Access Control List Support

The Oracle® Enterprise Session Border Controller supports IPv6 for access control lists in two ways:

• For static access control lists that you configure in the access-control configuration, your entries can follow IPv6 form. Further, this configuration supports a prefix that enables wildcarding the source IP address.
• Dynamic ACLs are also supported; the Oracle® Enterprise Session Border Controller will create ACLs for offending IPv6 endpoints.

Data Entry

When you set the source-address and destination-address parameters in the access-control configuration, you will use a slightly different format for IPv6 than for IPv4.

For the source-address, your IPv4 entry takes the following format: <ip-address>[/<num-bits>][:<port>[/<port-bits>]]. And for the destination-address, your IPv4 entry takes this format: <ip-address>[:<port>[/<port-bits>]].

Since the colon (:) in the IPv4 format leads to ambiguity in IPv6, your IPv6 entries for these settings must have the address encased in brackets ([]): [7777::11]/64:5000/14.

In addition, IPv6 entries are allowed up to 128 bits for their prefix lengths.

The following is an example access control configuration set up with IPv6 addresses.

ORACLE(access-control)# done
access-control
        realm-id                       net7777
        description
        source-address                 7777::11/64:5060/8
        destination-address            8888::11:5060/8
        application-protocol           SIP
        transport-protocol             ALL
        access                         deny
        average-rate-limit             0
        trust-level                    none
        minimum-reserved-bandwidth     0
        invalid-signal-threshold       10
        maximum-signal-threshold       0
        untrusted-signal-threshold     0
        deny-period                    30