Depth-first order for a basic ipv6 acl, Depth-first order for an advanced ipv6 acl, Rule numbering step with ipv6 acls – H3C Technologies H3C S3100 Series Switches User Manual
Page 350
5-6
is then processed as per the rule), the rule order is important in determining which match criteria will
apply.
Two rule orders are available for IPv6 ACLs:
z
config: ACL rules are sorted in ascending order rule ID. That is, a rule with a smaller ID number
has a higher priority
z
auto: ACL rules are sorted in depth-first order. The depth-first order differs with ACL types.
Depth-first order for a basic IPv6 ACL
The following table shows how the device sorts the rules of a basic IPv6 ACL to determine the
depth-first order of the rules. If a sorting criterion cannot determine the order of some rules, the next
criterion is applied, and the sorting ends till the order of all rules are determined:
Step
Sort by
Precedence
Remarks
1
Source IPv6 address
prefix
A rule configured with a longer prefix in the
source IP address has a higher priority.
—
2 Rule
ID
A rule with a smaller ID number takes
precedence.
—
Depth-first order for an advanced IPv6 ACL
The following table shows how the device sorts the rules of an advanced IPv6 ACL to determine the
depth-first order of the rules. If a sorting criterion cannot determine the order of some rules, the next
criterion is applied, and the sorting ends till the order of all rules are determined:
Step
Sort by
Precedence
Remarks
1 Protocol
range
A rule configured with a specific protocol is
prior to a rule with the protocol type set to IP.
IP means any protocol
carried over IP.
2
Source IPv6 address
prefix
A rule configured with a longer prefix in the
source IP address has a higher priority.
—
3
Destination IPv6
address prefix
A rule configured with a longer prefix takes
precedence.
More 0s means a
narrower IP address
range.
4
Layer 4 service port
number range
A rule with a narrower port number range
takes precedence.
Layer 4 service port
number refers to the
TCP/UDP port number.
5 Rule
ID
A rule with a smaller ID number takes
precedence.
—
Rule Numbering Step with IPv6 ACLs
z
Meaning of the rule numbering step
The concept of ACL rule numbering step is introduced to allow new rules to be inserted in an ACL that
already contains ACL rules. It defines the increment by which the system numbers rules automatically.
By default, the rule numbering step is 5, and rules are automatically numbered 0, 5, 10, 15, and so on.
Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five
rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 will cause the rules to be
renumbered 0, 2, 4, 6 and 8.
Likewise, when the default step is restored, ACL rules are renumbered in the default step. For example,
there are four ACL rules numbered 0, 2, 4, and 6 in steps of 2. When the default step is restored, the
rules are renumbered 0, 5, 15, and 15.
z
Benefits of using the rule numbering step