svalliap at cisco.com
Wed Oct 8 15:21:42 EDT 2003
compiled ACLs are on by default on the C10K because PXF makes use of
Turbo ACL compilation. it is not default on non-PXF platforms.
On Wed, 8 Oct 2003, James Galliford wrote:
> Just an FYI for everyone... Compiled ACLs seem to be default on the
> CMTS10K running 12.2(15)BC1... If there isn't a significant change, I
> wonder why we are not able to choose between either compiled or
> non-compiled ACLs?
> Any thoughts on this?
> -----Original Message-----
> From: Siva Valliappan [mailto:svalliap at cisco.com]
> Sent: Wednesday, October 08, 2003 2:02 PM
> To: Andrew Fort
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] turboACL
> On Wed, 8 Oct 2003, Andrew Fort wrote:
> > Haesu said the following on 8/10/2003 5:21 AM:
> > > Hi,
> > >
> > > Is anyone here using TurboACL with successful experience? I've read
> > > Cisco.com and ISP Essentials docs about TuroACL and its benefits,etc
> > > and I also did some Google search and found some people where bitten
> > > by bugs in certain IOS versions, etc.. I'd like to know if there is
> > > anyone here on this list who's using turboACL w/o problems, and
> > > seeing expected benefits.. Thanks! -hc
> > >
> > Yep - No problems here with TurboACLs in 12.2(14)S3 on NPE-400, NSE-1
> > (in NPE-300 mode ;) and NPE-G1.
> > CPU usage won't drop dramatically, but if you have hits all over the
> > entries in a big ACL, usage will be more predictable (since IIRC,
> > maximum number of lookups to get the ACL decision is reduced to about
> > 5 or 6, rather than $ACL_length).
> > I did see issues back in some 12.0 and 12.1 mainline and technology
> > preview releases, telltale of the problems is things like
> > "%SYS-3-CPUHOG: Task ran for 2148 msec (20/13), Process = TurboACL" in
> > your logs.
> in 12.0 and 12.1, turbo ACL code didn't make use of incremental
> compiles. this meant that if you created a large ACL, it would take a
> considerable amount of time to compile resulting in the CPUHOG messages
> that you saw. later releases of 12.0S and 12.1E and 12.2T were modified
> to make use of incremental compilation (went in maybe 1-2 years ago,
> forget when).
> > -afort
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp