ACL6

mhkabir1952  Diamond  (1)
6 years 7 months ago  View: 1195  Reply: 3

ACL6 Classification

According to its purpose, ACL6 has two types:

  • Basic ACL6: employs only source IP addresses to define its rules.

  • Advanced ACL6: employs source and destination IP addresses, and protocol types. It defines rules for a specific protocol, such as the rules containing source and destination ports for TCP, and those containing the protocol type and code for ICMPv6. Advanced ACL6 offers more accurate, diversified, and flexible rules than basic ACL6.

Matching Sequence of ACL6

One ACL can contain multiple rules, each of which has its own matching orders that may conflict or overlap with each other. Then, to match packets with corresponding rules, the matching sequence of rules should be specified.

The device supports the following matching sequences:

  • Configuration order: Rules are matched in order that they are configured.

  • Auto matching: Rules are matched in the depth-first order.

    • The depth-first order of basic ACL6 is as follows:

      1. The source IPv6 address ranges are matched first. The rule whose source IPv6 address range is smaller (namely, with longer prefix) is adopted preferentially.

      2. If the source IPv6 address ranges are identical, the rule that is earlier configured is adopted preferentially.

    • The depth-first order of advanced ACL6 is as follows:

      1. The protocol types are matched first. The rule whose protocol type is specified is adopted preferentially.

      2. If the protocol types are identical, the source IPv6 address ranges are matched. The rule whose source IPv6 address range is smaller (namely, with longer prefix) is adopted preferentially.

      3. If both the protocol types and source IPv6 address ranges are identical, the destination IPv6 address ranges are matched. The rule whose destination IPv6 address range is smaller (namely, with longer prefix) is adopted preferentially.

      4. If the protocol types, source IPv6 address ranges, and destination IPv6 address ranges are identical, the Layer-4 port numbers (TCP/UDP port numbers) are matched. The rule whose Layer-4 port number is smaller is adopted preferentially.

      5. If all the previous items are identical, the rule that is earlier configured is adopted preferentially.

      When a packet is matched with rules, a certain matching order is adopted. Once a rule is matched, the packet is not matched with other rules, and the device implements the action defined in the matched rule.

Armetta  Diamond 
6 years 7 months ago
documentation very useful for my job

foisal  Gold 
6 years 7 months ago
Very nice
user_2837311  Diamond 
2 years 9 months ago
useful document, thanks