[c-nsp] Switching paths

Rodney Dunn rodunn at cisco.com
Tue Feb 21 08:06:15 EST 2006


On Mon, Feb 20, 2006 at 05:48:09PM -0500, Dave Temkin wrote:
> Got it.
> 
> Not that I doubt you, but do you know any quick links that shows that in a
> document somewhere?  I've been fighting against ACL logging for awhile now
> and this would be the perfect ammo I'd need.

Sorry I'm not aware of one but it's probably referenced deep in some
doc on CCO.

Rodney

> 
> 
> On Mon, 20 Feb 2006, Rodney Dunn wrote:
> 
> > Wrong.
> >
> > If the packet hits the ACE that has the log word on the end it's
> > punted today.
> >
> > Rodney
> >
> > On Mon, Feb 20, 2006 at 05:40:45PM -0500, Dave Temkin wrote:
> > > I was always under the impression that log-input caused traffic to be
> > > punted, but not just "log"...  Wrong?
> > >
> > >
> > > On Mon, 20 Feb 2006, Gert Doering wrote:
> > >
> > > > Hi,
> > > >
> > > > On Mon, Feb 20, 2006 at 09:32:04AM -0500, Rodney Dunn wrote:
> > > > > At around the last release of 12.4T fastswitching will be entirely removed
> > > > > and you will have CEF and process level switching and that's it.
> > > > > Also there will be some improvements to help tell why some packets are
> > > > > punted out of the CEF path.
> > > >
> > > > Cool.
> > > >
> > > > [..]
> > > > > > * ACL's
> > > > > > * ACL's with 'log' as one of the keywords, does this have an impact if the match
> > > > > > is achieved before the log statement?
> > > > >
> > > > > Correct. Do NOT use the log keyword. Use netflow to match on dstif Null0 if
> > > > > you need accounting.
> > > >
> > > > Looking forward to have this really working - right now, I see correctly
> > > > switched packets show up in the netflow tables with "dstif null0"...
> > > > (12.2(18)S and 12.3(something)).
> > > >
> > > > Do more recent netflow versions show things like "was dropped due to
> > > > ACL number 12345"?  Or just "was dropped due to ACL"?
> > > >
> > > > gert
> > > >
> >


More information about the cisco-nsp mailing list