[c-nsp] how ACLs affect the processing of a Cisco 7200 NPE-G2
Andrew Miehs
andrew at 2sheds.de
Thu Nov 8 21:08:44 EST 2012
On Fri, Nov 9, 2012 at 10:34 AM, Ali Sumsam <ali+cisconsp at eintellego.net>wrote:
> Hi All,
> My question is how ACLs affect the processing of a Cisco 7200 NPE-G2.
>
> 1. Does it matter if I have a long list of ACL statements, or it is as
> CPU-consuming as 1 statement?
> 2. Is CPU processing is on a per-interface basis. For example, if I have
> one interface with ACL and another without ACL. Is it going to be the same
> in terms of CPU utilization?
>
Ali,
You said your box was at 60% CPU at peak. Although not great - I have seen
worse.
Have you even LOOKED at your process table to work out which process it is?
Are you seeing packet drops on interfaces? You are obviously using ACLs.
Why? Can't you just remove them?
Do you have other interfaces in the box other than the Gig ports on the
"supervisor"?
Why do you think you have problems - because it doesn't sound as if CPU is
your only issue.
More information about the cisco-nsp
mailing list