diff --git a/asg.html.md.erb b/asg.html.md.erb
index 2b60f2fb..c7179e57 100644
--- a/asg.html.md.erb
+++ b/asg.html.md.erb
@@ -8,7 +8,7 @@ App Security Groups (ASGs) are a collection of egress rules that enable you to s
ports, and IP address ranges where app or task instances send traffic.
ASGs define **allow** rules, and their order of evaluation is unimportant when multiple ASGs apply to the same space or deployment. The platform sets up rules to filter and log outbound network traffic
-from app and task instances. ASGs apply to both buildpack-based and Docker-based apps and tasks.
+from app and task instances. ASGs apply to both buildpack-based and Docker-based apps and tasks. Since capi-release v1.212.0, IPv6 is supported in ASGs.
## Staging and running ASGs
@@ -94,18 +94,18 @@ For more information, see [Managing ASGs with the cf CLI](#procedures).
ASG rules are specified as a JSON array of ASG objects. An ASG object has the following attributes:
-| Attribute | Description | Notes |
-| --------- | ----------- | ----- |
-| `protocol` | `tcp`, `udp`, `icmp`, or `all` | Required |
+| Attribute | Description | Notes |
+| --------- |-----------------------------------------| ----- |
+| `protocol` | `tcp`, `udp`, `icmp`, `icmpv6` or `all` | Required |
<% if vars.platform_code == 'CF' %>
-| `destination` | A comma deliminated list of single IP addresses, IP address ranges like `192.0.2.0-192.0.2.50`, or CIDR blocks that can receive traffic | Destination lists became available in capi-release 1.180.0 and can be enabled by setting the `cc.security_groups.enable_comma_delimited_destinations` bosh property to true. |
+| `destination` | A comma deliminated list of single IP addresses, IP address ranges like `192.0.2.0-192.0.2.50`, or CIDR blocks that can receive traffic | Destination lists became available in capi-release 1.180.0 and can be enabled by setting the `cc.security_groups.enable_comma_delimited_destinations` bosh property to true. IPv6 addresses, ranges and CIDR blocks are enabled if `cc.enable_ipv6` is true. For `icmp` you can only use IPv4 addresses and for `icmpv6` only IPv6 addresses. |
<% end %>
<% if vars.platform_code == 'PCF' %>
| `destination` | A single IP address, an IP address range like `192.0.2.0-192.0.2.50`, or a CIDR block that can receive traffic | |
<% end %>
| `ports` | A single port, multiple comma-separated ports, or a single range of ports that can receive traffic. Examples: `443`, `80,8080,8081`, `8080-8081` | Only possible if `protocol` is `tcp` or `udp`. |
-| `code` | ICMP code | Required when `protocol` is `icmp`. A value of `-1` allows all codes. |
-| `type` | ICMP | Required when `protocol` is `icmp`. A value of `-1` allows all types.
+| `code` | ICMP code | Required when `protocol` is `icmp` or `icmpv6`. A value of `-1` allows all codes. |
+| `type` | ICMP | Required when `protocol` is `icmp` or `icmpv6`. A value of `-1` allows all types.
| `log` | Set to `true` to enable logging. For more information about how to configure system logs to be sent to a syslog drain, see [Using Log Management Services](../devguide/services/log-management.html). | Logging is only supported with protocol type `tcp`. |
| `description` | An optional field for operators managing ASG rules | |
@@ -160,7 +160,13 @@ following example, which allows ICMP traffic of code `1` and type `0` to all des
"protocol": "icmp",
"destination": "0.0.0.0/0",
"type": 0,
- "code": 0
+ "code": 1
+ },
+ {
+ "protocol": "icmpv6",
+ "destination": "::/0",
+ "type": 0,
+ "code": 1
},
{
"protocol": "tcp",
@@ -412,6 +418,10 @@ The following is an example `public_networks` ASG:
{
"destination": "192.169.0.0-255.255.255.255",
"protocol": "all"
+ },
+ {
+ "destination": "::/0",
+ "protocol": "all"
}
]
```