantly easier to geolocate than IPv4, well except for those services like Hurricane Electric which is not at all unlike a VPN. IPv4 has been cut up to single IP's in some cases. The routing and Geolocate data is massive.
Re: (Score:2)
IPv6 does things like renumbering support and mobile ip stuff, which makes locating harder. Of course, your standard connection does nothing of this.
Re:uh, what? (Score:5, Insightful)
You are correct on both parts. IPv6 makes it easier to geolocate fixed nodes. It is easier to geolocate fixed nodes because of what you stated. A single block can cover every single customer an ISP has and could ever have until the end of time. Mobile nodes not so much, but let's not muddy the waters here. The studios are the ones that brought this to Netflix and more than likely they'll bring it to everyone else in good time. The problem with being first and Netflix is they're the ones stuck trying to build the database and developing relationships with folks like Comcast, who would love for you to roll over and die any day now, to keep that database up-to-date enough to please the content gods.
It's a super shitty situation that Netflix is being placed in and Netflix is deploying a really brain dead way of trying to weasel out of this rock and hard place. Geez, I hate the way all this crap goes down because they all are acting like stupid five year olds.
Re: (Score:2, Troll)
We Need MORE TAXES to solve this problem. More government rules. We need Bernie! Content to the PEOPLE!
Re: (Score:2)
Hopefully this is a temporary problem/solution because Netflix is effectively shutting off Potential New Customers. "Thanks for joining the modern internet - sorry we can't service you today"
This isn't really Netflix's rule, rather it comes down from the content producers selling their videos to Netflix. So long as they feel the need to geo-locator, Netflix will as well.
Re:uh, what? (Score:5, Insightful)
In the short term, end users are still going to have ipv4 addresses. The immediate problem with having run out is for new servers, or new ISPs.
The real problem here is that netflix should be handling it at their end; stop returning ipv6 DNS responses and peoples computers won't try to connect with ipv6. Making customers turn off ipv6 on their computers will result in those users being unable to connect to some new services. Plus, many don't know how. The ad-hoc system of allowing some ipv6 blocks but not others is going to hurt them unless it only affects a small number of people.
Re: (Score:2)
I can see why a HE 6to4 tunnel could fuck up Netflix... When you set up a tunnel at tunnelbroker.net, you're given a choice of a large number of endpoints for your tunnel, some in the USA but *many* elsewhere throughout HE's network footprint. I'm gonna go out on a limb and speculate that the problems noted only occur if your tunnel endpoint is *somewhere* besides the US. I use an HE tunnelbroker tunnel whose endpoint is in LA, so *if* I was still subscribing to Netflix, I'd not be expecting any issues. Dum
Re: (Score:2)
As usual, we have bought some time by using NAT. Now many(if not all) cell phones get their internet through NAT.
Re: (Score:2, Insightful)
geolocating IPv6 --- hmmm.... an interesting problem.
It ought to be a non-problem: Do away with the licensing bullshit that requires it. The whole thing was and is less than effective [slashdot.org] anyway.
Re: (Score:3)
No. There are 2^64 /64 blocks. There are only 2^32 IPv4 addresses. You're off by a factor of four billion.
Re: (Score:2)
IPv6 has 10^^28 more (multiply) addresses than IPv4
IPv4 * 10^28 = IPv6 addresses.
Re: (Score:2)
He wasn't comparing addresses to addresses. He was comparing IPv6 /64 blocks to IPv4 addresses, and saying that was the same number.
The easier workaround (Score:5, Insightful)
is to discontinue subscribing to Netflix. ( Unlike Cable or Satellite, discontinuing / restarting service is dead simple. )
Enough folks follow this method and Netflix will set a world record in getting this issue resolved.
Re: (Score:3)
You think Netflix wants to lose time and money doing that kind of shit? They know it's pointless, they know it's a game of whack-a-mole and they know they'll lose subscribers over this.
