[c-nsp] access-list performance impact - 3845?
Łukasz Bromirski
lukasz at bromirski.net
Wed Dec 26 17:24:54 EST 2007
jacob c wrote:
> I wanted to chime in on my platform as well? When running an basic
> or extended ACL do both of these run in HW on the 3845? I am also
> worried about performance.
As it was written on this already a lot of times, none Cisco router
below 7600 with Sup1/2/32/720/RSP720 is doing ACLs in hardware.
In fact, on ISR routers (850/870/1800/2800/3800) things accelerated
by hardware are only: VPNs (AIM crypto modules), voice transformations
(DSP modules) and ATM.
Those platforms are plain CPU-based and thus IOS runs all
functionalities (apart from those listed above) in CPU.
As Rodney and others already written, ACLs in 12.3T/12.4 received a
lot of optimization, going a lot further than that which was already
some optimization known under 'Turbo ACL'. Turbo ACLs were then
dropped from parser as 'normal' ACLs are now faster than they were.
Given the fact, ACL should process the packet in CEF path, performance
hit will be minimal for sane number of ACEs and without fancy
features like logging/log-input things.
--
"Don't expect me to cry for all the | Łukasz Bromirski
reasons you had to die" -- Kurt Cobain | http://lukasz.bromirski.net
More information about the cisco-nsp
mailing list