[c-nsp] Cisco Optimized ACL Logging (OAL)

Sukumar Subburayan (sukumars) sukumars at cisco.com
Tue Jun 24 22:34:47 EDT 2008 

To answer your main questions.

1. Is OAL really going to help me that much?

   There are two benefits of OAL.
    1.  OAL improves performance from traditional logging which is done at process level, by around 10 folks, with processing done at interrupt level.
         So, you probably can expect around 20Kpps (instead of 3-4 Kpps) with CPU around 30-40%.
    2. With OAL logged packet is forwarded in hardware, while the copy is sent for logging purposes only, and consumed by the RP. So, in other words 
        forwarding of the actual packet is done in HW. A copy is sent for logging purposes. Without OAL, the packet is logged & and forwarded in software at
        process level.

2. Any caveats/tradeoffs:
    Since, OAL uses some HW resource on the EARL (PFC/DFC) forwarding engine, if there are other conflicting features, you cannot use it. OAL & VACL capture,
    cannot work together. So, if you need VACL capture, you cannot use OAL.

sukumar

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Nguyen
Sent: Wednesday, June 25, 2008 5:17 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco Optimized ACL Logging (OAL)

Is anyone out there using OAL?  It seems very easy to implement but I’d appreciate any feedback about your experience implementing this.  
 
I have a 6509 with Sup720/MSFC3 and PFC3B and am not yet using OAL.
 
I have about 30 VLANs with low/negligible traffic volume.
I have 4 high volume VLANs with sustained traffic volume of 100Mbps and 30Kpps.
I have another 4 medium volume VLANs with about half that volume of traffic.
I have 130 line ACLs inbound and outbound on 2/4 of the high and 2/4 of the medium volume VLANs with selective logging of particular lines in the ACLs.
 
My CPU is steady at about 18%.
 
I am in the process of adding ACL’s to the remaining high and medium volume VLANs but have halted my deployment because during initial phases where I was doing more logging than normal to try and identify source/destination pairs, my CPU was spiking to 98%!
 
My main questions are:  Is OAL really going to help me that much?  Any caveats/tradeoffs when implementing OAL?  All feedback is greatly appreciated!


      
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list