You know who's pushing for that shit? Hollywood/MPAA/etc. They don't care if it hurts Netflix.
Wait, I take that back. They hope it hurts Netflix so they can push people to use their own services, even if they don't have any.
Re:The easier workaround (Score:5, Informative)
easiest workaround piratebay.org
Re:The easier workaround (Score:4, Insightful)
Agreed. Netflix is treated as an enemy by Hollywood and the cable industry. They don't even want their own services they just want people to stop cutting the cord, keep going to the movie theaters, stop watching movies at a time and place of your own choosing, and so forth.
Re: (Score:2)
Netflix is probably neutral here. The content providers are the ones that are paranoid that only allowed content is showed in the proper regions. If Netflix let anyone watch anything then they'd start losing their access to the content.
Re: (Score:2)
Tell me, where did you learn how to reason?
Cable newsvertainment.
Re: (Score:2)
Oh no, big group of companies threatens another big company! ...
How is this MY problem?
Re: (Score:2)
Its not. However, there are lots of people who are "stakeholders" who think that they should be insulated from such battles and who want the government involved and make illformed policy rules and regulations, rather than wait patiently for the marketplace to sort things out for maximized resource usage.
Another option is for all the stakeholders to complain to "content creators" and "netflix" via social media hoping to change the economic interest of those companies with whining.
Lastly, the best option woul
Re: (Score:2)
Sorry, money talks.
The reason why we have geoblocking is easy - money. People pay for exclusive distribution rights. They'd pay a LOT LESS if they didn't have exclusivity. You know, geographic monopoly and all.
So if you want Netflix to have worldwide rights, they can get them, just they'll basically have to pay at least what the di
Re: (Score:2)
Netflix has zero choice in the matter, they can not give you the content without permission of the content owners, and they won't get permission of the content owners without verifying your location. As the largest streaming service they're the ones that the MPAA is pointing their guns at; but they are going to put this pressure on everyone else soon enough. Since Netflix is not a pirate site they are required to give the MPAA a say. Netflix intentionally does a half-assed crackdown just to mollify the o
Re: (Score:2)
Nope, this won't work. Because if you use such a service, you're hard to geolocate, just as with vpns. So netflix will block you even more than they block ipv6.
Re: (Score:2)
IPv6 lookup (Score:2, Informative)
Why can't they just remove the AAAA entries in DNS for their domains. Then no IPv6 connection will be attempted since no IPv6 address will be found.
Re:IPv6 lookup (Score:4, Informative)
That would be a more aggressive blow against ipv6 than what they are currently doing. Right now they only seem to appear to block for the customers they can't geolocate over ipv6, but they don't block it for customers they can geolocate over ipv6. The thing which makes this a story is that its hard for them to geolocate ipv6 addresses, thus leading more ipv6 addresses blocked than ipv4 ones.
Re: (Score:2)
That would be a more aggressive blow against ipv6 than what they are currently doing.
No, turning it off at their own server is much lighter affect than having their customers turn it off on their own computers. If they turn it off on their end, all the rest of the customers traffic can still be ipv6 and you'll have both happening at the same time. Turning it off at the customer turns it off for all sites that customer visits.
Re:IPv6 lookup (Score:4, Informative)
They could deploy a set of parallel domains like "v4.netflix.com" without AAAA records, then add a profile setting so that affected users could be redirected there without impacting anyone else.
I am not going to turn off IPv6 across all of my devices just because Netflix can't figure out v6 geolocation. For dual-stack customers, why not simply locate them with a v4 query and then let that user session send in IPv6 requests from anywhere?
Re: (Score:2)
They could use geolocating DNS to spot ipv6 users (ipv6 dns queries) from ranges they cannot identify and then only deliver A records to them.
Just wait for IPS / cable co to change per IPv6 ip (Score:2)
Just wait for IPS / cable co to change per IPv6 ip and lock you into there gateway.
