Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Digital Movies Television Entertainment Your Rights Online

Netflix Blocks Many IPv6 Users Over Geolocation Difficulty 229

Posted by msmash from the assuming-control dept.
An anonymous reader writes: In another example of content owners putting the screws to Netflix and consumers, network operators are reporting that the popular streaming service has begun blocking many customers on IPv6 connections. Many users of Hurricane Electric's IPv4-to-IPv6 service have been blocked entirely, while users on ISPs that provide native IPv6 are also facing difficulty connecting and watching shows. Netflix customer service has been advising users that the only workaround is to completely disable IPv6 on their computers. The ban on IPv6 appears to be the latest round of a wider crackdown against users whose IP address can't be sufficiently geolocated. While the rest of the internet moves forward with implementing IPv6, content owners are forcing Netflix to move backwards.
This discussion has been archived. No new comments can be posted.

Netflix Blocks Many IPv6 Users Over Geolocation Difficulty More

Netflix Blocks Many IPv6 Users Over Geolocation Difficulty

Comments Filter:

  • uh, what? (Score:5, Informative)

    by ripvlan ( 2609033 ) on Tuesday June 07, 2016 @03:33PM (#52269547)

    I thought the world was running out of IPv4 and the internet was in dire straits. We must all move to the IPv6 lifeboats or drown in the sea of no-internet.

    Hopefully this is a temporary problem/solution because Netflix is effectively shutting off Potential New Customers. "Thanks for joining the modern internet - sorry we can't service you today"

    geolocating IPv6 --- hmmm.... an interesting problem. I guess it was easier when you only had to map 4 billion entries and the address scheme followed a pattern.

    • Re:uh, what? (Score:5, Informative)

      by Bert64 ( 520050 ) <bert AT slashdot DOT firenzee DOT com> on Tuesday June 07, 2016 @03:40PM (#52269617) Homepage

      It's actually easier with v6, because each isp will generally only have one very large block instead of hundreds of small ones, then you can correlate the blocks to the regions that isp serves - not many isps serve multiple countries.

      • Re:uh, what? (Score:5, Informative)

        by rahvin112 ( 446269 ) on Tuesday June 07, 2016 @04:15PM (#52269873)

        One of the points with IPv6 was to reduce the size of BGP tables that contain that routing data. As you say IPv6 should be significantly easier to geolocate than IPv4, well except for those services like Hurricane Electric which is not at all unlike a VPN. IPv4 has been cut up to single IP's in some cases. The routing and Geolocate data is massive.

        • Re: (Score:2)

          by allo ( 1728082 )

          IPv6 does things like renumbering support and mobile ip stuff, which makes locating harder. Of course, your standard connection does nothing of this.

      • Re:uh, what? (Score:5, Insightful)

        by slack_justyb ( 862874 ) on Tuesday June 07, 2016 @04:26PM (#52269973)

        You are correct on both parts. IPv6 makes it easier to geolocate fixed nodes. It is easier to geolocate fixed nodes because of what you stated. A single block can cover every single customer an ISP has and could ever have until the end of time. Mobile nodes not so much, but let's not muddy the waters here. The studios are the ones that brought this to Netflix and more than likely they'll bring it to everyone else in good time. The problem with being first and Netflix is they're the ones stuck trying to build the database and developing relationships with folks like Comcast, who would love for you to roll over and die any day now, to keep that database up-to-date enough to please the content gods.

        It's a super shitty situation that Netflix is being placed in and Netflix is deploying a really brain dead way of trying to weasel out of this rock and hard place. Geez, I hate the way all this crap goes down because they all are acting like stupid five year olds.

    • Hopefully this is a temporary problem/solution because Netflix is effectively shutting off Potential New Customers. "Thanks for joining the modern internet - sorry we can't service you today"

      This isn't really Netflix's rule, rather it comes down from the content producers selling their videos to Netflix. So long as they feel the need to geo-locator, Netflix will as well.

