Implications of v6 on application level rate limiting...

["Alexander Mayrhofer" <alexander.mayrhofer@nic.at>]

Hi,

I'm trying to find documents about the implication of v6 on rate
limiting on application level. I've gone through the list of v6ops
documents, but haven't found any reference to or guidance about the
following issue:

I'm working for the ".at" ccTLD registry, and we're currently
investigating the implications of adding v6 transport to our WHOIS
servers. For data protection & load management reasons, those WHOIS
servers are currently configured to apply rate limiting on the
application level on a per-IPv4-address basis, for example "5 queries
per hour, 100 queries per day" (etc). This works quite well on IPv4,
since acquiring a new IPv4 address is not trivial in most scenarios.

With the introduction of IPv6, the "per IP" strategy obvioulsy doesn't
work anymore like this, because any host with a /64 can essentially
generate a new IP address for each request.

A simple approach would be to aggregate requests by prefix (/64 or /56
or even /48?), and use that prefix instead of the full IP adress. This
problem is not specific to our WHOIS use case, but will show up in SMTP
rate limiting, ssh blacklisting applications, SIP registration servers,
etc..

Since this problem is therefore pretty generic, my question is whether
the v6ops working group has created considerations for such cases. If
not: Would the v6ops be chartered to do such work, and is interest in
this problem big enough to get something started?

I beg to pardon if this issue has been discussed/documented before, and
i have missed it. I'd appreciate being pointed at the work in that case
.. 

Comments are appreciated.

Thanks,

Alex