Re: Implications of v6 on application level rate limiting...

[Roque Gagliano <roque@lacnic.net>]

hi Jeroen,

On Feb 5, 2010, at 4:57 PM, Jeroen Massar wrote:

> Alexander Mayrhofer wrote:
> [..]
>> A simple approach would be to aggregate requests by prefix (/64 or /56
>> or even /48?), and use that prefix instead of the full IP adress. This
>> problem is not specific to our WHOIS use case, but will show up in SMTP
>> rate limiting, ssh blacklisting applications, SIP registration servers,
>> etc..
> 
> Indeed, that is the most simple and obvious approach: per 'level' eg
> chunked something in order of /64, /48, /40, /36, /32 if X

The problem that I see using any length shorter than 48 is that RIR's min allocations are /48s. This means that if you block a /32, you may be blocking 65000 end-users assignments. So, if you want to use any length shorter than 48, you would need to follow RIR's allocation sizes in their allocated address space, and that changes in time with new policies.

r.


> hosts/upper-levels in that level do something bad you aggregate to the
> next level.
> X could vary per level of course.
> 
> Very crude, but very effective, as at a /32 you will have blocked the
> full ISP if they are 'bad' as seen from your policy point of view.
> 
> Greets,
> Jeroen
>