[c-nsp] PIX 525 compiled vs non-compiled ACLs.
Adrian Chung
adrian at enfusion-group.com
Wed Feb 25 15:20:14 EST 2009
Anyone have any idea of the performance impact (both latency and CPU wise)
if we were to move from turbo/compiled ACLs to non-compiled?
The outside ACL has about 15555 entries in it currently, and takes about 3-4
minutes to compile. We¹re suffering from packet loss and performance
problems as well during this compilation.
The CPU usage is averaging about 15% with 75Mbps of traffic aggregated.
Running 6.3.5(142) or some interim release.
I understand acesss-list search time for the initial packet in a new flow
might be exposed to longer latency, but is there also expected to be a huge
CPU impact just from disabling turbo/compiled ACLs?
--
Adrian Chung (adrian @ enfusion-group dot com)
http://www.enfusion-group.com/~adrian/
More information about the cisco-nsp
mailing list