[c-nsp] TurboACL on Cisco 12000

Chen, Qinxue QChen at corp.untd.com
Thu Dec 15 10:13:55 EST 2005


It showed "operational." But the same ACL has been applied to different line cards. How can we tell if it's working on each card? We know one line card doesn't have enough memory, but the others have plenty.  The memory Malloc errors started about twice a day on the line card with low memory while TurboACL tried to optimize. By the way, all our line cards are Engine-1 cards and they don't support hardware ACL.

-Qinxue

-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
Sent: Wednesday, December 14, 2005 8:32 PM
To: Chen, Qinxue; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] TurboACL on Cisco 12000


Chen, Qinxue <> wrote on Wednesday, December 14, 2005 8:21 PM:

> Hi,
> 
> Do you know the consequences when TurboACL failed to dynamically
> allocate enough memory on the line card for the ACL lookup table?
> Would it fail over to linear search the ACL entries or just fail to
> process the ACL entries in general? Thanks   

you can check the current status by issuing "show access-list compiled"
on the linecard. When it says "operational", we still perform Turbo-ACL,
otherwise we do linear search. We can do Turbo-ACL lookup for some ACLs
and linear for others..
It also depends on the type of LC engine as Turbo-ACLs only work in the
slow-path on the LC-CPU, so all hw-based LCs with ACL support
(essentially E1 and higher) will processes the ACLs in hardware.

When do you see the Malloc failure? When you initially configure the
ACLs or enable Turbo-ACL, or when Turbo-ACL tries to optimize it later?

	oli



More information about the cisco-nsp mailing list