[c-nsp] FWSM Throughput
Peter Boekelaar
peter at sowieso.net
Sat Feb 18 14:03:03 EST 2012
>> We noticed with 40K + ace entries, changes are becoming rather slow 4, 5 minutes wait before de rules are downloaded to de network processors.
> That's ACE or ACL?
thats ACE
> Either way, that's a very convoluted security policy. Or, the blade is
> in a poor network design.
>
don't think its conv0luted if I can understand it ;-), but yes its a lot
of entries, sum of legacy design, nat, lots of vlans and the neccesity
to protect every vlan from each other.
Plus cisco specs say you can grow to 110K Ace.
--
PeterB
More information about the cisco-nsp
mailing list