[c-nsp] NPE G1, CEF and ACLs and high CPU
Mateusz Błaszczyk
blahu77 at gmail.com
Tue Sep 9 10:26:18 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rodney
2008/9/9 Rodney Dunn :
> Don't use TACL's on the software platforms. It has been removed
> from the CLI for the ISR's (it shouldn't have slipped in to begin with).
>
edge2#sh ver | in IOS
Cisco IOS Software, 7301 Software (C7301-K91P-M), Version 12.2(28)SB6,
RELEASE SOFTWARE (fc1)
edge2(config)#access-list compiled ?
reuse Reuse tables when compiling (for reduced memory requirements)
So, it is NOT recommended to use this feature on that router?
> There are very difficult challenges to handle for things such
> as updating the ACL on configuration change, memory usage, etc.
>
and if we made a policy that each ACL update would consist of:
1) remove access-group from the port
2) remove acl
3) create new acl
4) put access-group on the port
Would the above apply as well?
> Most HW forwarding platforms merge the ACL's in some fashion to
> reduce the footprint size.
So when using TACL is recommended? On software-based it is not, on
hardware-based we got other mechanisms...
I am confused.
> In IOS there is a Trie based ACL now over the linear format.
> It's on by default and you can't change it.
now - meaning 12.4T ?
- --
- -mat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIxoeIIvBv0k5esR4RAuhvAJ0W5Mcn38E7kM20gz2AaWOMKs4htwCgg/ep
RaIQcLoM3P2Mc8NhQuL1vG8=
=Y+MU
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list