IPv6 ACL technology workflow analysis

IPv6 ACL (Access Control Lists) is a data packet filtering mechanism implemented by the switch based on the information of the IPv6 Layer 3 and above. By allowing or rejecting specific data packets into the network, vswitches can control network access, effectively ensuring the safe operation of the network.

A user can create a set of rules for specific information in the message. Each rule describes the action taken on the data packet that matches certain information: Allow through permit) or reject through deny ). You can apply these rules to the entry of a specific port change, so that data streams in a specific direction on a specific port must be switched according to the specified ACL rules. IPv6 ACL supports multiple rules and is only valid for IPv6 data. The overall design concept of IPv6 ACL is as follows: first, determine whether to enable firwall enable. If firewall enable is not enabled, forward data packets directly without any processing. If firewall enable is enabled and firewall default is deny, after a port of the switch receives an IPv6 packet, the switch analyzes whether or not the IPv6 ACL is bound. If no IPv6 ACL is bound, the packet is immediately rejected. If an IPv6 ACL is bound, check whether it matches the resource address? If yes, deny (discard the IPv6 data) and permit (forward the IPv6 data). If no match exists, check whether there are multiple entries. If yes, go to the next entry and continue viewing until the corresponding address is found. If no address is found, the operation is rejected (the IPv6 data is discarded ). Shows the process:

General idea of IPv6 ACL (when default is deny)

If firewall default is permit, the process is similar, but the method is the opposite.