[c-nsp] ODM Merge
Alban Dani
albcisco at gmail.com
Tue Feb 7 11:30:40 EST 2006
Thank you very much for your input and sorry for the typo...I meant ODM
instead of BDD.
On 2/7/06, Rubens Kuhl Jr. <rubensk at gmail.com> wrote:
>
> > I was recently advised by our Cisco support eng. to move to ODM
> algorithm.
>
> Which is a good advice.
>
> > Besides the fact that I have to run :
> >
> > mls aclmerge algorithm bdd
>
> Don't you mean "mls aclmerge algorithm odm" ? "bdd" is what you are using
> now.
>
> > mls aclmerge odm optimizations
>
> > what else can be involved?
>
> Looking at syslog and using the "show fm feature" command to see if
> all ACLs are been hardware processed are good things to do.
>
> > Is this algorithm conversion a lengthy and/or disruptive proccess?
>
> It's as disruptive as removing all ACLs and applying them again.
> You'll see a 100% CPU spike for a 30s to some min period. That may or
> may not impact dynamic routing protocols and/or spanning tree.
>
> It would be less disruptive to compile one ACL at a time, but that
> might create a security exposure. If you can live with that, remove
> all ACLs from all IP interfaces, change the merge algorithm, and
> reapply one at a time.
>
> Rubens
>
More information about the cisco-nsp
mailing list