Disallow using relays using the same IP (or IPv6 prefix) as client
I thought about a potential deanonymization risk but don't know if it would hold up in real life.
I am aware of two instances where my Tor Browser used a middle relay on the same IPv4 (and IPv6 /56) as the client. This is the exact middle relay I host at home.
My ISP, CenturyLink (Lumen) may have full knowledge on all three circuits this way, assuming they log, since the same connection connects to the guard (via client) and exit (via middle). They may not know the website, but that's it.
While every ISP is different, and my relay is very high bandwidth (~1 Gbps via two relays), Lumen also owns Level 3 which is the biggest transit ISP so lots of ASNs push traffic via them.
We should probably not use relays using the same IP as the client, or for IPv6, the same /56 (common end-user allocation size) To be safe, the IPv4 /16 or IPv6 /48 could also be avoided like we do with two distinct relays.