It's probably not as easy as you think depending on how their load balancing infrastructure is set up.
They can set up anycast and all kinds of load balancing but their software needs to be able to deal with IPv6: for example, for IPv6 you (probably) need /48 or /56 rate limiting* rather than just a single IP. Their logging infrastructure and SIEM setup also needs to be able to deal with all that.
Now, Microsoft (and friends, like Github) had decades to get this stuff working but they've managed to break IPv6 on Azure in some kind of super spectacular fashion like only Microsoft can, and I assume they use Azure to run their own services.
A quick workaround (setting up a proxy) shouldn't take more than a month to implement, but it would be like a completely separate part of infrastructure to manage while the real solution (getting their shit in order) is being resolved.
Microsoft needs to get their shit together but it's not as easy as just adding a DNS record. They'd need to set up distributed addressing across their infra to get it working and depending on how stupid their original infra design was, that could be a huge problem.
*=some incompetent web hosts assign /128s or /120s to their servers, which will be impacted by this rate limit, but that's only more incentive foe those incompetent hosts to not abuse IPv6 address space and use it as intended.
They can set up anycast and all kinds of load balancing but their software needs to be able to deal with IPv6: for example, for IPv6 you (probably) need /48 or /56 rate limiting* rather than just a single IP. Their logging infrastructure and SIEM setup also needs to be able to deal with all that.
Now, Microsoft (and friends, like Github) had decades to get this stuff working but they've managed to break IPv6 on Azure in some kind of super spectacular fashion like only Microsoft can, and I assume they use Azure to run their own services.
A quick workaround (setting up a proxy) shouldn't take more than a month to implement, but it would be like a completely separate part of infrastructure to manage while the real solution (getting their shit in order) is being resolved.
Microsoft needs to get their shit together but it's not as easy as just adding a DNS record. They'd need to set up distributed addressing across their infra to get it working and depending on how stupid their original infra design was, that could be a huge problem.
*=some incompetent web hosts assign /128s or /120s to their servers, which will be impacted by this rate limit, but that's only more incentive foe those incompetent hosts to not abuse IPv6 address space and use it as intended.