[c-nsp] how ACLs affect the processing of a Cisco 7200 NPE-G2
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 9 08:00:30 EST 2012
On Nov 9, 2012, at 7:30 PM, Steve McCrory wrote:
> The concept I was working with is true (adding more statements does not impact performance) but perhaps my exact figures where slightly out,
Apologies for being unclear - when the tables are built and populated with bitmaps, the *packet classification process* is indeed pretty consistent in terms of the induced latency, out to pretty large theoretical limits of ACL stanzas; with Turbo ACLs, the maximum number of lookups to match on a given ACE is 5 (as opposed to 1 for each and every ACE with non-compiled ACLs; with a 100-stanza non-compiled ACL, this would require 100 lookups).
However, the box still has to handle the packets, one way or another, so the overall performance savings gained isn't generally that much, in the scheme of things (unless you've totally bloated ACLs which probably are subject to bit-rot and are causing other problems, anyways).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list