I run a personal IPv6 BGP network. Netflix is blocking a /64 of our /36. Why?

I’m Neel Chauhan and run a AS33535, which is a personal BGP ASN for our home internet traffic, complete with IPv6 and two IPv4 /24s (yes, two). I also have AS27284 for my business Fourplex, but that’s unrelated.

The IPv6 prefix i get from ARIN for AS33535 is 2602:2e6::/36

The funny thing is, Netflix today decided to block one of the /64s in the allocation: 2602:2e6:2:2::/64, and only that one. They called us a “VPN or proxy”.

Other IPv6 /64 prefixes in the 2602:2e6:2::/56 range (which is our home network) isn’t blocked, like our wired network.

And 2602:2e6:2:2::/64 only got blocked this evening. It wasn’t blocked when another /48 in the larger 2602:2e6::/36 block had Tor exit relays in 2024; it’s blocked when only one household of three people (and sometimes guests) are using the IP space.

Netflix’s support is obviously not helpful, as unlike even terrible ISP support, they don’t know networks at all as they don’t need to. They said to contact my ISP. But I’m the ISP. And I have no contacts at Netflix.

And it’s not just me. What if it happened to a small wireless ISP in rural Texas with their own ARIN allocations? Or a hospital in Seattle? Do they have to suddenly have to know someone at Netflix? Does a hospital helpdesk tech need FAANG connections?

I have temporarily moved the 2602:2e6:2:2::/64 prefix to another /64. But I’m not happy about it; I’d like to keep the IPv6 /64 prefixes and /24s subnets on my LAN 172.20.0.0/16 in line because of OCD. I want to move it back.

If there’s anyone at Netflix, could 2602:2e6:2:2::/64 please get unblocked?

But Netflix doesn’t have to unblock you, do they?

Take this: someone could run a Wireguard VPN off their Xfinity connection to watch Netflix on their Paris vacation. Yet why isn’t Netflix port scanning your Xfinity IP for private VPNs? Or checking TTLs.

Take this: according to a Hacker News comment, Netflix once blocked Wave Broadband because many geeks set up VPNs for their Asian parents. It led to call centers being hammered. And yes, I made the parent comment and still stand by it five years later (but have since moved back to NYC).

I don’t even use AS33535 as a public proxy. And even if I brought back Tor exit relays on AS33535, it would be on a different /24 IPv4 and /48 IPv6 than our home traffic. And it certainly won’t be 2602:2e6:2:2::/64. And as a Tor contributor, Netflix doesn’t even work on Tor Browser.

Why did you disclose your IP address?

It’s in the public IPv6 internet routing table. You could do a DNS lookup on my Nextcloud server and find our ASN. Even Cloudflare has information on our internet traffic.

Be grateful I’m not a Kiwi Farms victim.