apply redirect

Function

The apply redirect command redirects traffic matching a static IPv6 FlowSpec route rule.

The undo apply redirect command cancels the configuration.

By default, traffic is not redirected.

Format

apply redirect vpn-target vpn-target-import

undo apply redirect

Parameters

Parameter Description Value
vpn-target vpn-target-import

Specifies the name of an inbound VPN target.

The value is in the format of AS number (in the range from 0 to 65535):user-defined number (in the range from 0 to 4294967295), ipv4-address:AS number (in the range from 0 to 65535), AS number (in the range from 0 to 65535).AS number (in the range from 0 to 65535):AS number (in the range from 0 to 65535), or user-defined number (in the range from 65536 to 4294967295):AS number (in the range from 0 to 65535). The AS number and user-defined number cannot both be 0s. Specifically, a VPN target cannot be 0:0 or 0.0:0.

Views

Flow-Route-IPv6 view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
flow-route write

Usage Guidelines

Usage Scenario

To redirect traffic matching a static IPv6 FlowSpec route rule to a specified VPN instance, run the apply redirect command in the Flow-Route-IPv6 view. This helps an attacked device against attacks.

Prerequisites

A static BGP IPv6 Flow Specification route has been created using the flow-route command in the system view.

Configuration Impact

If the apply redirect command is run more than once, the last configuration overrides the previous one.

Example

# Configure the operation of redirecting matching traffic in static BGP IPv6 Flow Specification route Rule 1.
<HUAWEI> system-view
[~HUAWEI] flow-route Rule1 ipv6
[*HUAWEI-flow-route-ipv6] if-match port equal 24
[*HUAWEI-flow-route-ipv6] apply redirect vpn-target 4:4
Parent Topic: BGP Flow Specification Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >