Login
- Table of Contents
-
- 05-Network Connectivity
- 00-Preface
- 01-About the network connectivity configuration guide
- 02-MAC address table configuration
- 03-Ethernet link aggregation configuration
- 04-Port isolation configuration
- 05-VLAN configuration
- 06-Loop detection configuration
- 07-Spanning tree configuration
- 08-LLDP configuration
- 09-Layer 2 forwarding configuration
- 10-VLAN termination configuration
- 11-PPP configuration
- 12-L2TP configuration
- 13-Modem management configuration
- 14-3G and 4G modem management configuration
- 15-ARP configuration
- 16-IP addressing configuration
- 17-DHCP configuration
- 18-DHCPv6 configuration
- 19-DNS configuration
- 20-NAT configuration
- 21-IP performance optimization configuration
- 22-IPv6 basics configuration
- 23-GRE configuration
- 24-Tunneling configuration
- 25-IP forwarding basics configuration
- 26-Basic IP routing configuration
- 27-Static routing configuration
- 28-IPv6 static routing configuration
- 29-Policy-based routing configuration
- 30-IPv6 policy-based routing configuration
- 31-RIP configuration
- 32-RIPng configuration
- 33-Multicast overview
- 34-IGMP snooping configuration
- 35-MLD snooping configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 30-IPv6 policy-based routing configuration | 105.60 KB |
Contents
IPv6 packet forwarding process
Restrictions: Hardware compatibility with IPv6 policy-based routing
Setting match criteria for an IPv6 node
Configuring actions for an IPv6 node
Specifying a policy for IPv6 PBR
Specifying an IPv6 policy for IPv6 local PBR
Specifying an IPv6 policy for IPv6 interface PBR
Enabling SNMP notifications for IPv6 PBR
Display and maintenance commands for IPv6 PBR
Configuring IPv6 PBR
About IPv6 PBR
IPv6 policy-based routing (PBR) uses user-defined policies to route IPv6 packets. A policy can specify parameters for packets that match specific criteria such as ACLs or that have specific lengths. The parameters include the next hop, output interface, default next hop, and default output interface.
IPv6 packet forwarding process
A device forwards received IPv6 packets using the following process:
1. The device uses PBR to forward matching packets.
2. If one of the following events occurs, the device searches for a route (except the default route) in the routing table to forward packets:
¡ The packets do not match the PBR policy.
¡ The PBR-based forwarding fails.
3. If the forwarding fails, the device uses the default next hop or default output interface defined in PBR to forward packets.
4. If the forwarding fails, the device uses the default route to forward packets.
IPv6 PBR types
IPv6 PBR includes the following types:
· Local PBR—Guides the forwarding of locally generated packets, such as the ICMP packets generated by using the ping command.
· Interface PBR—Guides the forwarding of packets received on an interface only.
Policy
An IPv6 policy includes match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:
· Each node is identified by a node number. A smaller node number has a higher priority.
· A node contains if-match and apply clauses. An if-match clause specifies a match criterion, and an apply clause specifies an action.
· A node has a match mode of permit or deny.
An IPv6 policy compares packets with nodes in priority order. If a packet matches the criteria on a node, it is processed by the action on the node. If the packet does not match any criteria on the node, it goes to the next node for a match. If the packet does not match the criteria on any node, the device performs a routing table lookup for the packet.
Relationship between if-match clauses
On a node, you can specify multiple if-match clauses, but only one if-match clause for each type. A packet that matches all the if-match clauses of a node matches the node.
Relationship between apply clauses
You can specify multiple apply clauses for a node, but some of them might not be executed. For more information about the relationship between the apply clauses, see "Configuring actions for an IPv6 node."
