[nsp] turboACL

Siva Valliappan svalliap at cisco.com
Wed Oct 8 13:59:45 EDT 2003


with the latest 12.3T and 12.2S code releases, the ACL code in IOS has
been optimized so there is fairly small performance difference between using
turbo ACLs and not using turbo ACLs.  this might explain some of what you
are seeing.

the DDTS that integrated this performance enhancements was

CSCdw94681

and it should be in 12.2(18)S and 12.3(2)T.

cheers
.siva

On Tue, 7 Oct 2003, Haesu wrote:

> Thanks to all those who replied. I did activate turboACL and looks like no problems at all.
>
> I can't see any difference in CPU usage, but then again this is NPE-G1, where ever since we got it installed, I haven't seen it go more than 5% cpu usage ever in such a farily small amount traffic being pushed right now.
>
> -hc
>
> --
> Haesu C.
> TowardEX Technologies, Inc.
> Consulting, colocation, web hosting, network design and implementation
> http://www.towardex.com | haesu at towardex.com
> Cell: (978)394-2867     | Office: (978)263-3399 Ext. 170
> Fax: (978)263-0033      | POC: HAESU-ARIN
>
> On Tue, Oct 07, 2003 at 02:58:35PM -0500, Basil Kruglov wrote:
> > On Tue, Oct 07, 2003 at 03:21:49PM -0400, Haesu wrote:
> > > Is anyone here using TurboACL with successful experience? I've read
> > > Cisco.com and ISP Essentials docs about TuroACL and its benefits,etc and I
> > > also did some Google search and found some people where bitten by bugs in
> > > certain IOS versions, etc.. I'd like to know if there is anyone here on
> > > this list who's using turboACL w/o problems, and seeing expected
> > > benefits..
> > >
> > > I'm in need of applying a 57 lines long ACL toward a customer interface on
> > > a 7206VXR/NPE-G1 box, but it doesn't have 'access-list compiled' activated
> > > yet (since I never had a need to put up an access-list that goes beyond 6
> > > lines to be beneficial from turboacl, on that box).
> >
> > I've had quite successful experience running it on VXR/NPE300, it helped *a
> > bit* on long ACLs + during DoS attacks. I don't know about NPE-G1, but with
> > NPE300 there was no significant improvement during high pps attacks (of
> > course this is due to NPE300 architecture). I'm sure your results will vary,
> > NPE-G1 is way faster than NPE300.
> >
> > -Basil @ CIFNet
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list