[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Implications of v6 on application level rate limiting...
On 5 feb 2010, at 16:57, Jeroen Massar wrote:
> Alexander Mayrhofer wrote:
>> A simple approach would be to aggregate requests by prefix (/64 or /56
>> or even /48?), and use that prefix instead of the full IP adress. This
>> problem is not specific to our WHOIS use case, but will show up in SMTP
>> rate limiting, ssh blacklisting applications, SIP registration servers,
> Indeed, that is the most simple and obvious approach: per 'level' eg
> chunked something in order of /64, /48, /40, /36, /32 if X
> hosts/upper-levels in that level do something bad you aggregate to the
> next level.
> X could vary per level of course.
And please please please make this aggregation policy case based or never aggregated above /64. There are a lot of ISP's out there who have different productsm with very different address plans which are all in the same /32 and can be quite close together, with a default policy of /56 for broadband residential, /48 for business and /64 for mobile.
So what seem to be a good and decent aggregation for DSL can all of a sudden create huge problems as you unintentionally block or ratelimit 65.000 mobile users from that same ISP.
> Very crude, but very effective, as at a /32 you will have blocked the
> full ISP if they are 'bad' as seen from your policy point of view.
Not connecting to the internet at all might be a better choice for those people :)