Rob Evans wrote on 06/08/2024 17:48:
I believe it is pretty common to rate-limit based on the /32 for IPv4 and the /64 for IPv6, this isn’t something the NCC has invented.
the rationale for /64 is that ipv6 privacy addresses will cause the source IP address to change for each successive query, i.e. on a standard SLAAC network, the limit of 1000 person objects per-IP-address-per-day won't apply by default. Applying the rate limit on the entire /64 for ipv6 closes off this rather embarrassing loophole. Does the EB even need to approve text to clarify this? It's a standard and completely reasonable approach to rate-limiting.
Nick
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
