[c-nsp] The maximum number of match packets Cisco Router can detect on ACL at one time.

a. rahman isnaini r.sutan risnaini at indo.net.id
Wed Jul 16 01:31:26 EDT 2008 

Hi charles,

Depends on the engine processor.
Our G1 can handle this, it just the router not shown on the log (we 
saved to a syslog-ng server).


rgs
a. rahman isnaini r.sutan

Church, Charles wrote:
> If the router is subject to enough traffic where thousands of ACL hits
> are happening per second, you DON'T want to have any entries of that ACL
> logging.  It's terrible for performance.
> 
> Chuck
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of a. rahman
> isnaini r.sutan
> Sent: Tuesday, July 15, 2008 10:05 PM
> To: Rodney Dunn
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] The maximum number of match packets Cisco Router
> can detect on ACL at one time.
> 
> 
> Thanks Rodney.
> Other thing, though the ACL matches thousand of hits at once..
> The log couldn't show this (log buffere has been set to 4096 x 2)
> 
> a. rahman isnaini r.sutan
> 
> Rodney Dunn wrote:
>> There is no limit to the number of times the ACL will match and drop.
>>
>> The counter depending on how it's defined in the code may wrap but
>> that should never impact the ACL from matching and
> dropping/permitting.
>> Rodney
>>
>> On Tue, Jul 15, 2008 at 06:08:03PM +0700, a. rahman isnaini r.sutan
> wrote:
>>> Hi,
>>>
>>>
>>> Might be some you have noted once, the maximum value (number) that
> Cisco 
>>> ACL can match let say flooding packets.
>>> Here : deny tcp any any eq 1434 (5732 matches) fro example.
>>> Since I have a problem with 7200 NPE G1, the huge traffic cannot be 
>>> detected & matched by ACL.
>>>
>>> thanks for share if you will.
>>>
>>> a. rahman isnaini r.sutan
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
>

More information about the cisco-nsp mailing list