Relationship between the match mode and clauses, Pbr and track – H3C Technologies H3C S12500 Series Switches User Manual
Page 287
271
Table 9 Priorities of the apply clauses in a policy node
Clause Meaning Priority
apply access-vpn
vpn-instance
Sets VPN instances
If a packet matches a forwarding entry of a specified
VPN instance, it is forwarded in the VPN instance; if it
does not match any entry in all VPN instances
specified, it is discarded.
apply ip-precedence Sets an IP precedence
If configured for public network forwarding, that is, the
apply access-vpn vpn-instance clause is not
configured, this clause will always be executed.
apply ip-address
next-hop
Sets the next hop
If configured for public network forwarding, that is, the
apply access-vpn vpn-instance clause is not
configured, this clause will always be executed as long
as the next hop is valid.
If the next hop of PBR is configured as direct and the ARP entry for the specified next hop can be learned,
the next hop is considered valid; otherwise, it is considered invalid.
To set VPN instances for a system that operates in standard mode, you must configure reserved VLANs
before configuring VPNs. For more information about system working modes, see Fundamentals
Configuration Guide. For more information about reserved VLAN, see the reserve-vlan vlan-id command
in MPLS Command Reference.
Relationship between the match mode and clauses
If a packet…
Then…
In permit mode
In deny mode
Matches an if-match clause on a
policy node
The apply clause is executed, and
the packet will not go to the next
policy node for a match.
The apply clause is not executed, the
packet will not go to the next policy
node for a match, and will be
forwarded according to the routing
table.
Fails to match an if-match clause
on the policy node
The apply clause is not executed,
and the packet will go to the next
policy node for a match.
The apply clause is not executed,
and the packet will go to the next
policy node for a match.
There is an OR relationship between the nodes of a policy. If a packet matches a node, it passes the
policy; if the packet does not match any node of the policy, it fails to pass the policy, and is forwarded
according to the routing table.
PBR and Track
Associated with a track object, PBR can detect topology changes faster. You can associate PBR with a
track entry when you configure the output interface, default output interface, next hop, and default next
hop to dynamically determine link reachability. The PBR configuration takes effect when the status of the
associated track object is positive or invalid. For more information about Track-PBR collaboration, see
High Availability Configuration Guide.