MAFIAA VS. IPv6 (Score:2)
Re:MAFIAA VS. IPv6 (Score:5, Insightful)
YUP (Score:5, Informative)
Just noticed I was getting blocked the other day. Not trying to do anything shady. I need IPv6 for work and use Hurricane Electric for that. Kinda not cool move Netflix.
Re: (Score:2)
Re: (Score:2)
They should allow users to register IPv6 /48 or /56 or /64
...or skip all that fakeable bullshit and use your billing address on file. That sounds way easier, more accurate, and less voodooish than any other methods.
Re:YUP (Score:4, Insightful)
I imagine that the present situation exists because studios are unwilling to license programs to Netflix on "billing address" terms. Instead, studios require geolocation of where the subscriber is located, not where the subscriber has an offshore bank account.
Re: (Score:3)
Re: (Score:2)
And Netflix have chosen to do this "solution" rather than a real solution which will work with the IPv6 network as it was when they turned on IPv6 for themselves.
HE's tunnel prefixes are reasonable well known. It doesn't that a rocket scientist to say "Is the connection coming from this block" and redirect to IPv4. Do the same for the other IPv6 tunnel brokers.
This is different for a IPv4 in IPv4 tunnel.
Why (Score:5, Interesting)
Why does this topic have a Digital Electronics logo ? Did I miss something ?
Also a great motivator (Score:2)
This is also a great motivator for ISPs to participate in Netflix's CoLo program, where they lease space inside an ISP's network and install gear that their customers stream netflix from, inside the ISP's network, so as to avoid racking up high peering charges for the ISP.
Re: (Score:2)
and with comcast uncapped unshaped netflix will only come with an Internet + cable tv package.
Meanwhile everyone else moves on.... (Score:5, Insightful)
Re: (Score:2)
Amazon can't do DNS (Amazon's Route 53 servers deliberately break EDNS version negotiation by not answering non EDNS version 0 queries [isc.org]), how do you expect them to do IPv6?
What is netflix? (Score:2)
Re: (Score:2)
Yup. Me too. (Score:2)
I use a HE tunnel for day-to-day IPv6 connectivity (since my ISP, TalkTalk Business has no plans for IPv6 implementation[1]). Despite the fact that I connect to HE's UK endpoint and a traceroute shows traffic originating in the UK, Netflix's geo-loc database shows I'm coming from California. I have no particular desire to watch Netflix/US - quite happy with Netflix/UK, but in one fell swoop they've stopped me watching it at all.
Their "solution"? Disable IPv6. Not possible? Then this is what they suggest[2]:
Re: (Score:2)
just start pirateing the content but keep paying to have your get out of jail card.
Re: (Score:2)
Re: (Score:2)
Complain to your consumer affairs people. Netflix are choosing to implement a disruptive solution rather than a non disruptive solution (e.g. redirect to a IPv4 only set of servers). You have paid for your service. You are not attempting to circumvent geo fencing. It is Netflix's responsibility to do geo fencing to the best of their ability which they clearly are not doing.
they're blocking VPNs (Score:2)
HE's IPv4-IPv6 offering is a VPN.
They're blocking VPNs.
I don't love that they are blocking VPNs, but that's all this is. Direct IPv6 connections will work fine.
Re: (Score:2)
HE's IPv4-IPv6 offering is a VPN.
HE do not provide VPNs - it's a tunnelling service. There is a difference.
Direct IPv6 connections will work fine.
Did you not read the article? "while users on ISPs that provide native IPv6 are also facing difficulty connecting and watching shows"
No, there's no difference. (Score:2)
A VPN is a tunneling service. Same thing. Both make your packets originate from somewhere else, and that's why geolocation doesn't work. That's why they block those.
I don't know what you mean by "read the article". I read the slashdot summary. And it doesn't match up with what is actually in the source material. The source material says the problem is due to using HE's VPN.
BTW, I'm a user on an ISP with native IPv6 and I don't have problems connecting and watching shows.
