[c-nsp] ODM Merge

Rubens Kuhl Jr. rubensk at gmail.com
Tue Feb 7 10:15:38 EST 2006

> I was recently advised by our Cisco support eng. to move to ODM algorithm.

Which is a good advice.

> Besides the fact that I have to run :
> mls aclmerge algorithm bdd

Don't you mean "mls aclmerge algorithm odm" ? "bdd" is what you are using now.

> mls aclmerge odm optimizations

> what else can be involved?

Looking at syslog and using the "show fm feature" command to see if
all ACLs are been hardware processed are good things to do.

> Is this algorithm conversion a lengthy and/or disruptive proccess?

It's as disruptive as removing all ACLs and applying them again.
You'll see a 100% CPU spike for a 30s to some min period. That may or
may not impact dynamic routing protocols and/or spanning tree.

It would be less disruptive to compile one ACL at a time, but that
might create a security exposure. If you can live with that, remove
all ACLs from all IP interfaces, change the merge algorithm, and
reapply one at a time.


More information about the cisco-nsp mailing list