Re: Netflix VPN detection - actual engineer needed

[Mark Andrews <marka () isc org>]

In message <20160608070525.06fd5995 () echo ms redpill-linpro com>, Tore Anderson writes:
> * Davide Davini <diotonante () gmail com>
>
> > On 04/06/2016 20:46, Owen DeLong wrote:
> > > Get your own /48 and advertise to HE Tunnel via BGP. Problem
> > > solved.  
> >
> > Even though that sounds like an awesome idea it does not seem trivial
> > to me to obtain your own /48.
>
> Which is a good thing, as every new PI /48 advertised to the DFZ will
> bloat the routing tables of thousands upon thousands of routers world
> wide. It might solve the Netflix problem, but what has actually
> happened is that you've split the original problem into a thousand
> small bits and thrown one piece into each of your neighbours' gardens.
>
> I'd encourage everyone to try to fix their Netflix problem a more proper
> way before deciding to litter everyone else's routing tables with
> another PI prefix.
>
> Blocking access to Netflix via the tunnel seems like an obvious
> solution to me, for what it's worth.

And which set of prefixes is that?  How often do they change? etc.

When Netfix turned on IPv6 support HE's tunnels existed.  They
should be dealing with the existing environment rather than making
others work around their short comings.  Tunnels, as much as some
people may not like them, will continue to be a part of the IPv6
landscape for many years to come.

Mark

> I wonder if anyone has attempted to estimate approx. how much RIB/FIB
> space a single DFZ route requires in total across the entire internet...
>
> Tore
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org