service-exclude protocol (PBR rule view)
Function
The service-exclude protocol command excludes a TCP/UDP/SCTP port or IP-layer protocol from a PBR rule, so that traffic with the port or IP-layer protocol does not match the rule.
The undo service-exclude protocol command deletes the excluded TCP/UDP/SCTP port or IP-layer protocol from the rule.
Format
# Exclude a TCP/UDP/SCTP port from a PBR rule. If the port is not specified, the default value is TCP/UDP/SCTP.
service-exclude protocol { { 17 | udp } | { 6 | tcp } | { 132 | sctp } } [ source-port { source-port | start-source-port to end-source-port } &<1-64> | destination-port { destination-port | start-destination-port to end-destination-port } &<1-64> ] *
# Delete the excluded TCP/UDP/SCTP port from a PBR rule.
undo service-exclude protocol { { 17 | udp } | { 6 | tcp } | { 132 | sctp } } [ source-port { source-port | start-source-port to end-source-port } &<1-64> | destination-port { destination-port | start-destination-port to end-destination-port } &<1-64> ] *
# Exclude the ICMP packet type from a PBR rule.
service-exclude protocol { 1 | icmp } [ icmp-type { icmp-name | icmp-type-number { icmp-code-number [ to icmp-code-number ] } &<1-64> } ]
# Delete the excluded ICMP packet type from a PBR rule.
undo service-exclude protocol { 1 | icmp } [ icmp-type { icmp-name | icmp-type-number { icmp-code-number [ to icmp-code-number ] } &<1-64> } ]
# Exclude the ICMPv6 packet type from a PBR rule.
service-exclude protocol { 58 | icmpv6 } [ icmpv6-type { icmpv6-name | icmpv6-type-number { icmpv6-code-number [ to icmpv6-code-number ] } &<1-64> } ]
# Delete the excluded ICMPv6 packet type from a PBR rule.
undo service-exclude protocol { 58 | icmpv6 } [ icmpv6-type { icmpv6-name | icmpv6-type-number { icmpv6-code-number [ to icmpv6-code-number ] } &<1-64> } ]
# Exclude 1-ICMP, 6-TCP, 17-UDP, 58-ICMPv6, and 132-SCTP from a PBR rule. For detailed mappings, refer to the standard IP-layer protocol number list.
service-exclude protocol protocol-number
# Delete the excluded 1-ICMP, 6-TCP, 17-UDP, 58-ICMPv6, and 132-SCTP from a PBR rule.
undo service-exclude protocol protocol-number
Parameters
| Parameter | Description | Value |
|---|---|---|
| 17 | udp | Indicates UDP. | - |
| 6 | tcp | Indicates TCP. | - |
| 132 | sctp | Indicates SCTP. | - |
| source-port { source-port | start-source-port to end-source-port } &<1-64> | Specifies the source port or source port range. | The value is an integer ranging from 0 to 65535. A maximum number of 64 source ports or source port ranges can be added to or deleted from a PBR rule at a time. |
| destination-port { destination-port | start-destination-port to end-destination-port } &<1-64> | Specifies the destination port or destination port range. | The value is an integer ranging from 0 to 65535. A maximum number of 64 source ports or source port ranges can be added to or deleted from aPBR rule at a time. |
| 1 | icmp | Indicates ICMP. | - |
| icmp-type | Indicates the ICMP packet type and message code. | - |
| icmp-name | Specifies the ICMP packet type name. | - |
| icmp-type-number { icmp-code-number [ to icmp-code-number ] } &<1-64> | Specifies the ICMP packet type number and message code. | The value is an integer ranging from 0 to 255. A maximum of 64 groups of ICMP packet type numbers and message codes can be added to or deleted from a PBR rule at a time. |
| 58 | icmpv6 | Indicates ICMPv6. | - |
| icmpv6-type | Indicates the ICMPv6 packet type and message code. | - |
| icmpv6-name | Specifies the ICMPv6 packet type name. | - |
| icmpv6-type-number { icmpv6-code-number [ to icmpv6-code-number ] } &<1-64> | Specifies the ICMPv6 packet type number and message code. | The value is an integer ranging from 0 to 255. A maximum of 64 groups of ICMP packet type numbers and message codes can be added to or deleted from a PBR rule at a time. |
| protocol-number | Specifies the protocol number except 1-ICMP, 6-TCP, 17-UDP, 58-ICMPv6 and 132-SCTP. | The value is an integer ranging from 01 to 255. |
Usage Guidelines
It is recommended that the configured command contain no more than 500 characters.
Application Scenarios
When configuring a PBR rule, you can reference a port or IP-layer protocol as a matching condition in the rule. For example, two services Service1 (TCP, source port ranging from 0 to 65535, and destination port ranging from 100 to 120) Service2 (TCP, source port ranging from 0 to 65535, and destination port ranging from 100 to 200) are available. Traffic of Service2 needs to be forwarded to next-hop address 10.1.1.1, and traffic of Service1 needs to be forwarded based on the current routing table, without being processed by PBR. You can use configuration method 1 in the following table to assign different actions to different ports. This method increases rules as well as rule maintenance workloads. Alternatively, you can use configuration method 2 to run the service-exclude protocol command to configure the rule. This method has the same effect as method 1 and does not need additional rules.
| Configuration Method | Command |
|---|---|
| Method 1 | <sysname> system-view [sysname] policy-based-route [sysname-policy-pbr] rule name test [sysname-policy-pbr-rule-test] service protocol Service1 [sysname-policy-pbr-rule-test] action no-pbr [sysname-policy-pbr-rule-test] quit [sysname-policy-pbr] rule name test1 [sysname-policy-pbr-rule-test1] service protocol Service2 [sysname-policy-pbr-rule-test1] action pbr next-hop 10.1.1.1 |
| Method 2 | <sysname> system-view [sysname] policy-based-route [sysname-policy-pbr] rule name test [sysname-policy-pbr-rule-test] service protocol Service2 [sysname-policy-pbr-rule-test] service-exclude protocol Service1 [sysname-policy-pbr-rule-test] action pbr next-hop 10.1.1.1 |