Relationship between the match mode and clauses – H3C Technologies H3C SR8800 User Manual

266

Table 6 Priorities of the apply clauses in a policy node

Clause Meaning Priority

apply access-vpn

vpn-instance

Sets VPN instances.

If this clause is configured, other apply clauses,
except the apply ip-df zero clause, will not be

executed.
If a packet matches a forwarding entry of a

specified VPN instance, it is forwarded in the VPN
instance; if it does not match any entry in all VPN

instances specified, it is discarded.

apply

ip-precedence

Sets an IP precedence.

If configured for public network forwarding—the
apply access-vpn vpn-instance clause is not

configured, this clause will always be executed.

apply ip-address

next-hop

Sets the next hop.

If configured for public network forwarding—the

apply access-vpn vpn-instance clause is not

configured—and the configured next hop is valid,

this clause will be executed.

apply ip-address

default next-hop

Sets the default next hop.

This clause takes effect only when no next hop is

defined for packets, or the defined next hop is

invalid and the destination address does not
match any route in the routing table.

NOTE:

If a directly connected next hop is configured for PBR and the ARP entry of the next hop can be learned,
the next hop is considered valid; otherwise, it is considered invalid.

Relationship between the match mode and clauses

If a packet…

Then…
In permit mode

In deny mode

Matches all the if-match clauses
on a policy node

The apply clause is executed, and
the packet will not go to the next

policy node for a match.

The apply clause is not executed, the
packet will not go to the next policy

node for a match, and will be

forwarded according to the routing
table.

Fails to match an if-match clause
on the policy node

The apply clause is not executed,
and the packet will go to the next

policy node for a match.

The apply clause is not executed,
and the packet will go to the next

policy node for a match.

The nodes of a policy are in an OR relationship. If a packet matches a node, it passes the policy; if the

packet does not match any node of the policy, it fails to pass the policy and is forwarded according to

the routing table.