Netflix no longer able to stream on Gateway internet
Best answer by Blava_Highlander
View original
Page 2 / 4
Userlevel 7
+8
The issue or problem with the DNS resolution has to be related to the 464XLAT delivery. I have seen that issue as well. I just changed my clients to use Cloud Flare and it was a quick fix. The refresh time to the gateways or the gateway firmware just probably does not refresh properly so the entries get stale. If you reboot the gateway to fix that issue sure it forces the DNS refresh. That is just an extreme way to resolve the problem. They just need to look at the protocol stack used in the code and fix it.
The Netflix streaming issue seems a bit different and the packet capture suggest a problem with delivery of the packets via port 443. The domain info is correct so the handling of the layer 4 information is mucked up. With the packet information it really looks like that. I have not seen the full capture information for a failed session initiation as it works here. I have the Nokia and the Arcadyan gateway does not seem to be impacted by this. Maybe it is with the Sagemcon firmware. Still not enough data to know and no way to debug it with these dumbed down gateways other than packet captures and that only points at the fault not the root cause. I often wish T-Mobile would just be a bit more transparent about the problems and be up front about the genuine effort being applied. Just a little respect would be nice.
It is an odd issue and hard to nail down. I have the Nokia as I stated and it works for me here and I do have Cloud Flare set on my MacBook Pro for DNS. Yes, no issue here for me. I don’t run an additional router or any extenders. I have been trying to see if there are some hard clues. The packet captures where the HTTPS fails authentication for two different users seemed like a good start. Still I think there are more common datapoints that are not recorded. Almost need a laundry list of variables to look for common elements to pull it all apart. I still can’t seem to ignore the two users that have the packet captures showing the issue with HTTPS. If the session authentication fails then of course the mission fails. Why, what is the trigger?
Personally, I think it’s a caused by using TMO router’s default DNS. When I first used the TMO router as a stand alone, I had random connectivity issues (not all websites and not all devices). That all went away when I changed to Cloud Flare DNS on my Asus mesh.
Unfortunately the TMO Routers cannot change DNS servers so you can only change DNS at the device level if your device allows it.
Userlevel 7
+8
It is an odd issue and hard to nail down. I have the Nokia as I stated and it works for me here and I do have Cloud Flare set on my MacBook Pro for DNS. Yes, no issue here for me. I don’t run an additional router or any extenders. I have been trying to see if there are some hard clues. The packet captures where the HTTPS fails authentication for two different users seemed like a good start. Still I think there are more common datapoints that are not recorded. Almost need a laundry list of variables to look for common elements to pull it all apart. I still can’t seem to ignore the two users that have the packet captures showing the issue with HTTPS. If the session authentication fails then of course the mission fails. Why, what is the trigger?
I have the KDV21 but using an Asus mesh with DHCP (double NAT) and Cloudfare DNS. No issues with Netflix on Apple TV 4K, iPhones, iPads, and MacBooks. I also have a Android 10 DAP that works fine too.
Agreed, nothing better than seeing packets. I have the Arcadyan KVD21 gateway Firmware 1.00.16 on the East Coast.
Userlevel 7
+8
Thanks so much for taking the packet captures from both sources. I am not sure what gateways were used for those two or if it has any bearing on the problem but clearly the HTTPS session does not complete authentication. I could have taken captures here but mine seems to be working but have the Nokia gateway. We could be in different regions for all I know and that may have a bearing on the problem as well. If it is due to firmware on the gateways then it might take some time for them to push the update out. Who knows how long that will take to complete given you can’t go get it.
Userlevel 7
+8
They marked this community conversation with a best answer pointing to a conversation in a Reddit thread. There was no obvious answers there. It was discussion on the issue but did not explain why Netflix was not working. Looking at the actual traffic/packets and seeing is believing.
Userlevel 7
+8
That specific information needs to get to the engineers so they can see for themselves. That makes it pretty obvious the HTTPS did not connect.
Here are all the requests that I see in order:
android.prod.cloud.netflix.com = Successful connection
nrdp60-appboot.netflix.com = Successful connection
occ-0-7094-90.1.nflxso.net = Failed SYN packet, no response on T-Mobile IP
api-global.netflix.com = Successful connection
secure.netflix.com = Successful connection
occ-0-7094-90.1.nflxso.net = Failed SYN packet, no response on T-Mobile IP
ichnaea.netflix.com = Successful connection
Testing to occ-0-7094-90.1.nflxso.net from T-Mobile home gateway:
curl -v https://occ-0-7094-90.1.nflxso.net
* Trying 208.54.15.202:443...
* connect to 208.54.15.202 port 443 failed: Operation timed outTesting to occ-0-7094-90.1.nflxso.net from Comcast IP:
curl -v https://occ-0-7094-90.1.nflxso.net
* Trying 208.54.15.203:443...
