Comment by nolverostae
8 months ago
BYOIP is reasonable, though I doubt anyone actually does legislation blocks by IP. Since like half of companies on the internet use Cloudflare or other multi-tenant infrastructure everyone is aware that you can't block an IP address and hit one target. The only thing I've seen is DNS blocks (both DNS protocol directly and based on TLS SNI).
FYI, we also fully block users from the US (due to regulations).
My problem here is mainly the unprofessional communication and huge mess of mixing "compliance" with sales, without giving any clear information or options. And then the removal of our account without warning while we were still talking to them.
You would be surprised how big of a hammer ISPs will use when they are told to hit something. They live in a very different world than many modern web software companies - they are the plumbers for lots of things you take for granted, and look at the world the way a plumber does. Thanks to TLS, the plumbers can't see the HTTP headers to figure out what's actually flowing, so they sort of end up whacking all of it.
Generally, low-reputation IP addresses are associated with scams, spammers, and other similar things. Gaming somehow gets lumped into this bucket in some jurisdictions, but that hurts you worldwide (similar with other "sin businesses" like porn). These blacklists get published (I think there's some parts of BGP that make this happen, but I'm not quite sure what the mechanism is), and being on any one of them hurts your traffic everywhere because it becomes suspect.
I agree with you that this mix of compliance, engineering, and sales is gross. If this was the issue, they should have just told the OP.
It will be interesting to see. Just for completeness, Fastly is not requiring us to BYOIP or anything unless it causes them actual problems, which so far it hasn't. I'm sure they also have other similar businesses to ours so they should have some experience.
I guess I'll see in a while if this was also just a sales tactic from Cloudflare or not.
Yeah, I also assume that any sane CDN of this size has enough IPs that they can reserve a /16 or so for their "risky" customers (each deployment needs a /24, usually, so /16 gets you 255 regional sites). If Fastly has no problems or can otherwise quarantine you, there's no good reason for the BYOIP demand.
While they absolutely shouldn't ban IP for reasons you said, some do that anyway.
The most (in)famous case is China's GFW which banes IPs all the time. Yes, other websites often get accidentally blocked, but they don't care. Moreover, you can't even communicate with them because there are no official legal regulations. This is something what any CDN or cloud providers have to deal all the time.
There are numerous official legal regulations and decisionmaking bodies pertaining to the GFW. What do you mean?
CCP does what they want, the “regulations” are meaningless.