[c-nsp] Cisco Optimized ACL Logging (OAL)
Matt Nguyen
thenewmatt at ymail.com
Tue Jun 24 19:47:29 EDT 2008
Is anyone out there using OAL? It seems very easy to implement but I’d appreciate any feedback about your experience implementing this.
I have a 6509 with Sup720/MSFC3 and PFC3B and am not yet using OAL.
I have about 30 VLANs with low/negligible traffic volume.
I have 4 high volume VLANs with sustained traffic volume of 100Mbps and 30Kpps.
I have another 4 medium volume VLANs with about half that volume of traffic.
I have 130 line ACLs inbound and outbound on 2/4 of the high and 2/4 of the medium volume VLANs with selective logging of particular lines in the ACLs.
My CPU is steady at about 18%.
I am in the process of adding ACL’s to the remaining high and medium volume VLANs but have halted my deployment because during initial phases where I was doing more logging than normal to try and identify source/destination pairs, my CPU was spiking to 98%!
My main questions are: Is OAL really going to help me that much? Any caveats/tradeoffs when implementing OAL? All feedback is greatly appreciated!
More information about the cisco-nsp
mailing list