    • Re:uh, what? (Score:5, Insightful)

      by Aighearach ( 97333 ) on Tuesday June 07, 2016 @04:15PM (#52269875)

      In the short term, end users are still going to have ipv4 addresses. The immediate problem with having run out is for new servers, or new ISPs.

      The real problem here is that netflix should be handling it at their end; stop returning ipv6 DNS responses and peoples computers won't try to connect with ipv6. Making customers turn off ipv6 on their computers will result in those users being unable to connect to some new services. Plus, many don't know how. The ad-hoc system of allowing some ipv6 blocks but not others is going to hurt them unless it only affects a small number of people.

      • I can see why a HE 6to4 tunnel could fuck up Netflix... When you set up a tunnel at tunnelbroker.net, you're given a choice of a large number of endpoints for your tunnel, some in the USA but *many* elsewhere throughout HE's network footprint. I'm gonna go out on a limb and speculate that the problems noted only occur if your tunnel endpoint is *somewhere* besides the US. I use an HE tunnelbroker tunnel whose endpoint is in LA, so *if* I was still subscribing to Netflix, I'd not be expecting any issues. Dum

    • As usual, we have bought some time by using NAT. Now many(if not all) cell phones get their internet through NAT.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      geolocating IPv6 --- hmmm.... an interesting problem.

      It ought to be a non-problem: Do away with the licensing bullshit that requires it. The whole thing was and is less than effective [slashdot.org] anyway.

  • The easier workaround (Score:5, Insightful)

    by nehumanuscrede ( 624750 ) on Tuesday June 07, 2016 @03:33PM (#52269553)

    is to discontinue subscribing to Netflix. ( Unlike Cable or Satellite, discontinuing / restarting service is dead simple. )

    Enough folks follow this method and Netflix will set a world record in getting this issue resolved.

    • Re: (Score:3)

      by Yvan256 ( 722131 )

      You think Netflix wants to lose time and money doing that kind of shit? They know it's pointless, they know it's a game of whack-a-mole and they know they'll lose subscribers over this.

      You know who's pushing for that shit? Hollywood/MPAA/etc. They don't care if it hurts Netflix.

      Wait, I take that back. They hope it hurts Netflix so they can push people to use their own services, even if they don't have any.

    • Netflix is probably neutral here. The content providers are the ones that are paranoid that only allowed content is showed in the proper regions. If Netflix let anyone watch anything then they'd start losing their access to the content.

  • IPv6 lookup (Score:2, Informative)

    by Anonymous Coward

    Why can't they just remove the AAAA entries in DNS for their domains. Then no IPv6 connection will be attempted since no IPv6 address will be found.

    • Re:IPv6 lookup (Score:4, Informative)

      by NotInHere ( 3654617 ) on Tuesday June 07, 2016 @03:45PM (#52269659)

      That would be a more aggressive blow against ipv6 than what they are currently doing. Right now they only seem to appear to block for the customers they can't geolocate over ipv6, but they don't block it for customers they can geolocate over ipv6. The thing which makes this a story is that its hard for them to geolocate ipv6 addresses, thus leading more ipv6 addresses blocked than ipv4 ones.

      • That would be a more aggressive blow against ipv6 than what they are currently doing.

        No, turning it off at their own server is much lighter affect than having their customers turn it off on their own computers. If they turn it off on their end, all the rest of the customers traffic can still be ipv6 and you'll have both happening at the same time. Turning it off at the customer turns it off for all sites that customer visits.

      • Re:IPv6 lookup (Score:4, Informative)

        by mmontour ( 2208 ) <mail@mmontour.net> on Tuesday June 07, 2016 @04:19PM (#52269905)

        They could deploy a set of parallel domains like "v4.netflix.com" without AAAA records, then add a profile setting so that affected users could be redirected there without impacting anyone else.

