[c-nsp] When are ACLs inserted to TCAM
Lincoln Dale
ltd at cisco.com
Fri Apr 18 00:49:21 EDT 2008
Mark Tinka wrote:
> On Friday 18 April 2008, Lincoln Dale wrote:
>
>
>> obviously the recommendation would ba NAMED ACL every
>> time.
>>
>
> Except for where you can't use them, e.g., NTP access
> groups.
>
right - however things like NTP access groups are clearly a
control-plane (software-based) function anyway so there isn't any real
downside or implication for programming TCAMs in that case.
> But yes, we prefer named access lists as well, if not for
> anything else than their manageability, and use them
> wherever they are supported.
>
an "enhancement" we used for NX-OS is that there is no such thing as a
standard ACL, extended ACL, numbered ACL, named ACL - everything is a
named ACL including what you'd have for NTP.
for legacy reasons, such a change would be hard to retrofit to IOS, but
i bet many folks wish that ACLs had simply been made 'named' initially
way-back-when & then there wouldn't be all these variants & permutations
that exist today.
cheers,
lincoln.
More information about the cisco-nsp
mailing list