[c-nsp] TurboACL on Cisco 12000

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Dec 15 12:35:06 EST 2005 

Chen, Qinxue <> wrote on Thursday, December 15, 2005 6:27 PM:

> how to excute the commands on the linecard? We have IOS 12.0(27)S5.

execute-on slot <n> show access-list compiled 
  or
execute-on all show access-list compiled

	oli

> 
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: Thursday, December 15, 2005 8:19 AM
> To: Chen, Qinxue; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] TurboACL on Cisco 12000
> 
> 
> Chen, Qinxue <> wrote on Thursday, December 15, 2005 4:14 PM:
> 
>> It showed "operational." But the same ACL has been applied to
>> different line cards. How can we tell if it's working on each card?
> 
> Just execute this command on all linecards..
> 
>> We know one line card doesn't have enough memory, but the others have
>> plenty.  The memory Malloc errors started about twice a day on the
>> line card with low memory while TurboACL tried to optimize. By the
>> way, all our line cards are Engine-1 cards and they don't support
>> hardware ACL.
> 
> Well, depends.. check
> http://www.cisco.com/warp/public/63/acl_12000.html (access-list
> hardware salsa).. The Salsa chip has limited ACL support.. 
> 
> 	oli
> 
>> -----Original Message-----
>> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
>> Sent: Wednesday, December 14, 2005 8:32 PM
>> To: Chen, Qinxue; cisco-nsp at puck.nether.net
>> Subject: RE: [c-nsp] TurboACL on Cisco 12000
>> 
>> 
>> Chen, Qinxue <> wrote on Wednesday, December 14, 2005 8:21 PM:
>> 
>>> Hi,
>>> 
>>> Do you know the consequences when TurboACL failed to dynamically
>>> allocate enough memory on the line card for the ACL lookup table?
>>> Would it fail over to linear search the ACL entries or just fail to
>>> process the ACL entries in general? Thanks
>> 
>> you can check the current status by issuing "show access-list
>> compiled" on the linecard. When it says "operational", we still
>> perform Turbo-ACL, otherwise we do linear search. We can do
>> Turbo-ACL lookup for some ACLs and linear for others..
>> It also depends on the type of LC engine as Turbo-ACLs only work in
>> the slow-path on the LC-CPU, so all hw-based LCs with ACL support
>> (essentially E1 and higher) will processes the ACLs in hardware.
>> 
>> When do you see the Malloc failure? When you initially configure the
>> ACLs or enable Turbo-ACL, or when Turbo-ACL tries to optimize it
>> later? 
>> 
>> 	oli
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list