* Connected to occ-0-7094-90.1.nflxso.net (208.54.15.203) port 443 (#0)
I hope T-Mobile can resolve this ASAP as it has been many days with no progress
Userlevel 7
+8
From that seeing the 443 time out tells me it appears to be excessive delay on the initial authentication setup. At least that is what I suspected.
I have this problem as well. None of the images load in any of my devices. Whether it is in an app or in a web browser.
I also see the requests timing out to what appears to be a tmobiled owned subdomain of a netflix owned primary domain:
Resolving occ-0-7099-116.1.nflxso.net (occ-0-7099-116.1.nflxso.net)... 208.54.15.187, 208.54.15.189
Connecting to occ-0-7099-116.1.nflxso.net (occ-0-7099-116.1.nflxso.net)|208.54.15.187|:443... failed: Operation timed out.
Connecting to occ-0-7099-116.1.nflxso.net (occ-0-7099-116.1.nflxso.net)|208.54.15.189|:443... failed: Operation timed out.
| A | occ-0-7099-116.1.nflxso.net | 208.54.15.186 T-Mobile USA, Inc. (AS21928) | |
| A | occ-0-7099-116.1.nflxso.net | 208.54.15.187 T-Mobile USA, Inc. (AS21928) |
Userlevel 7
+8
The part I suspected yesterday and still do is the authentication with secure HTTP. When I see what you posted for, what I suspect to be working vs not working is the server responding on port 443. The failure takes place or seems to before the user can even get authenticated via the HTTPS connection to the Netflix server. Watch the front end of the session closely. I will have to run a capture later as I don’t have the time right now but I know it is working here so I can at least record the initial setup and know what to expect for the initial setup of the session with the server. Without hard data I am just speculating.
That is another factor I have had some suspicions about. Users that use additional routers vs those that do not. I have ONLY the Nokia gateway running. It works. Is the gateway hardware a factor OR additional router or mesh connected to the gateway part of the equation? I don’t know as there are not enough data points to draw additional conclusions or a theory that has some substance based upon data. It could still be in the T-Mobile IPv6 network vs at the edge.
I have the same issue for a few days now, I have TMHI,FireTV, Google TV and Apple devices all having the same issue. I did some tests and noticed that my devices are doing a DNS lookup for occ-0-7094-90.1.nflxso.net which resolves to 208.54.15.202, 208.54.15.203, 208.54.15.204 and 208.54.15.205. The domain is owned by Netflix and the IPs 208.54.0.0/17 are owned by T-Mobile. I also did a packet capture on my firewall which is connected to the T-Mobile Home Gateway and I can see many connections attempts from my internal network to the T-Mobile IPs but noresponse from them.
23:28:39.597816 IP 192.168.x.x.50974 > 208.54.15.202.443: Flags [S], seq 1696298149,win
23:28:40.604997 IP 192.168.x.x.50974 > 208.54.15.202.443: Flags [S], seq 1696298149,win
23:28:41.605026 IP 192.168.x.x.50974 > 208.54.15.202.443: Flags [S], seq 1696298149,win
23:28:42.606625 IP 192.168.x.x.50974 > 208.54.15.202.443: Flags [S], seq 1696298149,win
If I run the same test using a different ISP, the T-Mobile IP 208.54.15.202 actually responds and completes a 3 way handshake connection.
23:28:07.301342 IP 192.168.x.x.50936 > 208.54.15.202.443: Flags [S], seq820598644,win
23:28:07.329634 IP 208.54.15.202.443 > 192.168.x.x.50936: Flags [S.], seq 2897770398,ack
23:28:07.331666 IP 192.168.x.x.50936 > 208.54.15.202.443: Flags [.], ack 1,win
23:28:07.350863 IP 192.168.x.x.50936 > 208.54.15.202.443: Flags [P.], seq 1:302,ack
So for some reason the T-Mobile IPs are dropping the Netflix stream requests that are coming from their TMHI gateways.
Userlevel 7
+8
That is curious. It may just be due to users with the apps on the smart TVs in part or just because that is what they tend to stream on. So far the problem does not seem to present itself here. I know my wife and daughter have been streaming downstairs either with the Fire Stick or with the Xbox to our TV which is not a “smart” TV. It may not be smart but it works. At any rate I have seen no issue streaming Netflix on my iPad Pro or my M1 MacBook Pro. I run the Netflix app on the iPad Pro but on my MacBook Pro I just open Safari and it pops right up. I just upgraded to the 14” M1 MacBook Pro via the black Friday sale at BestBuy. What a huge difference over my old 2014 MacBook Pro.
