[nsp] turboACL
Siva Valliappan
svalliap at cisco.com
Wed Oct 8 14:02:19 EDT 2003
inline
On Wed, 8 Oct 2003, Andrew Fort wrote:
> Haesu said the following on 8/10/2003 5:21 AM:
> > Hi,
> >
> > Is anyone here using TurboACL with successful experience? I've read Cisco.com and ISP Essentials docs about TuroACL and its benefits,etc and I also did some Google search and found some people where bitten by bugs in certain IOS versions, etc.. I'd like to know if there is anyone here on this list who's using turboACL w/o problems, and seeing expected benefits..
> > Thanks!
> > -hc
> >
>
> Yep - No problems here with TurboACLs in 12.2(14)S3 on NPE-400, NSE-1
> (in NPE-300 mode ;) and NPE-G1.
>
> CPU usage won't drop dramatically, but if you have hits all over the
> entries in a big ACL, usage will be more predictable (since IIRC,
> maximum number of lookups to get the ACL decision is reduced to about 5
> or 6, rather than $ACL_length).
>
> I did see issues back in some 12.0 and 12.1 mainline and technology
> preview releases, telltale of the problems is things like
> "%SYS-3-CPUHOG: Task ran for 2148 msec (20/13), Process = TurboACL" in
> your logs.
>
in 12.0 and 12.1, turbo ACL code didn't make use of incremental compiles.
this meant that if you created a large ACL, it would take a considerable
amount of time to compile resulting in the CPUHOG messages that you
saw. later releases of 12.0S and 12.1E and 12.2T were modified to
make use of incremental compilation (went in maybe 1-2 years ago, forget
when).
cheers
.siva
> -afort
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list