[c-nsp] Switching paths

Dave Temkin dave at ordinaryworld.com
Mon Feb 20 17:48:09 EST 2006


Got it.

Not that I doubt you, but do you know any quick links that shows that in a
document somewhere?  I've been fighting against ACL logging for awhile now
and this would be the perfect ammo I'd need.


On Mon, 20 Feb 2006, Rodney Dunn wrote:

> Wrong.
>
> If the packet hits the ACE that has the log word on the end it's
> punted today.
>
> Rodney
>
> On Mon, Feb 20, 2006 at 05:40:45PM -0500, Dave Temkin wrote:
> > I was always under the impression that log-input caused traffic to be
> > punted, but not just "log"...  Wrong?
> >
> >
> > On Mon, 20 Feb 2006, Gert Doering wrote:
> >
> > > Hi,
> > >
> > > On Mon, Feb 20, 2006 at 09:32:04AM -0500, Rodney Dunn wrote:
> > > > At around the last release of 12.4T fastswitching will be entirely removed
> > > > and you will have CEF and process level switching and that's it.
> > > > Also there will be some improvements to help tell why some packets are
> > > > punted out of the CEF path.
> > >
> > > Cool.
> > >
> > > [..]
> > > > > * ACL's
> > > > > * ACL's with 'log' as one of the keywords, does this have an impact if the match
> > > > > is achieved before the log statement?
> > > >
> > > > Correct. Do NOT use the log keyword. Use netflow to match on dstif Null0 if
> > > > you need accounting.
> > >
> > > Looking forward to have this really working - right now, I see correctly
> > > switched packets show up in the netflow tables with "dstif null0"...
> > > (12.2(18)S and 12.3(something)).
> > >
> > > Do more recent netflow versions show things like "was dropped due to
> > > ACL number 12345"?  Or just "was dropped due to ACL"?
> > >
> > > gert
> > >
>


More information about the cisco-nsp mailing list