RE: [nsp] ACL optimizer..

From: Rubens Kuhl Jr. (rkuhljr@uol.com.br)
Date: Mon May 13 2002 - 17:33:29 EDT


ACL performance variations depends on what is forwarding packets, doing
ACLs and how.
For instance, Cat6K/7600 has always the same ACL performance in pps if
its internal compiler is able to implant the ACL on the Sup TCAM, and
precompiling may do good things or bad things to TCAM usage.
On GSR Engines 0 to 2, turning TurboACL on or off would also make the
aggregation more or less useful.

Keeping readability may be done by always keeping the source ACL to edit
and using the modified only to deploy it on routers.

Rubens Kuhl Jr.

On Mon, May 13, 2002 at 01:33:34PM -0700, kevin graham wrote:
>
> Was just looking ove the secure ios template again and was wondering
> if
> anyone knows of/has a tool to agggregate ACL's (that bogon list is
longer
> than I'd prefer for managability). Traditional aggregation is no big
deal,
> but toying manually I found a good bit of succecss w/ non-contiguous
> wildcards as well.
>
> My bitmath isn't quite good enough to do these by hand efficiently,
> and
> figured I'd check around before toying with a quick tool myself..
>
> Though all I care about is readability, is there any performance gain
> to
> this, or does it all optimized internally?
>
> ..kg..
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:44 EDT