[nsp] Compiled Access Lists 7500's

Siva Valliappan svalliap at cisco.com
Wed Jan 8 09:16:47 EST 2003


with the turbo ACL phase II code, we do incremental compiles.  so the
entire list is not compiled when it is first created or when an ACL
is changed.

the packet leak thru' the turbo ACL code sounds like a bad bug.  is
a bug open on it?

cheers
.siva

On Tue, 7 Jan 2003, Manolo Hernandez wrote:

> It was a 10 line ACL that when initially added to interface did not
> catch an IP address that we knew was coming in on that interface. We
> have VIP4-80s with 10-12% CPU so I don't think that was the problem.
>
> On Tue, 2003-01-07 at 16:52, Dmitri Kalintsev wrote:
> > What do you mean by "take effect"? Every time you change a compiled ACL, all
> > compiled ACLs are recompiled anew, and on 7500 it is done on per-VIP basis,
> > so if you have slow VIPs it may take a while for them to do it for large
> > number of ACL lines.
> >
> > On Tue, Jan 07, 2003 at 01:47:48PM -0500, Manolo Hernandez wrote:
> > > Is it a known issue that when an Extended access-list that is compiled
> > > is removed and modified for the changes to that ACL to take say 5
> > > minutes to take effect? I had this strange pop on me today and wanted to
> > > know if anyone else had this problem. BTW I am running 12.2.8T5 Service
> > > Provider.
> > ---end quoted text---
> >
> > SY,
> --
> Manolo Hernandez - Network Administrator
> Dialtone Interland - Extremely Fast Linux Web Servers
> phone://305-717-6650  fax://
> mailto:manolo at dialtone.com  http://www.dialtone.com
> "The only source of knowledge is experience." - A. Einstein
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list