F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

861

862

863

864

865

866

867

868

869

870

841

An IPv6 policy matches nodes in priority order against packets. If a packet satisfies the match criteria on

a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the

packet does not match the criteria on any node, it is forwarded according to the routing table.

1776Bif-match clause

IPv6 PBR supports the following types of if-match clauses:

• if-match acl6—Sets an ACL match criteria.

• if-match packet-length—Sets an IPv6 packet length match criterion.

You can specify multiple if-match clauses for a node, but only one if-match clause can be specified for

each type at most. To match a node, a packet must satisfy all the if-match clauses of the node.

1777Bapply clause

IPv6 PBR supports the following types of apply clauses, as shown in 2999HTable 73. You can specify multiple

apply clauses for a node, but some of them may not be executed.

Table 73 Priorities and meanings of the apply clauses

Clause Meanin

Priorit

apply

ipv6-precedence

Sets an IP precedence. If configured, this clause will always be executed.

apply

output-interface and

apply ipv6-address

next-hop

Sets the output interface

and sets the next hop.

The apply output-interface clause takes precedence over

the apply ipv6-address next-hop clause. Only the apply

output-interface clause is executed when both are

configured.

apply default

output-interface and

apply ipv6-address

default next-hop

Sets the default output

interface and sets the

default next hop.

The apply default output-interface clause takes precedence

over the apply ipv6-address default next-hop clause. Only

the apply default output-interface clause is executed when

both are configured.

They take effect only when no output interface or next hop is

set or the output interface and next hop are invalid, and the

packet does not match any route in the routing table.

1778BRelationship between the match mode and clauses on a node

Does a packet match all the

if-match clauses on the node?

Match mode

ermit mode

In den

mode

Yes

IPv6 PBR executes the apply

clause on the node.

The packet is forwarded according

to the routing table.

IPv6 PBR matches the packet

against the next node.

IPv6 PBR matches the packet against

the next node.

All packets can match a node where no if-match clauses are configured.

If a permit-mode node has no apply clause, packets matching all the if-match clauses of the node are

forwarded according to the routing table.

If a node has no if-match or apply clauses configured, all packets can match the node and are

forwarded according to the routing table.