All has been good until later May 2016 when my kids started asking me why Netflix was complaining about proxies and not letting them watch whatever it is that they watch. I ignored this for as long as possible -- whatever the problem was, it didn't affect my use of Netflix (we use Tivos as the main TV viewing platform). Then I caught a tweet which indicated that this message was a result of running an IPv6 tunnel. Why?
The Netflix help for the issue is completely useless. It was written by (charitably) a technical person who doesn't understand that the vast majority of Netflix viewers have no idea what IPv6 is (or even what IPv4 is). The message is:
Netflix supports any IPv6 connection that is natively provided to you by your ISP. Tunneling services that provide IPv6 over an IPv4 Network are not supported by Netflix, and may trigger an error message.This message does not give you any clue as to what to do about the problem. Are they really saying "Reconfigure your network connectivity in order to view Netflix."?
I now understand what the problem is -- their GeoIP database is unable to locate the country where the IPv6 address is, and so they don't provide service to it. Does anybody know which GeoIP database they use -- maybe I could get that DB fixed, However, the whole idea behind Netflix is that it is easy and seamless to use (the idea being trying to discourage people from using pirated content). So why are they being so anti-paying-customer?
The only thing that I can think of is that they are not getting enough complaints. There are two things that they could do that are simple:
- Provide a list of IPv6 server addresses that people could block. This would force a fallback to IPv4 and then things would work
- Fix the code so that if an IPv6 address cannot be geolocated, then force a redirect to IPv4.
For now, I've had to disable the IPv6 stack on the kids' laptops. This hardly seems like an ideal solution.
Update: See Netflix-and-ipv6-problem-solved for the resolution.
Update: See Netflix-and-ipv6-problem-solved for the resolution.
The problem is the content owners, not Netflix. Netflix is just the messenger. There are too many folks abusing the HE tunnels to get around the regional geoip issue.
ReplyDeleteAlso, you have naative v6 with Comcast, you don't need your tunnel. Your claim of lower latency is likely only for a small handful of hosts and not across the board. Specifically for Netflix, Comcast has local interconnects in Boston that are v6 enabled and probably 10-15ms faster than anything HE can give you.
It's time to ditch the tunnel, go native.
Interestingly enough, I did do comparative testing for the native IPv6 connection and the Hurricane Electric tunnel. It turned out that the tunnel was faster to most locations. Because I happen to know people in the routing group at Comcast, I managed to get them to fix the routing so that there wasn't as much of a speed advantage to go via Hurricane Electric.
ReplyDeleteIt still isn't clear to me how stable the Comcast provided IPv6 addresses are. I'm concerned about changes in the delegation causing problems on my internal network (as all the internal IP addresses would change at that point). The other option would be to run dual-homed, but I can't figure out how to get the upstream routing to work correctly in that case (and it isn't clear how that would work in the case of Netflix anyway).
Thanks for your thoughts.
The people you know in the Comcast routing group came to me to get that fixed, that's how I came across your blog. I do agree that the IPv6 PD changing will cause issues, it seems there needs to be a sub-PD protocol that will talk to a DHCPv6 server so you don't have to make any manual changes.
ReplyDeleteI think you also need to keep in mind the scope of size between the two networks. Comcast is massive compared to Hurricane. The size of our backbone and access links are orders of magnitude larger than HEs. Don't get me wrong, I love HE, I'm friends with the owner, Mike is a great guy, but you're putting all your eggs in a fragile basket that will continue to have problems like this in the future.
Time to embrace native. Time to embrace better v6 performance.
It is a small world!
ReplyDeletePart of my reluctance to move is that I have my network operating fine as it is -- with three different /64s (one for my guest network, one for the house network, and one for an experimental ipv6 only wireless network). I have no idea how to configure my firewall/router to handle random prefix delegations.
From reading various lists, it appears that the PD is not as stable as the V4 address assignment. This isn't good.
I want to believe in the promise of the IPv6 internet as allowing end-to-end connectivity for (at least) IOT. However, without stable addresses, it will require some fancy dynamic DNS work to stitch it all together. Maybe I should treat this as an opportunity.....