Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy Routing - Streaming Services

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 412 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Popolou
      last edited by Popolou

      Been asked a question which i thought was a simple yes, but i suspect may come with some trial and error. Has anyone reliably routed only the streaming service over their peers, such as with Netflix?

      I would have thought that creating an alias against their AS2906 would be sufficient but i recall they are heavily reliant on AWS. I'm not keen on having to sniff out and keep an IP list regularly updated....

      Any ideas?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Popolou
        last edited by

        @Popolou what are you wanting to accomplish exactly? Sometimes is a easier solution if say you want your streaming services to go out connection X you have. Vs doing it based on destination, do it on source IP.

        Whatever the player is can be routed out that connection.. Like your roku or firestick.. For your mobile devices like phones/laptops/tablets etc.. - Just setup a wireless network that routes out this connection you want to use when streaming.

        But yeah many of these services leverage resources on different CDN based networks.. Which yes can be difficult to isolate to only specific networks as your destination.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        P 1 Reply Last reply Reply Quote 0
        • P
          Popolou @johnpoz
          last edited by

          @johnpoz I am going to experiment by creating an alias in pfB using AS2906 for the destination because i'd not want to route a whole device out if i can help it.

          I could have sworn this has been done before, but i cannot seem to find any notes or guidance from those who have tried. Quite bizarre...

          F 1 Reply Last reply Reply Quote 0
          • F
            FCS001FCS @Popolou
            last edited by

            @Popolou

            I did something similar using pfBlockerNG in pfSense.

            I wanted, and it works, that my IPTV VLAN Firesticks goes through a VPN (PIA) but Netflix and Prime go through my WAN directly.

            I used the ASNs I found for the streaming services and pfBlockerNG generated aliases for them and then used firewall rules based on the pfBlockerNG Alias to route through the WAN and not the VPN.

            See attached screenshots for how I have my setup done.

            Not perfect for sure, but it works for me at the moment.

            Screenshot 2024-06-12 215720.png Screenshot 2024-06-12 215802.png Screenshot 2024-06-12 215743.png Screenshot 2024-06-12 215726.png Screenshot 2024-06-12 215713.png

            I also experimented with pfBlockerNG scripts, but never got it working the way I wanted to. I reverted to the ASN Alais mode and have not gone back to it yet. See this long Reddit discussion that may help you find your preferred way: link text

            The discussion from 2 yrs ago is where I was involved. See sub-discussion: link text

            1 Reply Last reply Reply Quote 0
            • P
              Popolou
              last edited by

              @FCS001FCS Very helpful, thanks. Seems i'm on the right track which is encouraging. My assumption is that my situation is reversed and i may have to pick up more than the Netflix ASN (in this case) since they use AWS. I wonder if they authenticate on their own servers before handing over to AWS...

              Thanks again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.