        I am not going to turn off IPv6 across all of my devices just because Netflix can't figure out v6 geolocation. For dual-stack customers, why not simply locate them with a v4 query and then let that user session send in IPv6 requests from anywhere?

      • Re: (Score:2)

        by allo ( 1728082 )

        They could use geolocating DNS to spot ipv6 users (ipv6 dns queries) from ranges they cannot identify and then only deliver A records to them.

  • Just wait for IPS / cable co to change per IPv6 ip and lock you into there gateway.

  • MAFIAA VS. IPv6 lol. I wonder how badly they'll mess things up - hopefully to the point where folks rise up in revolt against the MAFIAA

  • YUP (Score:5, Informative)

    by whitelabrat ( 469237 ) on Tuesday June 07, 2016 @03:43PM (#52269641)

    Just noticed I was getting blocked the other day. Not trying to do anything shady. I need IPv6 for work and use Hurricane Electric for that. Kinda not cool move Netflix.

    • Same here. This started about 5 days ago. Spent 2 hours on chat with Netflix support to get to the bottom of it. I'm on a business connection and need IPv6, and the kids need Netflix (or the parents need the kids to have Netflix). They should allow users to register IPv6 /48 or /56 or /64 (depending on what you get from he.net). I'm using he.net for all my ipv6 as my ISP is not able to provide static IPv6 (only dynamic for business customer for now). So I got caught in the battle.

      • They should allow users to register IPv6 /48 or /56 or /64

        ...or skip all that fakeable bullshit and use your billing address on file. That sounds way easier, more accurate, and less voodooish than any other methods.

    • ..you realize that Netflix has no desire to drive away customers, innovation, and money, right? The folks forcing Netflix to do this are known as a group called the MPAA. They're behind a LOT of the completely absurd things you hear about movies and piracy.

      • And Netflix have chosen to do this "solution" rather than a real solution which will work with the IPv6 network as it was when they turned on IPv6 for themselves.

        HE's tunnel prefixes are reasonable well known. It doesn't that a rocket scientist to say "Is the connection coming from this block" and redirect to IPv4. Do the same for the other IPv6 tunnel brokers.

        This is different for a IPv4 in IPv4 tunnel.

  • Why (Score:5, Interesting)

    by Archfeld ( 6757 ) <treboreel@live.com> on Tuesday June 07, 2016 @03:46PM (#52269665) Journal

    Why does this topic have a Digital Electronics logo ? Did I miss something ?

  • This is also a great motivator for ISPs to participate in Netflix's CoLo program, where they lease space inside an ISP's network and install gear that their customers stream netflix from, inside the ISP's network, so as to avoid racking up high peering charges for the ISP.

  • According to Google [google.com], about an eighth of all their traffic today is IPV6, the percentage is growing, and the rate is accelerating. If you were waiting for a clear sign from the heavens that it's time to finally start supporting IPv6 as at least equal to IPv4, then you can stop waiting. While almost all of those systems currently also have native IPv4, it's absolutely insane to ignore v6 traffic in 2016. Do it at your and your employer's own peril.
  • I thought this was going to be about vax.

  • I use a HE tunnel for day-to-day IPv6 connectivity (since my ISP, TalkTalk Business has no plans for IPv6 implementation[1]). Despite the fact that I connect to HE's UK endpoint and a traceroute shows traffic originating in the UK, Netflix's geo-loc database shows I'm coming from California. I have no particular desire to watch Netflix/US - quite happy with Netflix/UK, but in one fell swoop they've stopped me watching it at all.

    Their "solution"? Disable IPv6. Not possible? Then this is what they suggest[2]:

    • just start pirateing the content but keep paying to have your get out of jail card.

    • Complain to your consumer affairs people. Netflix are choosing to implement a disruptive solution rather than a non disruptive solution (e.g. redirect to a IPv4 only set of servers). You have paid for your service. You are not attempting to circumvent geo fencing. It is Netflix's responsibility to do geo fencing to the best of their ability which they clearly are not doing.

