[c-nsp] The maximum number of match packets Cisco Router can detect on ACL at one time.
Church, Charles
cchurc05 at harris.com
Tue Jul 15 22:42:22 EDT 2008
If the router is subject to enough traffic where thousands of ACL hits
are happening per second, you DON'T want to have any entries of that ACL
logging. It's terrible for performance.
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of a. rahman
isnaini r.sutan
Sent: Tuesday, July 15, 2008 10:05 PM
To: Rodney Dunn
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] The maximum number of match packets Cisco Router
can detect on ACL at one time.
Thanks Rodney.
Other thing, though the ACL matches thousand of hits at once..
The log couldn't show this (log buffere has been set to 4096 x 2)
a. rahman isnaini r.sutan
Rodney Dunn wrote:
> There is no limit to the number of times the ACL will match and drop.
>
> The counter depending on how it's defined in the code may wrap but
> that should never impact the ACL from matching and
dropping/permitting.
>
> Rodney
>
> On Tue, Jul 15, 2008 at 06:08:03PM +0700, a. rahman isnaini r.sutan
wrote:
>> Hi,
>>
>>
>> Might be some you have noted once, the maximum value (number) that
Cisco
>> ACL can match let say flooding packets.
>> Here : deny tcp any any eq 1434 (5732 matches) fro example.
>> Since I have a problem with 7200 NPE G1, the huge traffic cannot be
>> detected & matched by ACL.
>>
>> thanks for share if you will.
>>
>> a. rahman isnaini r.sutan
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list