Posted on Thu 19 December 2019

focus on the problem

The scientific method goes boing.

  1. Form a question.
  2. Observe evidence.
  3. Form hypotheses.
  4. Create experiments.
  5. Observe results.
  6. Compare hypotheses.
  7. Be critical.

The scientific method runs off the rails in step 2 and explodes into uncertainty in step 3. It turns out that observing evidence is rarely easy or straightforward: it's a great big universe, and we're all really puny. And "forming hypotheses" is synonymous with "make guesses" -- potentially educated, informed guesses, but still a creative process that is likely to baffle AI for decades to come.

That brings us to today's problem: why does Netflix hate me?

Netflix leases the right to show video productions according to geographical restrictions. When rights-holders became aware that IP addresses don't necessarily map to geography, they became confused and upset, but mostly ignored it. When they were informed that proxies and VPNs could be rented as services, they demanded that Netflix do something. So Netflix did something: they arbitrarily banned certain IP ranges.

This is not supposed to be a problem for my household, because we are in the US and any IPs assigned to us by our ISP will certainly be in the unbanned ranges for US service. This is true and not part of the problem.

I have three gigabit-class ISPs offering me service. One is Comcast, whom I intensely dislike. (So do other people: they kept winning "America's Worst Company" awards, which is why they rebranded their consumer ISP as Xfinity.) One is RCN, who are fine but for some reason don't believe that IPv6 is a useful technology for end-users. The last is Verizon's FIOS service, which only recently decided that IPv6 is worthwhile.

I run services at home which need to be accessible to the Internet at large. Mail, web, various things built on top of web servers like a wiki, this blog, a ticketing system, an RSS reader... ok, I canned the ticketing system after it became clear that it wasn't a useful method of dealing with household chores. We handle our own DNS resolution, do ad-blocking, and so forth. It's good to be up on modern things like IPv6, so I use Hurricane Electric's IPv6 tunnelling service to get a nice static network block. It adds about 6ms of latency to some things because it terminates in New York City.

For IPv4 addressing, a dynamically-updated DNS name will work. Outages when the ISP changes my DHCP-granted address tend to be in the 20 second range, and don't happen very often. It would be great to do the same for IPv6, except... Namecheap, who does DNS and dynamic DNS for us, doesn't do dynamic assignation for AAAA records. I don't know why. Maybe they don't know why: it comes up often enough that they have a statement about it in exactly the place in their interface you would look for it.

That's OK, Hurricane Electric provides static allocations. No problem.

Except... Netflix. Netflix thinks that Hurricane Electric's IPv6 service is a proxy used by nefarious foreigners to obtain red-blooded American entertainment. So if we contact Netflix via IPv6, it errors out when you try to watch a show, accusing you of fraud and deceit and failure to wipe your feet at the door.

For most of the client systems in the house, I have a simple workaround. A DNS query for the Netflix domains is stripped of AAAA answers, leaving only the IPv4 answers.

ChromeOS is special.

ChromeOS listens to DHCP, accepts the recommended DNS servers... and then ignores them. It uses Google's own DNS resolvers at 8.8.8.8 and 8.8.4.4. And those love to return IPv6 AAAA answers.

So: I know what the problem is. I have half a solution. My question is: How can I transparently (to end users inside the house) provide access to Netflix, while keeping the static IPv6 allocation from Hurricane Electric?

I began to formulate answers. I thought about IPv6 NPT (NAT). I thought about routing. I thought about how much easier this would be if FIOS and HE would peer BGP with me. I thought about the disasters that would erupt on a daily basis if FIOS and HE were so foolish. I thought about IPv6 multihoming.

I thought a lot about IPv6 multihoming. FIOS gives a DHCP-PD range; HE gives a static allocation. Various sources convinced me that this was either ludicrously simple or completely impossible. I started drawing diagrams about source routing and preferences. I kinda like the idea of IPv6 multihoming.

Then I remembered the advice which is the title of this post. Focus on the problem, not the hypothetical answers to sub-problems that came up along the way.

I told my house router to blackhole route 8.8.8.8 and 8.8.4.4. Just reject them immediately.

The Chrome devices started streaming video from Netflix.


© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.