  • HE's IPv4-IPv6 offering is a VPN.

    They're blocking VPNs.

    I don't love that they are blocking VPNs, but that's all this is. Direct IPv6 connections will work fine.

    • Re: (Score:2)

      by quarkoid ( 26884 )

      HE's IPv4-IPv6 offering is a VPN.

      HE do not provide VPNs - it's a tunnelling service. There is a difference.

      Direct IPv6 connections will work fine.

      Did you not read the article? "while users on ISPs that provide native IPv6 are also facing difficulty connecting and watching shows"

      • A VPN is a tunneling service. Same thing. Both make your packets originate from somewhere else, and that's why geolocation doesn't work. That's why they block those.

        I don't know what you mean by "read the article". I read the slashdot summary. And it doesn't match up with what is actually in the source material. The source material says the problem is due to using HE's VPN.

        BTW, I'm a user on an ISP with native IPv6 and I don't have problems connecting and watching shows.

        • HE's tunnels aren't encrypted, so I'm not sure if you can really consider them "private".

          Also, HE publish country info for tunnels in whois, so if Netflix can't work out where the tunnel user is then that's Netflix's fault for not using the whois data available to them.

        • Re: (Score:2)

          by quarkoid ( 26884 )

          A VPN is a tunneling service. Same thing.

          A VPN is a tunnelling service. A tunnelling service is not necessarily a VPN.

          Both make your packets originate from somewhere else, and that's why geolocation doesn't work.

          So the IPv4 packets that originate from my ISP in London can be geolocated whilst the IPv6 packets that originate from HE in London cannot? What twaddle. In HE's case, they have a large chunk of IPv6 addresses which are dished out to people connecting to their London endpoint which are incorrectly geo-located in California. I think what you are trying to say is "HE users can connect to any of HE's endpoints worldwide and therefore

    • HE's IPv4-IPv6 offering is a VPN.

      They're blocking VPNs.

      I don't love that they are blocking VPNs, but that's all this is. Direct IPv6 connections will work fine.

      4in6 is not a VPN, theres no encryption, if you examine the outer packets you can see the inner packets and their contents.

  • Content owners want the ability to charge you for something based on your ability to pay instead of on the value of the product. They want to be able to sell their products across the world to people who only earn a few dollars a day, without giving you and I the ability to buy it at that same price. I can't wait until the Dollar Store is able to determine my net worth as I enter the store (facial recognition, links to financial institutions, etc.) and either kick me out and force me to shop at the expensiv

  • Netflix and Apple (Score:4, Interesting)

    by Londovir ( 705740 ) on Tuesday June 07, 2016 @07:22PM (#52271141)
    So...how long before the Netflix iOS app disappears off the App Store, or the negative reviews start piling up? Apple is either about to begin, it has already begun, requiring all iOS apps to strictly only support IPv6, so this is entertaining. If the Netflix app has to only use IPv6, and Netflix starts blocking various people using IPv6...heh. :)

  • ACL the Netflix subnets (Score:5, Informative)

    by tomtom ( 23188 ) * on Tuesday June 07, 2016 @09:40PM (#52271827) Homepage

    I'm blocking Netflix IPv6 subnets on my router with ICMPv6 no-route-to-host. Windows, Mac and Android clients all seem to immediately fall back to IPv4 and play as normal. It seems like a better solution than disabling IPv6 outright.

    Mikrotik RouterOS syntax:

    /ipv6 firewall address-list
    add address=2406:da00:ff00::/48 list=netflix
    add address=2600:1407:19::/48 list=netflix
    add address=2607:f8b0:4001::/48 list=netflix
    add address=2620:108:700f::/48 list=netflix
    add address=2a01:578:3::/48 list=netflix

    /ipv6 firewall filter
    add chain=forward dst-address-list=netflix action=reject

Slashdot Top Deals

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Close