Add the new ipv6 ASG group to the docu

_default_asg_oss.html.md.erb

@@ -1,4 +1,4 @@
-Cloud Foundry preconfigures two ASGs: `public_networks` and `dns`.
+Cloud Foundry preconfigures three ASGs: `public_networks`, `dns` and the experimental `public_networks_ipv6`.
 
 Unless you modify these before your initial deployment, these ASGs are applied by default to all containers in your deployment.
 
@@ -9,7 +9,12 @@ Foundry blocks outgoing traffic to the following IP address ranges by specifical
 	* 172.16.0.0 - 172.31.255.255
 	* 192.168.0.0 - 192.168.255.255
 
-* `dns`: This group allows access to DNS on port 53 for any IP address. The default ASGs are defined in the `cf-deployment.yml` file as follows:
+* `dns`: This group allows access to DNS on port 53 for any IP address. 
+
+* `public_networks_ipv6`: This group is experimentally added to manage IPv6 egress traffic. It is particularly intended for experimental use,
+ with caution advised due to its broad scope `2000::/3` that may not align with optimal security standards in production environments. 
+
+The default ASGs are defined in the `cf-deployment.yml` file as follows:
 
     ```
       security_group_definitions:
@@ -33,6 +38,11 @@ Foundry blocks outgoing traffic to the following IP address ranges by specifical
         - destination: 0.0.0.0/0
           ports: '53'
           protocol: udp
+      - name: public_networks_ipv6
+        rules:
+        - destination: 2000::/3
+          protocol: all
     ```
-    Modify the default ASGs to block outbound traffic as necessary for your installation. To see how the ASGs are defined by
-    default, see the [cf-deployment.yml](https://github.com/cloudfoundry/cf-deployment/blob/main/cf-deployment.yml#L604-L627) file on GitHub.
+
+Modify the default ASGs to block outbound traffic as necessary for your installation. To see how the ASGs are defined by 
+default, see the [cf-deployment.yml](https://github.com/cloudfoundry/cf-deployment/blob/main/cf-deployment.yml#L894-L914) file on GitHub.

asg.html.md.erb

@@ -356,6 +356,7 @@ The following table describes examples of typical ASGs. Configure your ASGs in a
 | --- | ---
 | `dns` | DNS, either public or private |
 | `public-networks` | Public networks, excluding IaaS metadata endpoints |
+| `public_networks_ipv6` | Public IPV6 networks |
 | `private-networks` | Private networks in accordance with [RFC-1918](https://tools.ietf.org/html/rfc1918#section-3) |
 | `load-balancers` | The internal <%= vars.app_runtime_abbr %> load balancer and others |
 | `internal-proxies` | Internal proxies |
@@ -416,6 +417,22 @@ The following is an example `public_networks` ASG:
 ]
 ```
 
+### <a id='public-networks-ipv6-example'></a> Public IPv6 networks
+
+For IPv6-enabled environments, public repositories and services are generally accessible within the range 2000::/3.
+As this configuration is in an experimental phase, the provided range is intended for testing purposes only. Before deploying in production environments, additional research on IPs to exclude for enhanced security is recommended.
+
+The following is an example `public_networks_ipv6` ASG:
+
+```
+[
+  {
+    "destination": "2000::/3",
+    "protocol": "all"
+  }
+]
+```
+
 ### <a id='private-networks-example'></a> Private networks
 
 Network connections that are commonly allowable in private networks include endpoints such as proxy servers, Docker registries, load balancers, databases, messaging servers, directory servers, and file servers. Configure appropriate private network ASGs as appropriate. You might find it helpful to use a naming convention with `private_networks` as part of the ASG name, such as `private_networks_databases`.