Saturday, September 05, 2009

Using Amazon EC2 to access Hulu

As more and more content moves onto the Internet, it is frequently provided on a region-by-region basis. A lot of people want to have access to Hulu, Pandora, ABC, NBC, Netflix and the US Amazon and iTunes online stores.

I was one of them. S92A also provided an impetus to my research. If downloading US content was going to result in disconnection, I needed another way to get my North American TV fix. It would be even better if it was legal.

A little-known section of the NZ copyright law makes it legal to break DRM if the only purpose is to provide a region lock. To me, that indicates that if I can get around the geographic IP block on these web sites, I am no longer breaking NZ copyright law by watching the shows.


There are a couple of methods to do this. The ultimate method is using an OpenVPN server on EC2. I didn't start there. I started by using Squid.

First, you will need to learn how to construct an Amazon EC2 instance. This requires setting up an account, downloading the tools and starting an instance. Nothing too difficult, and all described by Robert Sosinski.

Since this will be a network proxy, we don't need a fast CPU, or a lot of memory. The smallest EC2 machine image is perfectly usable. I used a Fedora instance, since that was what I was familiar with at the time.

From the steps in Robert's instructions, I would leave out allowing access to port 80 (ec2-authorize default -p 80). We don't need it for this.

Now that you have a working image, we need to get Squid working. A funny aside, you can tell how mature the Internet is getting by the search results for open source project names. It used to be that if you Google'ed "Squid" you got the HTTP proxy. Now you get cephalopods.

I wanted a set of instructions that could be easily scripted so that I didn't have to leave the instance running, or store anything on S3, Amazon's storage system.


First we install and start squid.

ssh -i ec2-keypair root@$EC2HOST  "yum -y install squid"
ssh -i ec2-keypair root@$EC2HOST  "/etc/init.d/squid start"

Finally, we setup a local tunnel from our local machine to the Squid proxy.

ssh -i ec2-keypair -N -L3128:localhost:3128 root@$EC2HOST 

To make use of the proxy, all we need to do is point Firefox (or your preferred browser) at localhost:3128. Voila we now have access to the US.

However, if we try to use Hulu, only some of the videos work. We don't get the "not available in your region" error message anymore, instead we get a "unable to play the video at this time". Something else is going on.

Hulu is using multiple layers of security. They are not only checking the source of the HTTP stream, the actual RTMPE stream is protected as well. Time to add more stealth.

First, we tell squid to not tell anyone downstream who they are proxying for:

ssh -i ec2-keypair root@$EC2HOST  "echo "forwarded_for off >> /etc/squid/squid.conf"
ssh -i ec2-keypair root@$EC2HOST  "/etc/init.d/squid restart"

However, that doesn't fix all of the problems. Reading up on the protocol that the flash player uses (RTMP), we see that while it will tunnel over HTTP, it will first try to make a direct connection. It is that direct connection which is causing us problems, so we will turn it off.

sudo ipfw add 2000 deny tcp from any to any 1935 out

Now, when we try to use Hulu, we see that all of the videos are working, the RTMP stream is properly using the HTTP proxy, and Hulu is no longer restricting our access.

However, this isn't perfect. Amazon EC2 seems to rate limit the instances. Even though you are paying per byte of transfer, EC2 doesn't let you have more than 1mbps per connection. That means that while we can watch Hulu, we can't get reliable access to the HD content.

So, how expensive is it?

Here's some math....
  • NZ Sky subscription, basic plan (no movies, no sports). $11.74/week
  • Hulu Video
    Amazon Cost:
      Instance: US$0.1*(NZ$1/USD$0.67) = NZ$0.15
      Traffic (based on 1 episode of Eureka)
      (304MB/43min)*(60min/hr)*(1GB/1024MB)*(USD$0.27/1GB)*(NZD$1/USD$0.67) = NZ$0.17
      Total   : NZ$0.32/hr
    NZ Bandwidth cost:
      (304MB/43min)*(60min/hr)*(1GB/1024MB)*(NZ$1.50/GB) = NZ$0.62/hr
    Total cost per hour: NZ$0.94/hr
  • Bittorrent cost per hour
      SeedRatio = 1.0
      (350MB/40min)*(60min/hr)*(2-(1-SeedRatio))*(1GB/1024MB)*(NZ$1.50/GB) = NZ$1.53/hr

Break even point of Squid Proxy:

  • vs Bittorrent - instant
  • vs Sky - 11.74/0.94 = 12 hours.

Therefore, to have any value, you need to be watching content on Sky TV which isn't available on FreeView for more than 12 hours a week in order to justify paying for Sky TV.

So, in this case, going legal is cheaper.