[nsp] turboACL
Andrew Fort
afort at choqolat.org
Tue Oct 7 18:39:22 EDT 2003
Haesu said the following on 8/10/2003 5:21 AM:
> Hi,
>
> Is anyone here using TurboACL with successful experience? I've read Cisco.com and ISP Essentials docs about TuroACL and its benefits,etc and I also did some Google search and found some people where bitten by bugs in certain IOS versions, etc.. I'd like to know if there is anyone here on this list who's using turboACL w/o problems, and seeing expected benefits..
> Thanks!
> -hc
>
Yep - No problems here with TurboACLs in 12.2(14)S3 on NPE-400, NSE-1
(in NPE-300 mode ;) and NPE-G1.
CPU usage won't drop dramatically, but if you have hits all over the
entries in a big ACL, usage will be more predictable (since IIRC,
maximum number of lookups to get the ACL decision is reduced to about 5
or 6, rather than $ACL_length).
I did see issues back in some 12.0 and 12.1 mainline and technology
preview releases, telltale of the problems is things like
"%SYS-3-CPUHOG: Task ran for 2148 msec (20/13), Process = TurboACL" in
your logs.
-afort
More information about the cisco-nsp
mailing list