I recently start to have IPv6 BGP Peer, at first I try to block all the link local address at my interface incoming ACL but after a while I notice that there has many match log on the deny link local address. I want to know is it a correct thing to not block link local address even the link is upstream link to my ISP?
My IPv6 BGP is formed by using Global IPv6 address!
Do you actually have a business need to block Link Local addresses ? This should not be done as the IPv6 control plane relies on link local addresses. e.g. each time you do a Neighbour Discovery on Ethernet. Link Local are also non routeable so they cannot traverse the router (assuming that is the intent of the ACL)
I would recommend against blocking Link Local addresses in ACLs however if you must do this you should be selective about the ones you allow through. e.g.
deny all link_local
permit global uinicast
Though just beware that even then, if the upstream link local address changes, as in the upstream router swaps or replaces its interface then the ACL will have no effect as the Link Local address would have changed.