Relationship between the match mode and clauses on the node
|
Match mode |
||
|
In permit mode |
In deny mode |
|
|
Yes |
· If the node contains apply clauses, IPv6 PBR executes the apply clauses on the node. ¡ If IPv6 PBR-based forwarding succeeds, IPv6 PBR does not compare the packet with the next node. ¡ If IPv6 PBR-based forwarding fails and the apply continue clause is not configured, IPv6 PBR does not compare the packet with the next node. ¡ If IPv6 PBR-based forwarding fails and the apply continue clause is configured, IPv6 PBR compares the packet with the next node. · If the node does not contain apply clauses, the device performs a routing table lookup for the packet. |
The device performs a routing table lookup for the packet. |
|
No |
IPv6 PBR compares the packet with the next node. |
IPv6 PBR compares the packet with the next node. |
|
|
NOTE: A node that has no if-match clauses matches any packet. |
PBR and Track
PBR can work with the Track feature to dynamically adapt the availability status of an apply clause to the link status of a tracked object. The tracked object can be a next hop, output interface, default next hop, or default output interface.
· When the track entry associated with an object changes to Negative, the apply clause is invalid.
· When the track entry changes to Positive or NotReady, the apply clause is valid.
For more information about Track-PBR collaboration, see High Availability Configuration Guide.
Restrictions: Hardware compatibility with IPv6 policy-based routing
|
Hardware series |
Model |
Product code |
IPv6 policy-based routing compatibility |
|
WX1800H series |
WX1804H-PWR |
EWP-WX1804H-PWR-CN |
Yes |
|
WX2500H series |
WX2508H-PWR-LTE WX2510H-PWR WX2510H-F-PWR WX2540H WX2540H-F WX2560H |
EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H |
Yes |
|
MAK series |
MAK204 MAK206 |
EWP-MAK204 EWP-MAK206 |
Yes |
|
WX3000H series |
WX3010H WX3010H-X-PWR WX3010H-L-PWR WX3024H WX3024H-L-PWR WX3024H-F |
EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F |
No |
|
WX3500H series |
WX3508H WX3508H WX3510H WX3510H WX3520H WX3520H-F WX3540H WX3540H |
EWP-WX3508H EWP-WX3508H-F EWP-WX3510H EWP-WX3510H-F EWP-WX3520H EWP-WX3520H-F EWP-WX3540H EWP-WX3540H-F |
Yes |
|
WX5500E series |
WX5510E WX5540E |
EWP-WX5510E EWP-WX5540E |
Yes |
|
WX5500H series |
WX5540H WX5560H WX5580H |
EWP-WX5540H EWP-WX5560H EWP-WX5580H |
Yes |
|
Access controller modules |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
Yes |
|
Hardware series |
Model |
Product code |
IPv6 policy-based routing compatibility |
|
WX1800H series |
WX1804H-PWR WX1810H-PWR WX1820H WX1840H |
EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL |
Yes |
|
WX3800H series |
WX3820H WX3840H |
EWP-WX3820H-GL EWP-WX3840H-GL |
Yes |
|
WX5800H series |
WX5860H |
EWP-WX5860H-GL |
Yes |
IPv6 PBR tasks at a glance
To configure IPv6 PBR, perform the following tasks:
b. Setting match criteria for an IPv6 node
c. Configuring actions for an IPv6 node
2. Specifying a policy for IPv6 PBR
Choose the following tasks as needed:
¡ Specifying an IPv6 policy for IPv6 local PBR
¡ Specifying an IPv6 policy for IPv6 interface PBR
3. (Optional.) Enabling SNMP notifications for IPv6 PBR
Configuring an IPv6 policy
Creating an IPv6 node
1. Enter system view.
system-view
2. Create an IPv6 policy or policy node and enter its view.
ipv6 policy-based-route policy-name [ deny | permit ] node node-number
Setting match criteria for an IPv6 node
1. Enter system view.
system-view
2. Enter IPv6 policy node view.
ipv6 policy-based-route policy-name [ deny | permit ] node node-number
3. Set match criteria.
¡ Set an ACL match criterion.
if-match acl { ipv6-acl-number | name ipv6-acl-name }
By default, no ACL match criterion is set.