Re: (Score:2)
HE's tunnels aren't encrypted, so I'm not sure if you can really consider them "private".
Also, HE publish country info for tunnels in whois, so if Netflix can't work out where the tunnel user is then that's Netflix's fault for not using the whois data available to them.
Re: (Score:2)
A VPN is a tunneling service. Same thing.
A VPN is a tunnelling service. A tunnelling service is not necessarily a VPN.
Both make your packets originate from somewhere else, and that's why geolocation doesn't work.
So the IPv4 packets that originate from my ISP in London can be geolocated whilst the IPv6 packets that originate from HE in London cannot? What twaddle. In HE's case, they have a large chunk of IPv6 addresses which are dished out to people connecting to their London endpoint which are incorrectly geo-located in California. I think what you are trying to say is "HE users can connect to any of HE's endpoints worldwide and therefore
Re: (Score:2)
HE's IPv4-IPv6 offering is a VPN.
They're blocking VPNs.
I don't love that they are blocking VPNs, but that's all this is. Direct IPv6 connections will work fine.
4in6 is not a VPN, theres no encryption, if you examine the outer packets you can see the inner packets and their contents.
Dynamic pricing (Score:2)
Netflix and Apple (Score:4, Interesting)
ACL the Netflix subnets (Score:5, Informative)
I'm blocking Netflix IPv6 subnets on my router with ICMPv6 no-route-to-host. Windows, Mac and Android clients all seem to immediately fall back to IPv4 and play as normal. It seems like a better solution than disabling IPv6 outright.
Mikrotik RouterOS syntax:
add address=2406:da00:ff00::/48 list=netflix
add address=2600:1407:19::/48 list=netflix
add address=2607:f8b0:4001::/48 list=netflix
add address=2620:108:700f::/48 list=netflix
add address=2a01:578:3::/48 list=netflix
add chain=forward dst-address-list=netflix action=reject
Has IPv6's reputation just been destroyed? (Score:4, Insightful)
I'm curious if this will utterly destroy IPv6's reputation among Internet users at large.
It's no secret that IPv6 has been taking forever to deploy. Many network admins and more technical folks are skeptical about it, even if most Internet users have no idea what it is.
This will likely be the first exposure that many average Internet users will have had to IPv6, and it won't have been a good experience for them.
They'll now see IPv6 as that "problematic" technology that they disabled to get Netflix working again.
And once disabled on their computers, it's unlikely that it will ever be re-enabled again. After all, they'll want to continue being able to watch Netflix.
Historians may very well define this month as the one when IPv6 went from being a delayed technology rollout to a complete and utter failure.
IPv6's reputation may now be tainted in the eyes of many Internet users, much like how systemd has tainted Linux's reputation, and how Firefox's reputation has declined over the years.
Re:Has IPv6's reputation just been destroyed? (Score:5, Funny)
ipv8 will fix everything.
Re:Has IPv6's reputation just been destroyed? (Score:5, Funny)
Our surveys show that everybody will want it anyways.
Re: (Score:2)
Fuck everything, we're doing IPv10.
Re: (Score:2)
IPv11 is better. It has that extra push over the cliff.
Re: (Score:2)
Re:Has IPv6's reputation just been destroyed? (Score:5, Informative)
I'm curious if this will utterly destroy IPv6's reputation among Internet users at large.
Check this graph [google.com] again in a month and you should have your answer.
Re: (Score:3)
Re: (Score:2)
Cell phones typically use IPv6. On weekends, most people are more mobile. But during the week, people are chained to a desk or sitting at home, and they use a landline for internet access.
Re: (Score:2)
Reputation doesn't matter if you can't get ipv4 addresses.
ipv6 hasn't "been taking forever to deploy." It has been deployed for a long, long time; what is known is that until ipv4 addresses ran out, there was no pressing need to switch. But the infrastructure was already deployed a long time ago.
