Policy
An IPv6 policy includes match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:
Each node is identified by a node number. A smaller node number has a higher priority.
A node comprises if-match and apply clauses. An if-match clause specifies a match criterion, and an apply clause specifies an action.
A node has a match mode of permit or deny.
An IPv6 policy matches nodes in priority order against packets. If a packet matches the criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.
if-match clause
IPv6 PBR supports only the if-match acl clause to set the ACL match criterion.
You can specify only one if-match clause for a node.
apply clause
IPv6 PBR supports only the apply next-hop clause to set the next hop for packets.
Relationship between the match mode and clauses on the node
Does a packet match all the if-match clauses on the node? | Match mode | |
|---|---|---|
In permit mode | In deny mode | |
Yes |
| The packet is forwarded according to the routing table. |
No | IPv6 PBR matches the packet against the next node. | IPv6 PBR matches the packet against the next node. |
A node that has no if-match clauses matches any packet.