The ACL match criterion cannot match Layer 2 information.
¡ Set a packet length match criterion.
if-match packet-length min-len max-len
By default, no packet length match criterion is set.
Configuring actions for an IPv6 node
About this task
The apply clauses allow you to specify actions to take on matching packets on a node.
The following apply clauses determine the packet forwarding paths in a descending order:
· apply next-hop
· apply output-interface
· apply default-next-hop
· apply default-output-interface
IPv6 PBR supports the apply clauses in Table 1.
Table 1 Apply clauses supported in IPv6 PBR
|
Clause |
Meaning |
Remarks |
|
apply precedence |
Sets an IP precedence. |
This clause is always executed. |
|
apply loadshare { next-hop | output-interface | default-next-hop | default-output-interface } |
Enables load sharing among multiple next hops, output interfaces, default next hops, or default output interfaces. |
Multiple next hops, output interfaces, default next hops, or default output interfaces operate in either primary/backup or load sharing mode. For example: · Primary/backup mode—The first configured output interface is used. When the primary output interface fails, the first configured backup output interface takes over. · Load sharing mode—Multiple output interfaces load share traffic on a per-packet basis in turn, according to the configuration order. Multiple next hops load share traffic according to their weights. By default, the primary/backup mode applies. For the load sharing mode to take effect, make sure multiple next hops, output interfaces, default next hops, or default output interfaces are set in the policy. |
|
apply next-hop and apply output-interface |
Sets next hops and sets output interfaces. |
If both clauses are configured, only the apply next-hop clause is executed. |
|
apply default-next-hop and apply default-output-interface |
Sets default next hops and sets default output interfaces. |
If both clauses are configured, only the apply default-next-hop clause is executed. The clauses take effect only in the following cases: · No next hops or output interfaces are set or the next hops and output interfaces are invalid. · The IPv6 packet does not match any route in the routing table. |
|
apply continue |
Compares packets with the next node upon failure on the current node. |
The apply continue clause applies when either of the following conditions exist: · None of the following clauses is configured for packet forwarding: apply next-hop, apply output-interface, apply default-next-hop, and apply default-output-interface. · A clause listed above is configured, but it has become invalid. Then, a routing table lookup also fails for the matching packet. A clause might become invalid because the specified next hop is unreachable or the specified output interface is down. |
Restrictions and guidelines for action configuration
If you specify a next hop or default next hop, IPv6 PBR periodically performs a lookup in the FIB table to determine its availability. Temporary service interruption might occur if IPv6 PBR does not update the route immediately after its availability status changes.
Setting an IP precedence
1. Enter system view.
system-view
2. Enter IPv6 policy node view.
ipv6 policy-based-route policy-name [ deny | permit ] node node-number
3. Set an IP precedence.
apply precedence { type | value }
By default, no IP precedence is specified.
Configuring actions to direct packet forwarding
1. Enter system view.
system-view
2. Enter IPv6 policy node view.
ipv6 policy-based-route policy-name [ deny | permit ] node node-number
3. Configure actions for a node.
¡ Set next hops for permitted IPv6 packets.
apply next-hop { ipv6-address [ direct ] [ track track-entry-number ] } &<1-n>
By default, no next hops are specified.
You can specify multiple next hops for backup or load sharing in one command line or by executing this command multiple times. You can specify a maximum of n next hops for a node.
If multiple next hops on the same subnet are specified for backup, the device first uses the subnet route for the next hops to forward packets when the primary next hop fails. If the subnet route is not available, the device selects a backup next hop.
¡ Enable load sharing among multiple next hops.
apply loadshare next-hop
By default, the next hops operate in primary/backup mode.
¡ Set output interfaces.
apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>
By default, no output interfaces are specified.
You can specify multiple output interfaces for backup or load sharing in one command line or by executing this command multiple times. You can specify a maximum of n output interfaces for a node.
¡ Enable load sharing among multiple output interfaces.
apply loadshare output-interface
By default, the output interfaces operate in primary/backup mode.