Re: (Score:2)
Reputation doesn't matter if you can't get ipv4 addresses.
ipv6 hasn't "been taking forever to deploy." It has been deployed for a long, long time; what is known is that until ipv4 addresses ran out, there was no pressing need to switch. But the infrastructure was already deployed a long time ago.
One of the issues with IPv6 that I've seen is that otherwise competent network engineers are terrified of it because they love their NAT and can't conceive of having Internet routeable addresses on 'internal' hosts. Its like they've forgotten how to do real firewalling.
Re: (Score:2)
Some of the infrastructure is there. However there are a lot of ISPs who don't support it fully yet, home routers or modems from ISPs that don't support it, etc. They've basically "solved" the problem for the short term with NAT and aren't under as much pressure to change. And this is a part of the infrastructure even though it's not the backbone.
Re: (Score:2)
So you believe they're buying routers and switches that can't do ipv6, rather than that they simply haven't changed a config file to turn it on for the end user?
I don't believe that that is the normal case; and I don't believe these ISPs don't already provide it to business customers, or to servers hosted in their data centers. And I don't think they have end-to-end separate networks for residential and business customers. Some parts are separate, but most often the residential customers are on a more restr
Re:Has IPv6's reputation just been destroyed? (Score:5, Informative)
Well, you're only half right. There are other reasons why you would want IPv6 besides addresses. Like not needing to NAT everything (cludge) and faster/lower overhead routing.
Re: (Score:2)
As a backbone tech it's good. But home networks are perfectly served by Class C v4, and large corps by Class A/B
Carrier grade NAT sucks balls. I've seen ISP's where every time I click on a link, the 'click' is coming from a different IP address, sometimes from different blocks. Things would be so much nicer and tidier with v6 and screw the NAT.
Re: (Score:2)
As a backbone tech it's good. But home networks are perfectly served by Class C v4, and large corps by Class A/B
Carrier grade NAT sucks balls. I've seen ISP's where every time I click on a link, the 'click' is coming from a different IP address, sometimes from different blocks. Things would be so much nicer and tidier with v6 and screw the NAT.
This kind of crap is why I opted for a "business grade" plan with a static IP. It seems like the only way to get a reliable home connection now is to pay twice as much.
Re: (Score:2)
They aren't, because there aren't enough v4 addresses to do that (did you somehow miss the memo on that?).
If your home network isn't connected to the internet, then fine, but most people want internet access and thus will need v6 on their home network to reach servers on the internet.
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]
Yes, they work. Yes, they're suitable for their purpose.
Not everyone needs a publicly-routable address. In fact, it's probably better to NOT have one, if possible. Only a server or router listening to requests on the publicly-routable internet needs one. We have plenty of IPv4 addresses for that.
Re: (Score:2)
They're suitable for their purpose of private networks, but for networks that are connected to the internet, they aren't very suitable at all.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm curious if this will utterly destroy IPv6's reputation among Internet users at large.
Nope, most Internet users didn't know what it is before, and they won't know after, either. IPv6 doesn't NEED a reputation among the end user, who will never know if he's using v4 or v6.
nonsense, Netflix wizards can't figure out IPv6 (Score:2)
alternatives... Hulu, Amazon, streaming off a cable com subscription, maybe the sources like HBO and the Four Network Titans will let you stream from their home pages. Netflix, bye bye. my ISP has fully implemented IPv6 from a number of customer-side systems, and of course all over the backbone.
Re:Cancelling my Netflix membership (Score:5, Insightful)
Again, this is just my understanding, but I think Netflix couldn't care less about who has access to their content; but if the studio execs get word that Netflix is allowing users to "illegally" access content, then they face revocation of the content rights.
Re: (Score:2)
That's the way I see it too.
Back a year or more ago, when I went overseas, Netflix was useless because it would not allow me to stream anything from my US account. Flip back to January, and now it works wherever I travel: be it Germany, Italy, or Japan, I see and stream whatever local content is available. It is far more useful to me than how Amazon or Hulu handle it - no access at all.
