Access Control List Support
The Oracle® Enterprise Session Border Controller supports IPv6 for access control lists in two ways:
- For static access control lists that you configure in the access-control configuration, your entries can follow IPv6 form. Further, this configuration supports a prefix that enables wildcarding the source IP address.
- Dynamic ACLs are also supported; the Oracle® Enterprise Session Border Controller will create ACLs for offending IPv6 endpoints.
Data Entry
When you set the source-address and destination-address parameters in the access-control configuration, you will use a slightly different format for IPv6 than for IPv4.
For the source-address, your IPv4 entry takes the following format: <ip-address>[/<num-bits>][:<port>[/<port-bits>]]. And for the destination-address, your IPv4 entry takes this format: <ip-address>[:<port>[/<port-bits>]].
Since the colon (:) in the IPv4 format leads to ambiguity in IPv6, your IPv6 entries for these settings must have the address encased in brackets ([]): [7777::11]/64:5000/14.
In addition, IPv6 entries are allowed up to 128 bits for their prefix lengths.
The following is an example access control configuration set up with IPv6 addresses.
ORACLE(access-control)# done access-control realm-id net7777 description source-address 7777::11/64:5060/8 destination-address 8888::11:5060/8 application-protocol SIP transport-protocol ALL access deny average-rate-limit 0 trust-level none minimum-reserved-bandwidth 0 invalid-signal-threshold 10 maximum-signal-threshold 0 untrusted-signal-threshold 0 deny-period 30