So, it is curious and hard to say what causes that issue. I have had the Nokia gateway since January 2012 at the later part of the BETA period and it just continues to carry on. I am glad I don’t have the Arcadyan or Sagemcon as managing the gateway with the mobile app is a pain in the backside. The Nokia still allows the web GUI and it is by far a MUCH more friendly way to do it. More options with the Nokia gateway as well. I only run the T-Mobile gateway and have not added any mesh solution or extenders etc… The wireless on the Nokia gets the job done here over the upstairs in most places even from the basement window. There are a couple of near dead zones but not bad. Simpler and less expensive than going into all the extra when I don’t really need it.
Howdy neighbor
Another thing that’s interesting is that I cannot see this forum while I’m at home as well. I discovered that after I got to work and here I am seeing it. Starting to question some fishy stuff going on.
Userlevel 7
+8
I also have the Nokia gateway and it is on firmware 1.2201.00.0324 which it has been on for some time now. I have been streaming Netflix this evening on a iPad Pro and I had it up on my MacBook Pro earlier. No problems streaming Netflix here in east TN. Since there was work on either the T-Mobile network or Netflix it might be necessary to clear the cache on the Netflix app and try it again. I did not see the disruption to Netflix here during the period where others did. I don’t know what is different to account for that but it has continued to work on all the devices I checked here. My gateway has been up without a reboot for 38 days and 9 hours and change. I run two parallel SSIDs and roughly 24 devices on the network so it does get exercise but just keeps on chugging along.
I too am no longer able to stream Netflix, although all other streaming services (Amazon Prime, Hulu, YouTube, Pandora) work fine as usual.
I have the cylindrical Nokia gateway and am watching on a Sharp 50” smart Tv LC50-LBU591U. I’ve had T-Mobile Home Internet since last Spring, and it’s worked fine since then, until this issue which began a few days ago.
I’ve got a number of other devices, including Google Nest Hub, Nest Audio speakers, Nest Camera with Floodlight, and several Kasa smart switches and plugs. The most recent Kasa smart plugs would not connect to the T-Mobile dual band (2.4 and 5 Ghz) network, so I created another single band 2.4 Ghz network channel just for those plugs, but kept everything else connected to my original dual-band network, since it seemed to be working fine.
Sometime since then I lost Netflix, but everything else still works. Not sure if adding the single-band channel has anything to do with the problem, since the TV is still connected to the original dual-band channel, and still works on all the other streaming services.
Userlevel 7
+8
I was just out reading through the Reddit thread. Sounds like it stirred up a whole bunch of stink. The thread only states they are working on it but of course the real cause of the problem will never be known outside T-Mobile and Netflix. I suppose it will be all sorted out in time. Until next time. Enjoy the shows!
Userlevel 7
+8
I tested yesterday on multiple devices and on my MacBook Pro. I have had my DNS set to quad9 and Netflix was working as it should. Today it still seems to load properly and work fine. I am running a Nokia gateway so maybe it also has some influence. Maybe they are getting the issues under control.
https://www.reddit.com/r/tmobileisp/comments/zf0zla/netflix_still_not_working/
There seems to be some more detailed information on this reddit, if you wish to review it.
oh ok. I guess I’d have to wait until they fix this. ( On other note: I’m still pissed about this, I called customer service on the night I set up my gateway and had issue with Netflix. One of the rep. told me I have to add a phone line to be able to stream Netflix. It doesn’t make sense to me so I asked to transfer to a different person but she won’t let me, She insist on adding a phone line to resolve the problem. we go back and forth for half an hour. At the end, I told her I would think about it, and call back if I want to add another line. Some of the rep. are trash. But now knowing some people have the same issue as me somehow put me at ease.
If I had more than one, I'd do it just for giggles but I would not expect any different results. Folks with different gateway types are having the same issue.
Do you think it would help to switch to a different gateway device?
So far as DNS goes, I've already tried both Google and Cloudflare and the results are the same. At the moment, I'm keeping everything on Cloudflare but it's easy to change.
Userlevel 7
+8
OK well that might be a behavior the Sagemcon gateway does but I have not seen as I have the Nokia gateway. Maybe it is due to a firmware change with the Sagemcon gateway and the Arcadyan gateway. The Nokia firmware has not updated for quite some time but it seems to be pretty stable. Well, at least the one I have is.
Since so much internet activity is reliant upon DNS resolution having that functioning is critical. Maybe there is a known DNS resolution issue they are aware of and that is a workaround for flushing the gateway cache and making it properly resolve the DNS. Sorry, I worked in the industry and it smells like a hack patch until the code is reworked. If the coding is going to take significant effort and time it is a common practice to provide a temporary fix. Fry the big fish first.
Page 2 / 4
Reply
New badge winners
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.