Netflix has always seemed to take the "least effort" approach to people who want to work around geoblocks. Perhaps the co
Re:Dumbest advice ever (Score:5, Insightful)
IPv6 is a solution to several problems that _do_ exist! Have you ever looked at the changes from IPv4 to IPv6?
Re: (Score:2)
IPv6 is a solution to several problems that _do_ exist! Have you ever looked at the changes from IPv4 to IPv6?
What I'd like to see is the actual implementation of IPv6's built-in IPSEC support. That would be very very interesting.
Re: (Score:3)
Re: (Score:2)
what is acceptable profit? honest question.
they provide a service that people love. they are not forcing anyone to comply. why do you demonize them like that?
Re: (Score:3)
Sell your soul to greedy distributors? Netflix is basically our only legal option and all you can think is "screw them, I'll keep pirating shit anyway"?
Re:Simple fix (Score:5, Funny)
What does Hillary have to do with any of this?
Will she set up a server in her basement that I can use to VPN over to Netflix?
Re: Simple fix (Score:5, Insightful)
If it's a sales tax issue, then the local taxes should be bolted after the sticker price ($9.99 + tax). If it's because censorship beauros around the world need to get and classify the material, fine! But let the governments worry about blocking it. This becomes a real problem when customers in countries not seemingly affected by these externalities end up suffering and have to regress in technology because of it.
And speaking of backwards, why isn't Netflix itself who is suffering the issue turning off IPv6? Why should I fuck up my home router because their service doesn't work with the latest shit? Clearly I'm living right here (SoCal), since my card and my billing address are here. Complain to their support dept and claim you need V6 for work, make them fix it, or lose business!
Re: (Score:2, Funny)
Why? Why?
Because they have one boiler-plate contract which they copy-paste for all their distribution agreements, they paid a lawyer $30 for it in 1920, and as everyone knows that Hollywood is run by jews they aren't going to pay another lawyer to make new contracts.
Re: (Score:2)
The problem here is the content creators (*IAA asshats) who have no business sense. I can not get a good justification for the complexity of their distribution channels (country codes in dvd drives, IP restrictions, all of if). Why? Why?
It's a pretty simple and mundane explanation. Coordinating media (advertising, etc...) across the entire world is a big job, and probably pretty impossible to get everyone on the same page on exactly the same day for some kind of launch. Also, the stars of most movies need to make appearances for promotions, and they can only be in one place at a time. Rolling out different regions at different times allows you to manage that better.
Re: Simple fix (Score:4, Insightful)
Just as a point of clarification, "*AA asshats" are NOT content creators. They are leeches.
Re: (Score:2)
Write Hillary.
Ask her to enforce "best practice" rules for common carriers including ISP's.
Leaving Netflix to work out the details with the content providers / Restricters when 100% of the customer base goes dark forever.
ABC et al will come around quickly rather than give up market access.
The way I see it, its like the old 'Church of the Subgenius' stance on alcohol, to paraphrase: "Don't vote for Hillary to solve problems, only to create them."
Re:Simple fix (Score:5, Insightful)
Why would Hillary do that? She's in the pocket of the copyright cartels.
Re: (Score:2)
Disabling v6 isn't smart. See this comment: https://tech.slashdot.org/comm... [slashdot.org]
Re: (Score:2)
...hah, what a fail. I of course meant this comment: https://tech.slashdot.org/comm... [slashdot.org] (although I doubt anybody will have much trouble finding it themselves).
Re: (Score:2)
Instead of basing access off of IP address, why don't they do it based on the issuing bank for customers' credit cards? It's an indicator of where the money is actually changing hands. I wonder what content owners would think of that.
That wouldn't work. I'm a Canadian citizen living in Canada, but I do have U.S. credit card and the billing address is a PO Box in the USA. (I live near the border.)