Policy
An IPv6 policy includes match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:
Each node is identified by a node number. A smaller node number has a higher priority.
A node contains if-match and apply clauses. An if-match clause specifies a match criterion, and an apply clause specifies an action.
A node has a match mode of permit or deny.
An IPv6 policy compares packets with nodes in priority order. If a packet matches the criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.
if-match clause
IPv6 PBR supports the if-match acl clause, which sets an ACL match criterion.
You can specify only one if-match clause for each node.
apply clause
IPv6 PBR supports the types of apply clauses shown in Table 30. You can specify multiple apply clauses for a node, but some of them might not be executed. The following apply clauses determine the packet forwarding paths in a descending order:
apply next-hop
apply output-interface
Table 30: Priorities and meanings of apply clauses
Clause | Meaning | Priority |
|---|---|---|
apply precedence | Sets an IP precedence. | This clause is always executed. |
apply next-hop and apply output-interface | Sets next hops and sets output interfaces. | Only the apply next-hop clause is executed when both are configured. |
Relationship between the match mode and clauses on the node
Does a packet match all the if-match clauses on the node? | Match mode | |
|---|---|---|
In permit mode | In deny mode | |
Yes |
| The packet is forwarded according to the routing table. |
No | IPv6 PBR compares the packet with the next node. | IPv6 PBR compares the packet with the next node. |
A node that has no if-match clauses matches any packet.