[nsp] turboACL

James Galliford JamesG at corp.ptd.net
Wed Oct 8 15:05:46 EDT 2003 

Just an FYI for everyone...  Compiled ACLs seem to be default on the
CMTS10K running 12.2(15)BC1...  If there isn't a significant change, I
wonder why we are not able to choose between either compiled or
non-compiled ACLs?

Siva,

Any thoughts on this?

Thanks.

-----Original Message-----
From: Siva Valliappan [mailto:svalliap at cisco.com] 
Sent: Wednesday, October 08, 2003 2:02 PM
To: Andrew Fort
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] turboACL


inline

On Wed, 8 Oct 2003, Andrew Fort wrote:

> Haesu said the following on 8/10/2003 5:21 AM:
> > Hi,
> >
> > Is anyone here using TurboACL with successful experience? I've read 
> > Cisco.com and ISP Essentials docs about TuroACL and its benefits,etc

> > and I also did some Google search and found some people where bitten

> > by bugs in certain IOS versions, etc.. I'd like to know if there is 
> > anyone here on this list who's using turboACL w/o problems, and 
> > seeing expected benefits.. Thanks! -hc
> >
>
> Yep - No problems here with TurboACLs in 12.2(14)S3 on NPE-400, NSE-1 
> (in NPE-300 mode ;) and NPE-G1.
>
> CPU usage won't drop dramatically, but if you have hits all over the 
> entries in a big ACL, usage will be more predictable (since IIRC, 
> maximum number of lookups to get the ACL decision is reduced to about 
> 5 or 6, rather than $ACL_length).
>
> I did see issues back in some 12.0 and 12.1 mainline and technology 
> preview releases, telltale of the problems is things like
> "%SYS-3-CPUHOG: Task ran for 2148 msec (20/13), Process = TurboACL" in

> your logs.
>

in 12.0 and 12.1, turbo ACL code didn't make use of incremental
compiles. this meant that if you created a large ACL, it would take a
considerable amount of time to compile resulting in the CPUHOG messages
that you saw.  later releases of 12.0S and 12.1E and 12.2T were modified
to make use of incremental compilation (went in maybe 1-2 years ago,
forget when).

cheers
.siva

> -afort
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list