¡ Set default next hops.
apply default-next-hop { ipv6-address [ direct ] [ track track-entry-number ] }&<1-n>
By default, no default next hops are specified.
You can specify multiple default next hops for backup or load sharing in one command line or by executing this command multiple times. You can specify a maximum of n default next hops for a node.
¡ Enable load sharing among multiple default next hops.
apply loadshare default-next-hop
By default, the default next hops operate in primary/backup mode.
¡ Set default output interfaces.
apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>
By default, no default output interfaces are specified.
You can specify multiple default output interfaces for backup or load sharing in one command line or by executing this command multiple times. You can specify a maximum of n default output interfaces for a node.
¡ Enable load sharing among multiple default output interfaces.
apply loadshare default-output-interface
By default, the default output interfaces operate in primary/backup mode.
Comparing packets with the next node upon match failure on the current node
1. Enter system view.
system-view
2. Enter IPv6 policy node view.
ipv6 policy-based-route policy-name [ deny | permit ] node node-number
3. Compare packets with the next node upon match failure on the current node.
apply continue
By default, IPv6 PBR does not compare packets with the next node upon match failure on the current node.
This command takes effect only when the match mode of the node is permit.
Specifying a policy for IPv6 PBR
Specifying an IPv6 policy for IPv6 local PBR
About this task
Perform this task to specify an IPv6 policy for IPv6 local PBR to guide the forwarding of locally generated packets.
Restrictions and guidelines
You can specify only one policy for IPv6 local PBR and must make sure the specified policy already exists. Before you apply a new policy, you must first remove the current policy.
IPv6 local PBR might affect local services, such as ping and Telnet. When you use IPv6 local PBR, make sure you fully understand its impact on local services of the device.
Procedure
1. Enter system view.
system-view
2. Specify an IPv6 policy for IPv6 local PBR.
ipv6 local policy-based-route policy-name
By default, IPv6 local PBR is not enabled.
Specifying an IPv6 policy for IPv6 interface PBR
About this task
Perform this task to apply an IPv6 policy to an interface to guide the forwarding of packets received on the interface only.
Restrictions and guidelines
You can apply only one policy to an interface and must make sure the specified policy already exists. Before you apply a new policy, you must first remove the current policy from the interface.
You can apply a policy to multiple interfaces.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Specify an IPv6 policy for IPv6 interface PBR.
ipv6 policy-based-route policy-name
By default, no IPv6 policy is applied to the interface.
Enabling SNMP notifications for IPv6 PBR
About this task
Perform this task to enable SNMP notifications for IPv6 PBR. IPv6 PBR can generate notifications and send them to the SNMP module when the next hop becomes invalid. For the IPv6 PBR notifications to be sent correctly, you must also configure SNMP on the device. For more information about configuring SNMP, see the network management and monitoring configuration guide for the device.
Procedure
1. Enter system view.
system-view
2. Enable SNMP notifications for IPv6 PBR.
snmp-agent trap enable ipv6 policy-based-route
By default, SNMP notifications are enabled for IPv6 PBR.
Display and maintenance commands for IPv6 PBR
|
|
IMPORTANT: The WX1800H series, WX2500H series, MAK series, and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode. |
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display IPv6 PBR policy information. |
display ipv6 policy-based-route [ policy policy-name ] |
|
Display IPv6 interface PBR configuration and statistics. |
In standalone mode: display ipv6 policy-based-route interface interface-type interface-number In IRF mode: display ipv6 policy-based-route interface interface-type interface-number [ slot slot-number ] |
|
Display IPv6 local PBR configuration and statistics. |
In standalone mode: display ipv6 policy-based-route local In IRF mode: display ipv6 policy-based-route local [ slot slot-number ] |
|
Display IPv6 PBR configuration. |
display ipv6 policy-based-route setup |
|
Clear IPv6 PBR statistics. |
reset ipv6 policy-based-route statistics [ policy policy-name ] |
