Policy

An IPv6 policy includes match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:

Each node is identified by a node number. A smaller node number has a higher priority.
A node contains if-match and apply clauses. An if-match clause specifies a match criterion, and an apply clause specifies an action.
A node has a match mode of permit or deny.

An IPv6 policy matches nodes in priority order against packets. If a packet matches the criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.

if-match clause

IPv6 PBR supports the if-match acl clause to set an ACL match criterion. You can specify only one if-match acl clause for a node.

apply clause

IPv6 PBR supports the apply next-hop clause to set next hops for packets.

Relationship between the match mode and clauses on the node

Does a packet match all the if-match clauses on the node?	Match mode
	In permit mode	In deny mode
Yes	If the node is configured with an apply clause, IPv6 PBR executes the apply clause on the node. It does not match the packet against the next node. If the node is configured with no apply clause, the packet is forwarded according to the routing table.	The packet is forwarded according to the routing table.
No	IPv6 PBR matches the packet against the next node.	IPv6 PBR matches the packet against the next node.

A node that has no if-match clauses matches any packet.

prev	up	next
Overview	home	PBR and Track