Configuring ipv6 policy-based routing, Introduction to ipv6 policy-based routing, Policy-based routing – H3C Technologies H3C SecPath F1000-E User Manual
Page 856: Ipv6 pbr, Node
831
Configuring IPv6 policy-based routing
NOTE:
The IPv6 policy-based routing configuration is available only at the CLI.
Introduction to IPv6 policy-based routing
IPv6 policy-based routing is used to route IPv6 unicasts based on a policy.
Policy-based routing
Policy-based routing (PBR) is a routing mechanism based on the user-defined policies. Different from the
traditional destination-based routing mechanism, PBR enables you to implement policies (based on the
source address, address length, and other criteria) that make packets flexibly take different routes. You
can specify the VPN instance, the packet priority, the outgoing interface, next hop, default outgoing
interface, default next hop, and other parameters to guide forwarding of the packets matching an ACL
or with a specific length.
According to the objects to which the PBR applies, PBR involves local PBR and interface PBR:
•
Local PBR applies to locally generated packets only, such as the ICMP packets generated by using
the ping command.
•
Interface PBR applies to packets forwarded through an interface only.
In most cases, interface PBR is implemented to meet the forwarding and security requirements.
In general, PBR takes precedence over destination-based routing. PBR is applied when packets match the
specified criteria. Otherwise, destination-based routing is applied. However, if only a default outgoing
interface (next hop) is configured for the policy, destination-based routing takes precedence over PBR.
IPv6 PBR
An IPv6 policy is used to route IPv6 packets.
An IPv6 policy can consist of one or multiple nodes.
Node
A node is identified by a node number. The node with the smallest node number has the highest priority.
A policy consists of if-match and apply clauses. An if-match clause defines specifies a match criterion on
a node, and an apply clause specifies action to be taken on packets.
The action to be taken on matched packets depends on the match mode, which can be permit or deny
shows the relationship between the match mode and the clauses.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer