[c-nsp] ODM Merge
Rubens Kuhl Jr.
rubensk at gmail.com
Tue Feb 7 10:15:38 EST 2006
> I was recently advised by our Cisco support eng. to move to ODM algorithm.
Which is a good advice.
> Besides the fact that I have to run :
>
> mls aclmerge algorithm bdd
Don't you mean "mls aclmerge algorithm odm" ? "bdd" is what you are using now.
> mls aclmerge odm optimizations
> what else can be involved?
Looking at syslog and using the "show fm feature" command to see if
all ACLs are been hardware processed are good things to do.
> Is this algorithm conversion a lengthy and/or disruptive proccess?
It's as disruptive as removing all ACLs and applying them again.
You'll see a 100% CPU spike for a 30s to some min period. That may or
may not impact dynamic routing protocols and/or spanning tree.
It would be less disruptive to compile one ACL at a time, but that
might create a security exposure. If you can live with that, remove
all ACLs from all IP interfaces, change the merge algorithm, and
reapply one at a time.
Rubens
More information about the cisco-nsp
mailing list