[nsp] Compiled Access Lists 7500's

[Dmitri Kalintsev]

Then it probably is the thing with changes in ACLs not affecting active
flows. I did see it in the past and our Cisco contact said it did smell like
a bug (but we never pursued the matter any further). ACL changes *should*
flush flows through affected interfaces and start anew. I would open a TAC
case.

On Tue, Jan 07, 2003 at 04:31:28PM -0500, Manolo Hernandez wrote:
> It was a 10 line ACL that when initially added to interface did not
> catch an IP address that we knew was coming in on that interface. We
> have VIP4-80s with 10-12% CPU so I don't think that was the problem. 
> 
> On Tue, 2003-01-07 at 16:52, Dmitri Kalintsev wrote:
> > What do you mean by "take effect"? Every time you change a compiled ACL, all
> > compiled ACLs are recompiled anew, and on 7500 it is done on per-VIP basis,
> > so if you have slow VIPs it may take a while for them to do it for large
> > number of ACL lines.
> > 
> > On Tue, Jan 07, 2003 at 01:47:48PM -0500, Manolo Hernandez wrote:
> > > Is it a known issue that when an Extended access-list that is compiled
> > > is removed and modified for the changes to that ACL to take say 5
> > > minutes to take effect? I had this strange pop on me today and wanted to
> > > know if anyone else had this problem. BTW I am running 12.2.8T5 Service
> > > Provider. 
---end quoted text---

SY,
-- 
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer@irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 8687 5954 fax: 8414 3115
 http://-UNAVAIL-         UIN:7150410    cell: +61 414 821 382