The ipv6-address command sets the IPv6 address in a user-defined application rule.
The undo ipv6-address command deletes the IPv6 address in a user-defined application rule.
ipv6-address ipv6-address [ mprefix-length ]
undo ipv6-address { ipv6-address [ mprefix-length ] | all }
| Parameter | Description | Value |
|---|---|---|
| ipv6-address | Specifies an IPv6 address. | - |
| mprefix-length | Specifies the prefix length. | The value is an integer ranging from 1 to 128. |
| all | Deletes all IPv6 addresses. | - |
You can set a single IPv6 address in a user-defined application rule or set the prefix length to specify a network segment.
After you configure the IPv6 address, the SA engine will use the transport layer protocol and ports, that is, the 3-tuple to match the network packets. After you configure the 3-tuple and commit the configuration, the SA engine uses the destination 3-tuple to match the first packet of a flow. Then, if no match is found, the SA engine uses the source 3-tuple to match the first packet of a flow. If you know the destination (or source) 3-tuple of the detecting flow, you can configure a user-defined 3-tuple to accelerate the application identification. For example, if you have a server, you can configure a 3-tuple rule according to the IPv6 address, port, and protocol of the server, so the rule can identify all the accessing flow to this server. At least one IPv6 address or one port should be in the 3-tuple rule.
The total number of IPv4 and IPv6 addresses in a user-defined application rule cannot be larger than four.
# Set the IPv6 address in user-defined application rule rule1 to 1234:5678:9012:abcd:ef12::1234 and the prefix length to 100.
<sysname> system-view [sysname] sa [sysname-sa] user-defined-application name UD_abc [sysname-sa-user-defined-app-UD_abc] rule name rule1 [sysname-sa-user-defined-app-UD_abc-rule-rule1] ipv6-address 1234:5678:9012:abcd:ef12::1234 100