6 Aug
2024
6 Aug
'24
7:15 p.m.
Rob Evans wrote on 06/08/2024 17:48:
I believe it is pretty common to rate-limit based on the /32 for IPv4 and the /64 for IPv6, this isn’t something the NCC has invented.
the rationale for /64 is that ipv6 privacy addresses will cause the source IP address to change for each successive query, i.e. on a standard SLAAC network, the limit of 1000 person objects per-IP-address-per-day won't apply by default. Applying the rate limit on the entire /64 for ipv6 closes off this rather embarrassing loophole. Does the EB even need to approve text to clarify this? It's a standard and completely reasonable approach to rate-limiting. Nick