[nsp] 6500 Native IOS ACLs

Clinton Work work@scripty.com
Wed, 13 Nov 2002 13:34:10 -0700 

The 6500 router isn't using uRPF. dCEF is enabled as you can see below.


router#show cef linecard
CEF linecard generic information:
Slot MsgSent   Seq MaxSeq   LowQ   MedQ  HighQ Flags
1    2721838 59860  60075     48      0      0 up

Default-table CEF table, version 7169872, 120231 routes
Slot CEF-ver CEF-XDR Interface Flags
1    7169872 24668944         5 Active, up, sync


router#show mls cef sum
router-sp#
Total CEF switched packets:  0001285646654134
Total CEF switched bytes:    0000946154953777
Total routes:                120239
    IP unicast routes:       120239
    IPX routes:              0
    IP multicast routes:     0

router#show ip cef sum
IP Distributed CEF with switching (Table Version 7169682), flags=0x0
  120239 routes, 0 reresolve, 120 unresolved (94 old, 26 new), peak 116897
  120239 leaves, 8114 nodes, 22887456 bytes, 7143003 inserts, 7022764 invalidations
  321 load sharing elements, 107856 bytes, 120028 references
  universal per-destination load sharing algorithm, id 9078CCCE
  3 CEF resets, 35036 revisions of existing leaves
  Resolution Timer: Exponential (currently 4s, peak 16s)
  26691 in-place/0 aborted modifications
  refcounts:  1853310 leaf, 1677246 node

Adjacency Table has 55 adjacencies



On Wed, Nov 13, 2002 at 04:19:03PM -0200, Rubens Kuhl Jr. wrote:
> 
> Is RPF checking enabled on any interface ? This halves maximum FIB size to
> 112,000 routes... replacing RPF with inbound ACLs removes this limitation.
> Even if it's not your current problem, it will haunt you very soon unless
> you filter a lot of routes and default them.
> 
> 
> Rubens Kuhl Jr.
> 

-- 
=========================================================================
Clinton Work                                        clinton@scripty.com
Calgary, Alberta