No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of IP Unicast Routing, including IP Routing, Static Route, RIP, RIPng, OSPF, OSPFv3, IPv4 IS-IS, IPv6 IS-IS, BGP, Routing Policy, and PBR.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ACL6-based Simplified PBR

Configuring ACL6-based Simplified PBR

Pre-configuration Tasks

Before configuring ACL6-based simplified PBR, complete the following tasks:
  • Configure link layer attributes of interfaces to ensure proper operation of interfaces.

  • Configure ACL6 rules.

Context

To control traffic that enters a network, configure an ACL6 rule to match packets based on packet information including the source IP address, fragment flag, destination IP address, source port number, and source MAC address, and then configure an ACL6-based simplified traffic policy to filter the packets that match the ACL6 rule. Compared with PBR, ACL6-based simplified PBR does not require a traffic classifier, traffic behavior, or traffic policy, resulting in easy configuration. However, ACL6-based simplified PBR matches packets only based on ACL6 rules, so it does not support so many types of matching rules as a traffic policy.

If ACL6-based simplified traffic policies are configured in the system view, VLAN view, and interface view, the precedence of these policies is: interface view > VLAN view > system view.

Procedure

  • Configure redirection globally.
    1. Run system-view

      The system view is displayed.

    2. Run traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] global [ slot slot-id ] inbound

      Packets are redirected to a specified next-hop IP address.

      This action takes effect only in Layer 3 forwarding. By default, if the configured next hop is unreachable, packets are forwarded based on their destination address. If the fail-action discard parameter is configured, packets are discarded if the configured next hop is unreachable.

    3. Run commit

      The configuration is committed.

  • Configure redirection in a VLAN.
    1. Run system-view

      The system view is displayed.

    2. Run vlan vlan-id

      The VLAN view is displayed.

    3. Run traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

      Packets are redirected to a specified next-hop IP address.

      This action takes effect only in Layer 3 forwarding. By default, if the configured next hop is unreachable, packets are forwarded based on their destination address. If the fail-action discard parameter is configured, packets are discarded if the configured next hop is unreachable.

    4. Run commit

      The configuration is committed.

  • Configure redirection on an interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

      Packets are redirected to a specified next-hop IP address.

      This action takes effect only in Layer 3 forwarding. By default, if the configured next hop is unreachable, packets are forwarded based on their destination address. If the fail-action discard parameter is configured, packets are discarded if the configured next hop is unreachable.

    4. Run commit

      The configuration is committed.

Verifying the Configuration

Run the display traffic-policy applied-record traffic-redirect [ [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | qos group group-id ] [ inbound ] ] command to check the application records of a specified traffic policy.

Follow-up Procedure

For the CE6870EI and CE6875EI, if a low-priority traffic policy takes effect before you apply a high-priority traffic policy, ACL rules may be slow to take effect. Consequently, service processing will be delayed. You can run the traffic-policy fast-mode command in the system view to enable fast delivery of ACLs. This ensures that ACL rules take effect rapidly and services can be processed in real time.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074760

Views: 45871

Downloads: 58

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next