Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
861862863864865866867868869870
842
Configuring IPv6 policy-based routing
IPv6 policy-based routing can be configured only at the CLI.
Introduction to IPv6 policy-based routing
What is policy-based routing
Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route
packets based on the source address, packet length, and other criteria. A policy can specify the output
interface, next hop, default output interface, default next hop, and other parameters for packets that
match specific criteria such as ACLs or have specific lengths.
A device uses PBR to forward matching packets and uses the routing table to forward other packets. If
PBR is not configured, a device uses the routing table to forward packets.
PBR includes local PBR and interface PBR.
Local PBR guides the forwarding of locally generated packets, such as the ICMP packets generated
by using the ping command.
Interface PBR guides the forwarding of packets received on an interface only.
Policy
An IPv6 policy comprises match criteria and actions to be taken on the matching packets. A policy can
comprise one or multiple nodes. The following describes information about nodes:
Each node is identified by a node number. A smaller node number has a higher priority.
A node comprises if-match and apply clauses. An if-match clause specifies a match criterion, and
an apply clause specifies an action.
A node has a match mode of permit or deny.
An IPv6 policy matches nodes in priority order against packets. If a packet matches the criteria on a node,
it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet
does not match the criteria on any node, it is forwarded according to the routing table.
if-match clause
IPv6 PBR supports the following types of if-match clauses:
if-match acl6—Sets an ACL match criteria.
if-match packet-length—Sets an IPv6 packet length match criterion.
You can specify multiple if-match clauses for a node, but only one if-match clause can be specified for
each type at most. To match a node, a packet must match all the if-match clauses of the node.
apply clause
IPv6 PBR supports the following types of apply clauses, as shown in Table 85. You can specify multiple
apply clauses for a node, but some of them might not be executed.