Policy Routing - Streaming Services
-
Been asked a question which i thought was a simple yes, but i suspect may come with some trial and error. Has anyone reliably routed only the streaming service over their peers, such as with Netflix?
I would have thought that creating an alias against their AS2906 would be sufficient but i recall they are heavily reliant on AWS. I'm not keen on having to sniff out and keep an IP list regularly updated....
Any ideas?
-
@Popolou what are you wanting to accomplish exactly? Sometimes is a easier solution if say you want your streaming services to go out connection X you have. Vs doing it based on destination, do it on source IP.
Whatever the player is can be routed out that connection.. Like your roku or firestick.. For your mobile devices like phones/laptops/tablets etc.. - Just setup a wireless network that routes out this connection you want to use when streaming.
But yeah many of these services leverage resources on different CDN based networks.. Which yes can be difficult to isolate to only specific networks as your destination.
-
@johnpoz I am going to experiment by creating an alias in pfB using AS2906 for the destination because i'd not want to route a whole device out if i can help it.
I could have sworn this has been done before, but i cannot seem to find any notes or guidance from those who have tried. Quite bizarre...
-
I did something similar using pfBlockerNG in pfSense.
I wanted, and it works, that my IPTV VLAN Firesticks goes through a VPN (PIA) but Netflix and Prime go through my WAN directly.
I used the ASNs I found for the streaming services and pfBlockerNG generated aliases for them and then used firewall rules based on the pfBlockerNG Alias to route through the WAN and not the VPN.
See attached screenshots for how I have my setup done.
Not perfect for sure, but it works for me at the moment.
I also experimented with pfBlockerNG scripts, but never got it working the way I wanted to. I reverted to the ASN Alais mode and have not gone back to it yet. See this long Reddit discussion that may help you find your preferred way: link text
The discussion from 2 yrs ago is where I was involved. See sub-discussion: link text
-
@FCS001FCS Very helpful, thanks. Seems i'm on the right track which is encouraging. My assumption is that my situation is reversed and i may have to pick up more than the Netflix ASN (in this case) since they use AWS. I wonder if they authenticate on their own servers before handing over to AWS...
Thanks again.
