[c-nsp] NPE G1, CEF and ACLs and high CPU
Łukasz Bromirski
lukasz at bromirski.net
Tue Sep 9 17:55:25 EDT 2008
Łukasz Bromirski wrote:
> Kristian Larsson wrote:
>> I have no clue whether they're actually faster or
>> not at filtering packets.
> They are. Statefully filtering and inspecting packets requires a lot
> of horsepower, and CPUs in ASAs are much beefier than the ones You can
> spot on ISRs or 7200. NAT and CBAC/ZBFW are features hitting CPUs
> in routers a lot.
Uh, sorry, I thought it was 'at firewalling', not 'filtering packets'.
Still, ISRs and 7200 will be slower than ASA 5510 and higher models
with simple packet filtering (stateless that is). For stateful - way
slower.
--
"Don't expect me to cry for all the | Łukasz Bromirski
reasons you had to die" -- Kurt Cobain | http://lukasz.bromirski.net
More information about the cisco-nsp
mailing list