[c-nsp] TurboACL on Cisco 12000

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Dec 15 11:18:35 EST 2005


Chen, Qinxue <> wrote on Thursday, December 15, 2005 4:14 PM:

> It showed "operational." But the same ACL has been applied to
> different line cards. How can we tell if it's working on each card?

Just execute this command on all linecards.. 

> We know one line card doesn't have enough memory, but the others have
> plenty.  The memory Malloc errors started about twice a day on the
> line card with low memory while TurboACL tried to optimize. By the
> way, all our line cards are Engine-1 cards and they don't support
> hardware ACL.      

Well, depends.. check http://www.cisco.com/warp/public/63/acl_12000.html
(access-list hardware salsa).. The Salsa chip has limited ACL support..

	oli

> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: Wednesday, December 14, 2005 8:32 PM
> To: Chen, Qinxue; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] TurboACL on Cisco 12000
> 
> 
> Chen, Qinxue <> wrote on Wednesday, December 14, 2005 8:21 PM:
> 
>> Hi,
>> 
>> Do you know the consequences when TurboACL failed to dynamically
>> allocate enough memory on the line card for the ACL lookup table?
>> Would it fail over to linear search the ACL entries or just fail to
>> process the ACL entries in general? Thanks
> 
> you can check the current status by issuing "show access-list
> compiled" 
> on the linecard. When it says "operational", we still perform
> Turbo-ACL, 
> otherwise we do linear search. We can do Turbo-ACL lookup for some
> ACLs 
> and linear for others..
> It also depends on the type of LC engine as Turbo-ACLs only work in
> the 
> slow-path on the LC-CPU, so all hw-based LCs with ACL support
> (essentially E1 and higher) will processes the ACLs in hardware.
> 
> When do you see the Malloc failure? When you initially configure the
> ACLs or enable Turbo-ACL, or when Turbo-ACL tries to optimize it
> later? 
> 
> 	oli
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list