Access Control List Support
The Oracle Communications Session Border Controller supports IPv6 for access control lists in two ways:
- For static access control lists that you configure in the access-control configuration, your entries can follow IPv6 form. Further, this configuration supports a prefix that enables wildcarding the source IP address.
- Dynamic ACLs are also supported; the Oracle Communications Session Border Controller will create ACLs for offending IPv6 endpoints.
Data Entry
When you set the source-address and destination-address parameters in the access-control configuration, you will use a slightly different format for IPv6 than for IPv4.
For the source-address, your IPv4 entry takes the following format: <ip-address>[/<num-bits>][:<port>[/<port-bits>]]. And for the destination-address, your IPv4 entry takes this format: <ip-address>[:<port>[/<port-bits>]].
Since the colon (:) in the IPv4 format leads to ambiguity in IPv6, your IPv6 entries for these settings must have the address encased in brackets ([]): [7777::11]/64:5000/14.
In addition, IPv6 entries are allowed up to 128 bits for their prefix lengths.
The following is an example access control configuration set up with IPv6 addresses.
ORACLE(access-control)# done
access-control
realm-id net7777
description
source-address 7777::11/64:5060/8
destination-address 8888::11:5060/8
application-protocol SIP
transport-protocol ALL
access deny
average-rate-limit 0
trust-level none
minimum-reserved-bandwidth 0
invalid-signal-threshold 10
maximum-signal-threshold 0
untrusted-signal-threshold 0
deny-period 30