[pclmulqdq]

You would be surprised how big of a hammer ISPs will use when they are told to hit something. They live in a very different world than many modern web software companies - they are the plumbers for lots of things you take for granted, and look at the world the way a plumber does. Thanks to TLS, the plumbers can't see the HTTP headers to figure out what's actually flowing, so they sort of end up whacking all of it.

Generally, low-reputation IP addresses are associated with scams, spammers, and other similar things. Gaming somehow gets lumped into this bucket in some jurisdictions, but that hurts you worldwide (similar with other "sin businesses" like porn). These blacklists get published (I think there's some parts of BGP that make this happen, but I'm not quite sure what the mechanism is), and being on any one of them hurts your traffic everywhere because it becomes suspect.

I agree with you that this mix of compliance, engineering, and sales is gross. If this was the issue, they should have just told the OP.

[nolverostae]

It will be interesting to see. Just for completeness, Fastly is not requiring us to BYOIP or anything unless it causes them actual problems, which so far it hasn't. I'm sure they also have other similar businesses to ours so they should have some experience.

I guess I'll see in a while if this was also just a sales tactic from Cloudflare or not.

[pclmulqdq]

Yeah, I also assume that any sane CDN of this size has enough IPs that they can reserve a /16 or so for their "risky" customers (each deployment needs a /24, usually, so /16 gets you 255 regional sites). If Fastly has no problems or can otherwise quarantine you, there's no good reason for the BYOIP demand.