IPv6 is very difficult to implement and enforce reliable rate limits on anonymous traffic. This is something we've struggled a lot with - there is no consistent implementation or standard when it comes to assigning of IPv6 addresses. sometimes a machine gets a full /64, other times a whole data center uses a full /64. So then we need to try and build knowledge of what level to block based on which IP range and for some it's just not worth the hassle.

▲

RiverCrochet an hour ago | parent | next [-]

Well, even if there was a standard, that's still not a guarantee that the other side of the /64 would be following it. It's correct for you to rate-limit the whole /64.

▲

Tuna-Fish 2 hours ago | parent | prev [-]

... But that's no different from IPv4. Sometimes you have one per user, sometimes there are ~1000 users per IP.

Most of the ipv4 world is now behind CGNAT, one user per ip is simply a wrong assumption.

	▲	mmbleh 23 minutes ago \| parent [-]
		Anonymous rate limits for us are skewed towards preventing abusive behavior. Most users do not have a problem, even there is a CGNAT on IPv4. For IPv6, if we block on /128 and a single machine gets /64, a malicious user has near infinite IPs. In the case of Linode and others that do /64 for a whole data center, it's easy to rate limit the whole thing. Wrong assumption or not, it is an issue that is made worse by IPv6