Relationship between the match mode and clauses, Pbr and track – H3C Technologies H3C S12500 Series Switches User Manual

271

Table 9 Priorities of the apply clauses in a policy node

Clause Meaning Priority

apply access-vpn
vpn-instance

Sets VPN instances

If a packet matches a forwarding entry of a specified
VPN instance, it is forwarded in the VPN instance; if it
does not match any entry in all VPN instances

specified, it is discarded.

apply ip-precedence Sets an IP precedence

If configured for public network forwarding, that is, the
apply access-vpn vpn-instance clause is not

configured, this clause will always be executed.

apply ip-address
next-hop

Sets the next hop

If configured for public network forwarding, that is, the
apply access-vpn vpn-instance clause is not
configured, this clause will always be executed as long

as the next hop is valid.

If the next hop of PBR is configured as direct and the ARP entry for the specified next hop can be learned,

the next hop is considered valid; otherwise, it is considered invalid.
To set VPN instances for a system that operates in standard mode, you must configure reserved VLANs

before configuring VPNs. For more information about system working modes, see Fundamentals

Configuration Guide. For more information about reserved VLAN, see the reserve-vlan vlan-id command

in MPLS Command Reference.

Relationship between the match mode and clauses

If a packet…

Then…
In permit mode

In deny mode

Matches an if-match clause on a
policy node

The apply clause is executed, and
the packet will not go to the next
policy node for a match.

The apply clause is not executed, the
packet will not go to the next policy

node for a match, and will be
forwarded according to the routing

table.

Fails to match an if-match clause

on the policy node

The apply clause is not executed,
and the packet will go to the next

policy node for a match.

The apply clause is not executed,
and the packet will go to the next

policy node for a match.

There is an OR relationship between the nodes of a policy. If a packet matches a node, it passes the
policy; if the packet does not match any node of the policy, it fails to pass the policy, and is forwarded

according to the routing table.

PBR and Track

Associated with a track object, PBR can detect topology changes faster. You can associate PBR with a

track entry when you configure the output interface, default output interface, next hop, and default next

hop to dynamically determine link reachability. The PBR configuration takes effect when the status of the

associated track object is positive or invalid. For more information about Track-PBR collaboration, see
High Availability Configuration Guide.